Oddbean new post about | logout
greg | 1 years ago (raw) | root | parent | reply | flag 
 Any opinion on an end to end encrypted solution? So that even the service provider (custodian) can’t decrypt the keys?

I know it’s not perfect but the current ecosystem for managing keys isn’t smooth enough for everyday users and I’m wondering if there are any solutions on the horizon.
Boris | 1 years ago (raw) | root | parent | reply | flag 
 Every normal Nostr client already has that. E.g. in Amethyst you have private DMs.
greg | 1 years ago (raw) | root | parent | reply | flag 
 I mean for key storage of private keys. Thinking of an oauth type flow to log in to various clients without having to copy and paste the private key.
Boris | 1 years ago (raw) | root | parent | reply | flag 
 Why? To prevent a client leaking the key? Then just "login" with npub, most clients provide this feature.
greg | 1 years ago (raw) | root | parent | reply | flag 
 Ima actually thinking about for more normal folks that think in username and password instead of private key and public key. 

Create a way to allow them to give an email as username and set a password. Offer 2FA and a reset password flow. 

Then they can get their npub and/or their nsec so they don’t have to store it themselves

Eventually the hope is that clients support “login with WhateverWeCallIt” so it’ll insert the nsec automatically into the client (and for clients that store it locally, store it locally)

Further down the line I’d imagine it would be a way for folks to set which clients they want to give what access so that we can give people a way to get rid of the annoying NIP 7 pop ups. 

Mostly it is for folks that are less self-custody maxis, but still care about controlling what clients can do with their keys.
Boris | 1 years ago (raw) | root | parent | reply | flag 
 Well, this sounds like a custodian solution. It destroys the main advantage of nostr - absence of centralised places controlling our profiles. If all the private keys were stored in one "storage", then the government will go to that place (like it goes to facebooks and twitters) and install censorship there.

Also, normies don't use many clients. Install Amethyst and use it. Why to install many clients? If you are a geek kind of user, who is curious about software, I understand that. But it is not a big deal for such kind of users to copy-paste nsec from one app to another.
greg | 1 years ago (raw) | root | parent | reply | flag 
 But you can’t post or decrypt DMs with just an npub
duck | 1 years ago (raw) | root | parent | reply | flag 
 Do we then need a service provider to hold the e2e decryption keys?
greg | 1 years ago (raw) | root | parent | reply | flag 
 I was thinking your password is your decryption key so that even if the place is hacked the service provider could never decrypt your nsec