mplorentz
Matt Lorentz

While I put the finishing touches on Horcrux I'm starting to contribute to Flotilla, and one of my goals is to get Discord-style voice channels added before their age-verification policies go into effect. If you are a user of Discord voice channels, what's one thing you would change about them?
I've always been interested in Discord voice channels because they are a rare combination of ephemeral, porous, serendipitous social space on the internet. Most of our internet communication happens in low-bandwidth, structured spaces where the contents are saved permanently. So in that sense Discord voice channels share more in common with IRL spaces than something like microblogging.
If you're a user of voice channels or otherwise would like to give input on them, I'd love to interview you. And if you'd like to be an early tester or to collaborate on the implementation please reply here or send me a DM!

2026-02-11 13:18:36 UTC

- reply

Any plans for voice channels to court Discord users specifically?

2026-01-10 18:00:15 UTC

Maybe we should start a club. There must be at least three of us!
#note157y…kg6y

2026-01-06 15:02:32 UTC

Playing ambient audio to keep your Nostr signer alive on iOS is hilarious and definitely against Apple's rules, but I love it. More power to you 😂
#nevent1q…t5pj

2026-01-03 23:09:50 UTC

- reply

Flutter. I gave it a shot so we’ll see.

2026-01-03 18:49:54 UTC

If I vibe code my own workout app will I actually work out or no? 👍 / 👎

2025-12-18 18:36:03 UTC

Ok hodlbod has been COOKING on his frost signer thing with email login. I just got a demo from him and it has me more excited about Nostr than I have been in a long time.
- users can sign into Nostr apps via email (or someday any other identity system they like. Phone? Facebook? snail mail? Āhau?) but behind the scenes they still have a private key
- no server or company ever needs a full copy of their private key
- at any point they can extract their Nostr key from the system to use another one (like a bunker, hardware signer, or just a different group of signing servers, etc.)
The big problem with Nostr onboarding is that people need to put in a significant amount of work to understand and manage keys before they even get a chance to get any value out of the software. But pomade enables someone to join without thinking about keys, *and later* start caring and still be able to take full custody of their key. It is the second part that nobody has really done before, on Nostr or anywhere else that I know of. It's not bulletproof, but it combines all the best tech we have to balance ease-of-use, security, and user control.

2025-12-17 23:28:22 UTC

- reply

👍 I like to call it an ecosystem.

2025-12-17 23:27:10 UTC

- reply

Who is “we”? Are you anonymous?

2025-12-15 23:20:23 UTC

- reply

Because it’s slower than Chrome and Safari.

2025-12-15 21:35:25 UTC

@npub1jlr…ynqn I think at some point I heard you say you get a summary of recent Nostr events every day. Is that from a DVM? Have you written about this somewhere? I would like to try something similar.

2025-12-15 18:39:09 UTC

I wrote up some instructions for running a promenade signer, if that's something that interests you. Promenade creates a cluster of servers that cooperatively sign of Nostr events without any of them knowing your Nostr secret key. Bleeding edge identity tech. Join us! #naddr1qv…t2nc

2025-12-15 18:31:00 UTC

- reply

bug: it doesn't work in Firefox

2025-12-09 22:04:18 UTC

Happy horrible software vulnerability day everyone https://react2shell.com/

2025-12-08 23:24:01 UTC

- reply

This would require an overhaul of clients and any relays that use wot, auth, or similar features, correct?

2025-11-26 19:36:40 UTC

I just posted a project update video for Keydex that shows the current features and future plans. Plus an announcement that I'm renaming the project from Keydex to Horcrux! Check it out: https://tube.tchncs.de/w/oyxzSzhocB3k6BNbVTdU7d

2025-11-24 20:11:26 UTC

I'm so excited that Satellite is back. It's always had my favorite design of any Nostr app.
#nevent1q…328t

2025-11-24 19:58:29 UTC

- reply

nerd

2025-11-24 19:51:33 UTC

- reply

hah, linking to 20 lines of source code for a feature as complex as search is such a flex 💪

2025-11-19 17:54:05 UTC

I've been quiet lately but I've just been very heads down trying to get Keydex ready for it's first alpha usability test, which I'm about to head to right now! I'll try to post a project update this week, as I passed the halfway point on my (relatively tight) 4 month timeline recently.

2025-11-07 22:02:17 UTC

I just did a weird thing with gift wraps in Keydex and I want to make sure it's not dumb. I'm having a bug where lockboxes are showing back up on the devices of key holders after they have been removed. Like this:
1. Alice invites Bob to be a key holder for their lockbox
2. Bob accepts
3. Alice publishes a shard of the lockbox data for Bob to download, gift wrapped and addressed to Bob.
4. Bob changes their mind and deletes the lockbox from their device.
5. Later when Bob reopens the app it downloads the shard event again and recreates the lockbox.
Of course I could maintain some local state about what has been deleted, but it would be better to just nuke the shard from the relay. We could ask the original publisher to do it, but we can't guarantee they are online. So what if we just include the ephemeral key used to gift wrap the shard in the seal? Now Bob can publish a NIP-09 deletion request to delete the shard.
I could see this being useful in other places too. For instance you could have a type of direct message that gets deleted from relays as soon as it is downloaded by the recipient.

2025-10-23 20:54:08 UTC

- reply

Yeah I haven't used it much in the past couple weeks. I've been in more of a refactoring mode and have just been doing one-off prompts or using Cursor's plan mode for that. I would like to get back and try it on some more tightly scoped features though.
I should circle back to Claude code at some point but viewing and accepting changes with the Cursor diff viewer is just so ingrained in my workflow now, I think I would miss it a lot.

2025-10-23 20:51:28 UTC

- reply

I guess what I am dreaming of is not really NIP-87 exactly. It's more like NIP-29 plus encryption minus the assumption that the policy engine for the group is running at a particular DNS name. If you decouple the policy engine from the relay/DNS now you can innovate on that separately and create some really sweet trust structures, or not and just keep your group on a single relay.

2025-10-23 20:48:14 UTC

- reply

It seems to me like a rogue relay owner in a NIP-29 group is just as disastrous as a rogue group admin NIP-87?
And this isn't in NIP-87 but I don't see any reason you couldn't use FROSTR threshold signatures to publish events from the admin key. In this way a few admins could hold shards or you could even distribute a shard to every group member and have clients collaborate to approve membership changes or other policy changes?

2025-10-23 20:39:52 UTC

- reply

Oh I never thought about this. Yeah you wouldn't be able to filter content by tag or author because everything is gift wrapped? Is that how this worked in Coracle groups @npub1jlr…ynqn?
It seems like spam wouldn't be too much of a problem though. Because all messages are giftwrapped with the shared key the relay can easily tell if a person is a valid member of a group or not by checking the pubkey and signature right? I suppose you would hit rate limits sooner with the shared key on a public relay, but I guess I'm assuming serious groups will have some kind of relationship with their main relays, paid or otherwise.

2025-10-23 20:34:46 UTC

- reply

You wouldn't have to trust them not to accidentally leak messages to the wrong people but they would still need the encryption key in order to service membership changes right? I supposed you could use one encryption key for membership changes and another for content? 🤔

2025-10-03 18:32:31 UTC

Keydex is going to be the first Nostr app I'm aware of that uses relays exclusively to relay data from one peer's device to another, not for long-term data storage. I'm going to use NIP-40 expiration tags on all events so that they only live on the relay for a few days, which makes Keydex closer to a peer-to-peer application that uses Nostr as the transport (and identity) layer.

2025-09-29 16:04:11 UTC

- reply

Hm, should clients add an nsec field during bunker setup? Not for you to put your real nsec into, but rather one that you know is allowed to post to your relay. Then if the client becomes adversarial the worst they can do is post spam to your relay, which they can probably already do once they have remote signer permissions.
This is overbuilt but maybe there is a simpler solution inside. Maybe the bunker URL you paste initially should just include an nsec for the client to use?

2025-09-29 15:53:35 UTC

- reply

oh interesting, I wonder if I've been hitting these rate limits and that's why I have so much trouble with signers.
I also have my own relay but I only allow events from my own pubkey to be published there. 🤔 So I could point clients to my own relay for NIP-46 messages but there's no easy way to add every client key to my allowlist... I guess I am running `nak bunker` on the same machine as my relay. Maybe I could jerry-rig some communication between nak and my relay config? Sounds fragile though.

2025-09-24 21:05:25 UTC

Day 2 using Github's spec-kit for development did not go as well. The AI and I got lost trying to write reams of overly generic TDD test stubs. It felt like the AI couldn't really get a clear picture from just the spec requirements what it should be testing before the actual implementation code was written.
So today I changed course and changed my constitution (the like underlying spec doc for the repo) to use an outside-in development approach instead of TDD and we made a lot of progress. I also got a new playwright MCP set up for browser automation and it's working a lot better than the last one I had. After some considerable setup the LLM was generally able to run the app in the web browser and click around to test its own changes.

2025-09-24 20:56:14 UTC

- reply

I have not :(

2025-09-24 19:44:59 UTC

"any kind of decentralized, democratic or liberal political structure thrives best when defense is easy, and suffers the most challenge when defense is hard - in those cases, the far more likely outcome is some period of war of all against all, and eventually an equilibrium of rule by the strongest."
A good (but long) blog post on focusing our collective efforts on developing defensive technologies to slant the future away from dystopia.
https://vitalik.eth.limo/general/2025/01/05/dacc2.html
Thanks @npub1yl8…vz34 for the link!

2025-09-24 14:12:21 UTC

@npub1g2j…yjj6 what tool are you using to cross post across Nostr, scuttlebutt, Mastodon, etc.? I have been using OpenVibe but it has been really buggy lately.

2025-09-23 13:22:27 UTC

- reply

it's fixed for me now

2025-09-22 21:59:21 UTC

The official word is "no" 😢 (from telegram)
#nevent1q…g9q2

2025-09-22 20:13:58 UTC

@npub1u92…hr58 @npub12hc…rdp4 @npub1v0l…qj49 not sure where to report this but I am getting this error at https://zap.stream/nogood :(
Unexpected Application Error!
error loading dynamically imported module: https://zap.stream/assets/markdown-D8ImU_5Q.js

2025-09-22 18:43:23 UTC

Spent a couple hours setting up the Keydex repo with Github spec-kit. No code yet but I have 1000 lines of markdown to show for it 🤷‍♂️ https://github.com/mplorentz/keydex

2025-09-22 17:26:00 UTC

I'm back in the code editor for the first time in a few weeks. It feels good 😊
Trying out Github's spec-kit tool for spec-driven development with AI: https://github.com/github/spec-kit?tab=readme-ov-file#-core-philosophy

2025-09-18 18:37:45 UTC

- reply

what do you mean?

2025-09-18 18:37:38 UTC

- reply

Please flame me @npub180c…h6w6

2025-09-18 17:16:31 UTC

Sharing some wireframes I made for Keydex here, mostly because @npub1000…vwqk asked to see them but I figured why not share them publicly.
They have a watermark because I am using the trial version of the design software 😬
https://blossom.lorentz.is/938d7eabe684ee5a529f7a7d78feee31f0259d6ed674601baa4ba04cb3fa50e5.pdf
Thanks for the feedback on these @npub1jlr…ynqn, @npub1000…vwqk, and @npub1jr8…wwnw!

2025-09-17 20:32:15 UTC

I’ve been noodling on my OpenSats projects and one thing I wanted to hear people’s thoughts on is the idea of lightly encrypted groups vs. relay-based groups. And by lightly encrypted I mean that all group data is encrypted with a shared key that gets rotated, but without end-to-end encryption, forward secrecy, post-compromise security, and all the fancy stuff you get with MLS. Basically the unmerged NIP-87 (https://github.com/nostr-protocol/nips/pull/875/files?short_path=ed261ea#diff-ed261eac15a3dc7dbd825342a3e89dc960824a52afd2dd032f30876fbfb25698)
I know this idea has been discussed a lot, and I have been pretty convinced that NIP-29 made the most sense for the most groups. I also know MLS groups are in the works, but they have a lot of downsides. So a few things over the past month are making me reconsider.
The main one was talking to @npub1vjh…ejkd from @npub1j4g…fuu4 who makes a good argument that groups should be a first class citizen on Nostr. This would enable groups of groups and potentially other innovations like putting the group master key in a FROSTR cluster. It also helps enable forkable groups and groups migrating between relays / sets of governing rules. (Great article from SocialRoots about their full vision https://www.socialroots.io/intimacy-gradients-the-key-to-fixing-our-broken-social-media-landscape/)
Another factor is that people keep asking me if groups are going to be encrypted in my new client and I don’t like saying no to that 😅. Even though I think the confidentiality guarantees of NIP-29 are good enough for most groups - that’s not what people want to hear. I used to think that getting a bunch of Nostr clients to all implement key rotation the same way was too much to ask, and I still think MLS is overkill for medium to large groups. But if you allow some privileged software to run with some kind of group admin key to do the rotation (an allowance that NIP-29 already makes) then it hugely simplifies the complexity for client developers and now you can say the magic word ✨encryption✨.
I also feel like I missed out a bit on the debate between these when it happened. What do you think?

2025-09-17 20:15:50 UTC

Today I discovered https://frame0.app for making quick wireframes. I used to love Balsamiq but the desktop app has been discontinued.
If you've never worked with this type of barebones wireframe before they are so valuable for getting feedback on high level UX without digressing into discussions about the size and colors and exact placement of things. When people see the handwritten font their brain switches into a different mode.

2025-09-15 18:18:43 UTC

I've finished my first round of interviews for Keydex and they were so enlightening. I'm so addicted to user interviews now, I don't understand how I made so much software without them.
The top insight from this round was clarifying the different use cases for Shamir's Secret Sharing. Here's what I came up with:
- inheritance planning
- corporate secret management for ultra-sensitive values i.e. root passwords
- border crossings
- web3/crypto/Nostr key backup
The most interest by far was in the inheritance planning use case. People have some digital stuff they want to pass on, but don't want it sitting in plaintext in the hands of (generally very normie) friends and family. Keydex will work for all cases listed above but I'm going to keep the inheritance use-case top of mind while developing. Which already invalidates some of the design work I did last week. I was going to make a fun retro/gamey UI, but now I'm going to shift towards something more calm and reliable.

2025-09-11 17:47:59 UTC

- reply

Are you selling these?

2025-09-10 20:21:47 UTC

- reply

Ah, I am remembering the iOS version where the extension wasn’t an option. I didn’t realize you could log in on nstart! I thought it was a very opinionated choice to push everyone to bunkers.
And I’ve been meaning to ask: do you keep your key in a bunker? And if so, which one are you using?

2025-09-09 18:29:58 UTC

I'm looking for folks to interview for the new app I'm working on. If you've ever needed to back up some sensitive data (passwords, crypto wallet key, "legacy planning" docs) but didn't just want to print it out and hide it then I'd love to talk to you. Just let me know here and I'll be in touch: https://formstr.app/i/keydex

2025-09-09 14:45:17 UTC

- reply

I was mostly just browsing for inspiration, but if you want to explore anything together I am starting the above app greenfield and it's a relatively small project. Definitely could be fun!

2025-09-09 14:15:58 UTC

Apple is announcing the new iPhones later today. No foldable phones this year though :( Probably will be a boring year in the hardware department. It will be interesting to hear how they talk about the flop that is Apple Intelligence. I found this video inspiring recently. This guy cut up an Android phone and made it foldable with a hardware keyboard. https://youtu.be/qy_9w_c2ub0
Speaking of hardware, has anyone tried the Minimal Phone? I move a little closer to an Android switch every year, at some point I will try it I think. https://minimalcompany.com/collections/frontpage/products/minimal-phone?variant=49438236246318

2025-09-09 13:43:37 UTC

- reply

@npub12hc…rdp4 have you ever sketched out any software designs based on the NoGood aesthetic?

2025-09-09 13:39:35 UTC

- reply

Ah makes sense. I guess the hard "outbox model" problem I was thinking of was building an infinite feed from some list of pubkeys.

2025-09-09 13:34:15 UTC

- reply

Yes! But before it was the only way to log in, right?

2025-09-08 21:33:59 UTC

@npub1nst…rg5l are you still planning for another Nostr gathering this year?

2025-09-08 17:39:12 UTC

- reply

Bless you for removing the bunker url requirement 😮‍💨

2025-09-08 16:55:16 UTC

- reply

I don't understand the question. "auth-required from "OK" responses"? Isn't AUTH sent in response to a client's REQ? Are you sending AUTH and OK in the same response?

2025-09-08 16:50:28 UTC

- reply

Very cool. Is this the first time you have implemented the outbox model yourself?

2025-09-08 16:48:50 UTC

Today I'm workshopping a name for my social key backup tool. (It will allow you to encrypt some data, passwords, nostr key, crypto wallet, last will and testament, etc. to a specific list of people. Each person gets an unreadable piece and they must agree to reassemble the data in case you lose it or die.)
I had the idea to use the Pokedex from Pokemon as UI design inspiration for the retro/nerdy vibes. I'm thinking of the name Keydex to go with it. Thoughts, reactions?
https://fbi.cults3d.com/uploaders/17171951/illustration-file/24783684-0bb8-422b-86c7-410fc1d6748e/ezgif.com-gif-maker.gif

2025-09-05 18:46:11 UTC

Good read on how you can use a CRDT to manage an access control list for a group or other resource: https://p2panda.org/2025/08/27/notes-convergent-access-control-crdt.html

2025-09-05 12:39:31 UTC

I am still loving Kagi.com. I don’t even use any of the advanced features, just search. Also @nprofile…kucd just straight up has a Nostr account? Rad. #note15mx…gt56

2025-08-26 16:43:46 UTC

I'm thrilled to share that I'm receiving an OpenSats grant to work on social key backup and a new Nostr groups/communities app. I'll be building both in the open and this account will probably get filled up again with posts about that work.
I think one of the primary things the world needs right now is to move our social sense-making out of big social media platforms and back into community spaces that reflect our values. I'm so blessed to have the opportunity to chip away at these social/digital problems for a while longer.
My intention is always to build in solidarity with folks who need these tools most. If you're interested in using these sorts of tools and want to help - I'd love to do an interview with you! Send me a DM or reply to this note and I'll be in touch.

2025-08-26 16:04:34 UTC

- reply

I have the same question. I like GrapheneOS not so much for all the hardening but just because it's the most functional de-googled Android.

2025-08-23 15:18:36 UTC

- reply

There was a big AI track last year, obviously it’s a hot topic. Are you talking about decentralized compute for training or for actually executing LLMs, or both?

2025-08-23 15:15:36 UTC

- reply

Hey welcome back! We’ve actually stopped active development on Nos, but I think it’s still pretty nice 😊

2025-08-23 15:13:59 UTC

Good thread on some of the pain experienced by new Nostr devs, and also a good response of why things are the way they are.
TLDR; Loose governance is not very meritocratic, and stronger governance is generally not either 🙃
Personally I’d love to see (maybe found?) a NIP consortium/collective/co-op some day, but I don’t think it’s time yet. #note1nf2…gedn

2025-08-19 14:48:40 UTC

I had a great time at DWeb camp last week as always. I sat on an "Open Social Web" panel as the Nostr representative and I think what I had to say about Nostr was generally well-received alongside Bluesky and Mastodon. People were mostly drawn to the loose governance and the scrappy "good enough" approach to protocol design.
But, like last year, it still feels like the energy folks have for "social media" as we typically think of it has been completely sucked out of the room. Few people are interested in putting more energy into some public virtue-signaling town square. I think Nostr has an advantage over Mastodon in Bluesky in this area because it really does have the most non-microblogging experiments going on, and the protocol is the friendliest to encrypted private spaces.

2025-08-19 14:37:35 UTC

- reply

Yep, this is what happened to us on Nos. Well we wrote it before the outbox model existed. Once it did we always planned to adopt it but it became the forever-put-off mega refactor that was very important but never urgent. I was able to slowly march our relay code towards it: breaking the layers apart, using relay hints in some places, keeping a dynamic pool of relay connections based on demand, but we never got to the full thing.

2025-08-19 14:30:46 UTC

- reply

Yes, almost like the way people talk about tech's latest darling... 😉

2025-08-18 21:02:33 UTC

- reply

The internet is such a special place.

2025-08-18 20:40:39 UTC

The iOS 26 release date is less than a month away, and Apple is making big changes this year with the introduction of the Liquid Glass design system. I'm available for last-minute contract work to help you get your app ready. Whether you just want to make sure nothing breaks, or are looking to refresh your entire UI alongside Apple, I can help you make a smooth transition!

2025-08-18 14:42:01 UTC

In the future all food will be made with a microwave, and if you can't deal with that then you need to get out of the kitchen. https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/

2025-08-13 17:16:06 UTC

- reply

My practice for some years has been to keep a list of old friends/coworkers I want to contact in my todo list, sorted intuitively. I add to it as people pop into my head. Then I reach out to one person each week and ask to have a call or a lunch to catch up. I also attend a quarterly developer meetup in my city and travel to one or two conferences a year.

2025-08-13 16:12:21 UTC

- reply

Respect for the principled approach! I went without LinkedIn for the first 15 years of my career and it was fine. It forces you to work harder on staying in touch in other ways, which can be very rewarding.

2025-08-05 13:04:57 UTC

- reply

I would be up to contribute to this. I tried a ton of apps last week to prepare to host an onboarding workshop at a conference next week. The experience was really depressing, I didn’t find a single app that I felt like I could recommend across platforms.

2025-07-30 22:20:01 UTC

- reply

Iris used to be me go-to client but it fell out of rotation at some point. Giving it another try!

2025-07-22 18:59:01 UTC

- reply

Surely someone has built this, right? Why haven't I built this? 🤔 questioning everything.

2025-07-22 18:57:38 UTC

- reply

SSB without the hash chain? I'm down.

2025-07-18 18:03:35 UTC

- reply

Ok, I kinda wanted to be wrong about this but that's what I understood from the protocol docs. I thought calle was just overselling it but their messages in this thread feel downright deceptive.

2025-07-18 17:30:51 UTC

- reply

Can you explain to me (or point me to the details) of how the tokens are reissued? I thought to swap you have to connect to the mint? Or is reissuing different from swapping?

2025-07-18 17:09:10 UTC

- reply

I do know some of the history of ecash, that doesn't mean calling it "cash" is good branding.
So here's my specific question: Is it possible for me double spend cashu tokens that I gave someone while offline?

2025-07-18 16:17:34 UTC

I really feel like I'm missing something about Cashu. @npub12rv…85vg calls it digital cash, but you are reliant on a bank (mint) to cash out. They say it works offline, but it doesn't really because it doesn't prevent double-spending offline. This makes it a glorified IOU tracker, right?
Privacy-preserving IOU tracker is cool, and a network of banks that used them would be even cooler, but calling it offline digital cash seems totally disingenuous to me. Tell me why I'm wrong?
#nevent1q…rjun

2025-07-16 13:21:23 UTC

- reply

Awesome. @npub1pmw…4nu6 have you decided on an npub yet? Happy to hop on a call to walk through it together if you prefer.

2025-07-16 13:20:06 UTC

- reply

oh yes, looks like 0.3.0 doesn't even exist 🤔 I have pushed a commit that changes it. Thanks!

2025-07-15 18:35:43 UTC

Yesterday I finally took the plunge and downloaded Blender and started learning how to use it. I have been #3dprinting for a while but mostly I just print designs others have created, or made a few very simple designs using TinkerCad. But I finally found a project small enough to feel manageable and the time to do it.
We have a sliding barn-style door in our kitchen that our two toddlers insist on slamming shut, often while the other one is in the doorway. I decided to design a simple clamp to fit on the top to keep it from closing. Here is the evolution of the design. The first was the wrong size and just fell off, the second added a little hat to keep it from sliding off but quickly broken, so the third beefed up the thickness and infill to make it stronger.
https://blossom.lorentz.is/ba30503376d71bc9117a16bb494b7fbf52dca1d61d06e0e438c96b733dc815f3.jpg
And here's a video showing how it fits on:
https://blossom.lorentz.is/100f29a131c0b5c6f1baf114d46382b79fae9f7968714942315d406cecdaa466.mp4
I'm already working on a second design to toddler-proof a couple of our cabinet drawers that the regular spring locks wouldn't fit on. This may be a slippery slope.

2025-07-14 14:44:35 UTC

I have been finding AI really useful for coding, but this is a good reminder that AI benchmarks are not representative of reality, and developers cannot be trusted to accurately estimate their work, even after completing it 🙃
https://bsky.app/profile/metr.org/post/3ltn3t3amms2x

2025-07-14 14:28:54 UTC

- reply

Step one is for you to let me know the npub you want to use for the test. You are welcome to use your real Nostr profile but currently the tool requires you to pass your raw nsec on the command line which isn't best practice as anyone with access to your file system could steal it from your shell history. Once I know which key you want to use I will shard my own test key and send it to both via encrypted Nostr events.
Step two would be to download the tool and get it working. It's a python script that you should be able to get by running a series of commands like this:
git clone [email protected]:mplorentz/social-key-backup.git
cd social-key-backup
pip install -r requirements.txt
python skb.py --help
If that works you should see an explanation of the tool printed to the command line. If it doesn't work just let me know and we'll figure out what's wrong!
After I've sent the shards to you there will be a command I'll ask you to run to help me reassemble the key!
Finally here's the Github page if you want to browse: https://github.com/mplorentz/social-key-backup

2025-07-14 14:28:15 UTC

Starting a thread to coordinate a test of my social-key-backup tool with @npub1pmw…4nu6 and @npub1sq8…t84g

2025-07-11 13:25:11 UTC

- reply

Very excited for this! Any chance you could open up more spots in TestFlight beta @npub1zuu…c2uc?

2025-07-11 13:21:38 UTC

- reply

The relay can associate IPs with group IDs, no?

2025-07-11 13:20:14 UTC

@npub1ye5…knpr is there any way for me to report impersonators from Nostrudel?

2025-07-10 14:26:45 UTC

I'm still looking for a few more folks to help me out with this!
#nevent1q…8gaz

2025-07-09 22:32:11 UTC

- reply

Hm we may need to coordinate async, the ephemeral messages are probably not a good fit.

2025-07-09 21:49:45 UTC

I'm looking for a few people to help me test my social key backup tool for Nostr! Hoping to get at least 4 folks. I'm not going to actually back up my real key to you, I just want to run through the process with others and make sure it works for other people. You'll need python installed and some familiarity with the command line.
If you'd be willing to help me out with this tomorrow please reply to this or send me a DM! And I'm considering creating a Nostr group for comms, lmk if there is a group chat tool you like.

2025-07-08 02:50:16 UTC

- reply

No, backup is a big part of it but the real goal is to make key loss less catastrophic, and make identity a little more fluid.

2025-07-07 19:49:32 UTC

- reply

I have! I think they have different goals even though we are using some similar cryptography.

2025-07-07 19:32:14 UTC

I just completed a successful recovery of an nsec using my shamir's key sharing CLI. It's so satisfying as a programmer when you finally get your encryption and decryption code working together.
The script is very basic, I'll probably rewrite it in Rust, but it proves out the core concept and gave me a lot of ideas about how to make this actually accessible to normal people and what other features and services would be nice to bundle with it. I'm still trying to come up with an umbrella term for this family of things (social key backup, social key migration, threshold-based consensus, etc.). The best I've come up with so far is "social keys" but I'm not sure if that makes sense. Does it makes sense to you?

2025-07-03 18:03:29 UTC

- reply

That seems like an error in NIP-11. I have seen relays send AUTH at a lot of different times. Sometimes only certain actions are gated behind auth (like requesting content from a closed NIP-29 group).

2025-07-02 20:51:38 UTC

- reply

Relatable. I've actually had this bug on a bank website before. They truncated my 20+ character password, I wonder if they were running Solaris somewhere in the background.

2025-07-02 14:01:37 UTC

Also I submitted my first git PRs via Nostr yesterday, it was pretty easy with ngit and https://gitworkshop.dev!