The thing is that, under the regular Nostr protocol, you can...

d1a61498f4b1dc26...

npub16xnpfx85k8wzdhctang6860g3u64lds5kac73ddjwlg0lxdg9g3su56z6l

hex

f52a6417a958529ed329e657fb9710aa2ac8f1566bc0379e30dbcb568ec0e42c

nevent

nevent1qqs022nyz754s5576v57v4lmjug252kg79txhsphnccdhj6k3mqwgtqprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsdrfs5nr6trhpxmu97e5dra85g7d2lkc2twu0gkke8058lnx5z5gcqgcg8m

Kind-1 (TextNote)

2026-03-16T14:50:24Z

↳ Reply to Event not found

2d6275cab1559cb66138728cbb4d4e4fc502ec5975ade3658b5adcdedbed8688...

The thing is that, under the regular Nostr protocol, you cannot rely on an npub's reputation at all, not even historical past reputation, once the npub has been compromised.

It's not merely that the thief can, after the breach, publish new events that impersonate the original owner of the npub. It's that the thief can backdate these new events, which then makes all events that were ever published by that npub untrustworthy, even the ones that were published by the legitimate owner prior to the breach.

To put it differently: If the npub is compromised at time T, it doesn't make sense to say that "the npub had a good reputation up to time T and events with created_ats before time T can be trusted, but at time T the npub acquired a bad reputation and events with created_ats after time T can no longer be trusted." Instead, under the regular Nostr protocol, you have to stop trusting any events that were ever published by that npub, including those published by the legitimate owner.

Raw JSON

{
  "kind": 1,
  "id": "f52a6417a958529ed329e657fb9710aa2ac8f1566bc0379e30dbcb568ec0e42c",
  "pubkey": "d1a61498f4b1dc26df0becd1a3e9e88f355fb614b771e8b5b277d0ff99a82a23",
  "created_at": 1773672624,
  "tags": [
    [
      "e",
      "de37b818aa3a65b544c60e43169f3019901ab0ed454ad13a438004cad0da53bc",
      "wss://relay.getsafebox.app/",
      "root",
      "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
    ],
    [
      "e",
      "2d6275cab1559cb66138728cbb4d4e4fc502ec5975ade3658b5adcdedbed8688",
      "wss://espelho.girino.org/",
      "reply",
      "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
    ],
    [
      "p",
      "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
    ]
  ],
  "content": "The thing is that, under the regular Nostr protocol, you cannot rely on an npub's reputation at all, not even historical past reputation, once the npub has been compromised.\n\nIt's not merely that the thief can, after the breach, publish new events that impersonate the original owner of the npub. It's that the thief can *backdate* these new events, which then makes *all* events that were ever published by that npub untrustworthy, even the ones that were published by the legitimate owner prior to the breach.\n\nTo put it differently: If the npub is compromised at time T, it doesn't make sense to say that \"the npub had a good reputation up to time T and events with created_ats before time T can be trusted, but at time T the npub acquired a bad reputation and events with created_ats after time T can no longer be trusted.\" Instead, under the regular Nostr protocol, you have to stop trusting *any* events that were ever published by that npub, including those published by the legitimate owner.",
  "sig": "13d3a47a9d9fdc7a52303f5e08b029e8f0638cc85d15ecd4ecfab4a54c543109928129ff6bc02f7d106ba7082bcfe2437e3225ca0d898d7007ae3896b02cfbb0"
}