joeruelle on Nostr: Nostr hasn't had a "famous fail" yet. But it will. Picture someone well-known on ...
Nostr hasn't had a "famous fail" yet. But it will. Picture someone well-known on Nostr, maybe an existing Nostr personality, maybe a famous person who has wandered over and built a good following. A client has weak security. This well-known personality pastes in their Nsec, a hacker lurking in the client by some means grabs it.
The hacker then starts posting troll content from the personality's account. Both the personality and the hacker have access, neither can lock the other out, so it's likely going to be pretty Benny Hill for a little while at least. The personality now has to start from scratch in full public view, and might be be hard to watch. Certain niche tech media will have fun covering it.
Like I said this kind of thing will happen and when it does Nostr as a whole will need to use the event to point out that nsec hygiene is critical. That'll be helped if nsec copy-paste login has been widely deprecated. At any rate everyone will be suddenly pretty freaked out about their own accounts.
Also remember that is someone has your nsec you could never know about it, for years even. They're popping in now and again to have a look at your NIP-60 wallet, waiting for the balance to grow.
The hacker then starts posting troll content from the personality's account. Both the personality and the hacker have access, neither can lock the other out, so it's likely going to be pretty Benny Hill for a little while at least. The personality now has to start from scratch in full public view, and might be be hard to watch. Certain niche tech media will have fun covering it.
Like I said this kind of thing will happen and when it does Nostr as a whole will need to use the event to point out that nsec hygiene is critical. That'll be helped if nsec copy-paste login has been widely deprecated. At any rate everyone will be suddenly pretty freaked out about their own accounts.
Also remember that is someone has your nsec you could never know about it, for years even. They're popping in now and again to have a look at your NIP-60 wallet, waiting for the balance to grow.