I was thinking about this lately. I wrote this on my whiteboard to revisit

What does it mean to verify… this is not so straightforward?

I agree. I was thinking about how verification is needed in the absence of trust. I was thinking in generalities. Trust enables speed, verification is slower. It is difficult to enable verification for all, when many things require a deep understanding. I would likely never verify your work if I asked you to help me make something, because I trust you. Nostr moves fast because there is so much trust in each other to build trust-less things and criticize what is built with the knowledge we have individually. Our data is interesting because even if I trusted you to do your best to protect it, I can’t trust that there would never be an unforeseen circumstance or attack. You have it best when you speak about controlling our own data. No need to trust the applications or to verify how they use things if you decide what to share and control what you choose to trust them with. The point at which we can grant access or not I think is likely where effort is worth spending. I would like to control that and understand better what I am granting access to as a layman. I can never verify your intent, so I’ll have to make a judgement and trust it. Hope this wasn’t too painful to read.

> “The point at which we can grant access or not I think is likely where effort is worth spending.” I am currently focused on the nitty gritty of key sovereignty. All trust on Nostr is dependent upon key sovereignty. When users have provable sole custody of their own keys, and the signing process, then they can BEGIN to fine tune the access granted to each and every app. This is the nexus point.

Thank you Mani