BRC-100 specifies wallet-mediated actions, signatures, encryption, certificates, and permissions.
Can miners, the chain, or an app sign as me or read my private data?
“If BSV can recover coins and apps use identity keys, miners or the Association can impersonate me, decrypt my data, or approve wallet permissions.”
The answer without the theater.
Under the published wallet model, applications request operations from a wallet; the wallet holds or controls user key material and permissions. Miners validate transactions and order accepted history. The NAR can affect UTXO treatment at the network layer. None of those facts, by itself, gives a miner or Association the private keys needed to produce a user's application signature or decrypt properly protected data. Implementation bugs, wallet compromise, and poor permission design remain real risks.
The objection's strongest ground
- BRC-100 defines wallet-mediated operations rather than handing arbitrary private keys to an application.
- BRC-103 uses identity keys and signed messages for peer authentication and selective certificate exchange.
- Network-level UTXO reassignment can change accepted ownership without creating the former holder's signature.
Do not claim more than the evidence
- A vulnerable or malicious wallet can mishandle keys, permissions, data, or signatures.
- Encrypted content can still leak metadata, and recovery of coins can have identity or financial consequences without key disclosure.
- This page describes intended protocol boundaries, not a security audit of every wallet.
A better next move than arguing
- Draw the exact keys, data, permissions, messages, and network decisions involved in the user action.
- Inspect the wallet prompt and source path for every requested signature, encryption, certificate, and transaction operation.
- Test denial, revocation, export, compromised-app, and unavailable-wallet scenarios.
What would change this answer?
Evidence that a network directive or ordinary app can obtain user key operations outside published wallet authorization would invalidate this boundary. Independent audits and cross-wallet permission tests would strengthen it.
What the cited sources establish
BRC-103 specifies peer authentication using identity keys, signed messages, and certificate exchange.