How did they implemented their non custodial wallet, without the user getting any seed phrase or a channel opening?
Great question. Idk. But I kept trying to respond to you (on Primal) and this popped up several times 👀 https://m.primal.net/LnSG.png
Right after you clicket on reply button?
Yeah, Primal for web on safari. So weird. New feature being tested? (All those wallets are horrendous though) @miljan it’s so weird 🤷♀️
something weird is going on, same here primal on safari but I dont like getting suddent prompted to connect a wallet out of nowhere
Especially non-Bitcoin wallets
Not good.
What if primal is under a shitcoin attack?
WTF this is happening to me too what is this? nostr:note1lkmn2wlqa7pvla9xrqqs73hvhqyx6n3thujs98z5zuh27zqh89rq6tuvrp
Is Primal becoming a shitcoin?
@miljan I dont know whats going on but its nearly unusuable for me right now and deeply concerning that this is being prompted nostr:note18zvngfpppupmleay49j6vp0yjcskqr5svp8u5wkdvc2x8f9p6dss6snmcp
Weird. Are those wallet prompts being displayed in response to an action you are making on Primal? If so, can you tell me the exact steps to reproduce.
Replying to a note or quoting a note brought it up for me on desktop/safari
Basically clicking anywhere after loading the primal site after a few seconds.
Thank you for reporting; we will investigate first thing tomorrow!
https://stacker.news/items/747507. looks fixed? nostr:note1pf2dv7xhx9zj92yez0kqgfwr6y8sspsqjgqpnlme7rarzeqnqpdqrqsys4
There is an enormous amount of unauditable shady crap that gets downloaded and stuffed into JavaScript apps like React when you build them. Web apps are hard to make secure, generally shouldn't trust them and not through fault of the dev.
*on a MacBook
Yeah I literally just posted the same. Thought it's been compromised or maybe some rouge change crept in through an update.
🤨
A great list of wallets one should never have
This looks like an XSS attack
My friend sent me the same image yesterday asking the same thing. what is this exactly?
This is like a phishing thing, right? Where the attacker just hopes you will clicky click on the scam wallets? @hodlbod
Yep, exactly. Definitely don't use it.
fwiw, I did a malware scan now and found nothing. so all good 😊
That looks like you have a full of shitcoin apps installed and your device is asking which one to use. When you play with shit, you smell like shit.
Nope. I do not. Same thing was happening to others as well who were using Primal desktop. Follow the entire thread to see what the devs have to say. TLDR, it’s an XSS attack 🙄 The one annoying thing on nostr is when people jump to conclusions and or gossip 🙄
I am on Primal desktop. But my browser is always clean. never play with crap. Even if it is a XSS attack, that shit must come from something you did.
Nope 👎 it did not.
what you are seeing is Wallet Connect a web3 solution to connect wallet to the app it's a shitcoin thing, just a bit of code on the website that allows for a QR-based handshake https://walletconnect.network/
Can I block it?
In browser, inspect element, remove JS? maybe using an extension like NoScript? ... I would tell the devs/open a github issue, sure you are not the only users not interested in this new feature they added... or change nostr client, data portability rocks
Why is this suddenly being promoted on primal for no reason?
I don’t know that I’d called it promoted, but it is suddenly there and wasn’t earlier today
not a primal dev or user my guess they added the code in but misconfigured the flags for when it should appear (not on reply function definately) It's a free thing, they add it, now web3 domain holders can 'connect with wallet' and use their publickey as their identity (I am guessing) not necessarily going full shitcoin, but welcoming users who want to connect via a web3 wallet... like a Google or Facebook OAuth
Something is hijacking all button clicks. I don't know what post it is, but I was able to replicate it.
Seems ok on my phone app. Just happening on my Primal for web with safari on MacBook
Also started for me earlier trying to reply to @619297f6c93475d89ca8122b9e75cc6383486941aecbcd3eed...
Replicated it, it's an XSS
Holy shit! https://github.com/airbnb/lottie-web/issues/3127
Amazing. I was just inspecting that too, but seemed like an innocuous library.
If you're getting a wallet connect popup on primal desktop... DON'T connect to it. nostr:note1zjqtju8gx6sr6ud0xw207ezpnn9jcgnvwlp6075fgrhtk9hd5m7quy7hng
Están atacando
I'm not sure it is specific to nostr or primal, anyone using this plugin would probably be affected.
nostr:nevent1qqspfq9ewr5rdgpawxhn898lv3qeejevyfk80sa8l2y5pm4mzmk6dlqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qq3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnwsxpqqqqqqz3dsavw
Nostr devs on top of things 🫡
Insane, primal just removed the lottie-player https://github.com/PrimalHQ/primal-web-app/commit/299a26daa1ec6ebc642e117827c9b21c0b3117ec
Yep, just discovered myself that this is the source of the issue: https://github.com/airbnb/lottie-web/issues/3127
Nostr devs on top of things 🫡
nostr:nevent1qqspfq9ewr5rdgpawxhn898lv3qeejevyfk80sa8l2y5pm4mzmk6dlqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qq3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnwsxpqqqqqqz3dsavw
The WalletConnect popup on the browser webpage. Instead of zapping it would bring up a bunch of shitcoin wallets. HodlBod clarified that it was likely an XSS Attack and was able to replicate it. Primal since removed the Lottie player. nostr:nevent1qqsd8r8gkljxp08q6x8rh26zevsduf26kegkvde9p57pu3qwfvv06nqpzdmhxue69uhhwmm59e6hg7r09ehkuef0qgsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgsrqsqqqqqp7mxule
And then this happened. 😬 nostr:note1lkmn2wlqa7pvla9xrqqs73hvhqyx6n3thujs98z5zuh27zqh89rq6tuvrp
🤣 how embarrassing for the best funded app on nostr.
Literally marketed as "Le App Bitcoin", and then they use legit shitcoin libraries. 😅 All of the #Monero guys, who have had to put up with so much crap on here, including from #Primal fanboys, must be looking at this like https://media.tenor.com/12vmKWVVJrwAAAAC/death-stare-black-snake-moan.gif
@Ava did you see this go down?
I uninstalled Primal over a month ago. It's been lame for too long. After keeping it installed and trying to like it as a backup client for ten months, it was time to say goodbye. What went down? The inclusion of crypto wallets?
They've been using crypto libraries, while marketing themselves as a Bitcoin app, yes, and it sort of bubbled up, due to an attack on the library. Primal web repo hasn't moved in 6 months, not even a bug-fix, but they rolled back this particular commit, last night. 😅 Their whole "Bitcoin Nostr" schtick always rubbed me the wrong way, anyway, as Nostr isn't supposed to just be for Bitcoiners, and they turned Nostr into a feeder for Strike KYC, but whatever. https://media.tenor.com/i2V9q28KQ0QAAAAC/dottie-underwood-agent-carter.gif
Oh wow! I missed that. That sounds very hypocritical. And I agree—I've said it time and time again—if Nostr is only for Bitcoiners, it's dead in the water. But deceptive marketing is not the way. Thanks for the heads up!
I'm a Monero guy right after Bitcoin Guy
https://image.nostr.build/7e0b02e97c0c26a6475eced36b7e964ebe590812398d82bc7b9181d3cc64d1b8.jpg
Other than keeping Primal users from experiencing ALL of nostr inc the "other stuff"? https://media2.giphy.com/media/IkBMOwZ44Ug7GxNuQx/200.gif
I feel about Primal, the same way I felt about Mutinity Wallet. Countdown läuft...
How did you feel about Mutiny Wallet?
CEO had a terrible attitude and I told him that he wasn't going to last long and he didn't.
It does seem that way. If you had to make an educated guess, what percentage of total nostr users do you believe use primal as their primary client?
I suspect that it's a majority of those onboarding, lately, unfortunately, but we manage to salvage some of them and get them to other clients. This is one of their VC boards, FYI. https://ten31.vc/team
I suspect a lot of the problems Nostr has been having are a direct result of people onboarding through Primal, but it won't let up until Primal finally goes away or completely reforms.
Kind of ironic, isn't it? Bitcoin and freedom advocates scaring away bitcoiners from freedom tech😅.
https://image.nostr.build/3d12aa572321505e4a78099dc1bc0b3935f6fbd231bd73e0b3069767257bb35f.jpg
Primal: the best funded shitcoin on nostr.
I won't say anything because I'm sat next to a window 😁
Making Nostr all about Bitcoin seems to have sucked in a bunch of grifters and finance-suits-in-hoodies, and it's turned newcomer's microblogging feeds into a cheesy, discount-version of Bitcoin Twitter. Nostr has zaps, but zaps aren't the reason Nostr exists. Nostr predates the zap. Nostr has its own agenda. The real Nostr devs care about Nostr, for its own sake, and not just as a place to spend Bitcoin. This note is signed with my private key and published to the relay on my laptop. GFY. nostr:nevent1qvzqqqqqqypzqaw3y9q68yvef3qxy5qlz4wzud8yr2xre7d7l8jd055cy569350zqytkummnw3ez66tyvgaz7tmrv93ksefdwfjkccteqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcqypa39d2hcm8rpehgre683zrv3r42lkat0vndaz85f90kzuukr5cx7g5eqfw
100% and GFY Cool, yeah bitcoin, got it. But like lets to other normal social and business things here too, it's why were here. I don't want any other platform. I also have no idea what Bitcoin Twitter was, but the reason it's call Bitcoin-Twitter is kind of gross imo.
Yes. nostr:nevent1qqsfgl0n4eqc7vj8drxhzp9ytypksfxndst0xpyyc0favtauqjj5cfcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqz03j2cg
What do you recommend for MacOS?
do you use web clients? i like to use: https://nostter.app https://nostrudel.ninja https://habla.news https://www.yakihonne.com
Stop being an idiot and run Linux.
It’s on the list.
We can all learn from this. No judging. https://media.tenor.com/Sfo7_u-zu_QAAAAC/its-life-so-mistakes-are-going-to-happen-amanda-holden.gif
😅 Just had my new employer ask me if I wanted a Windows or a Linux laptop, and it was like, Wait... is this a trick question?
So long as you get to choose your own install.. Right?
No, only Ubuntu. 😭 I don't want to talk about. I'm grieving.
It's great that they offer Linux!
I've been using Linux, at home, since like 2005, and tested on a Linux/Windows dual-boot since the 1998 or something, but this will be my first Official Work LinuxOnly Laptop. I'm happy about that.
Nostur
Why?
The increasing follow-concentration is a direct result of their trending list and their preset follow-list for newbies. This was immediately obvious, from the get-go, but they have just left it like that. Also, whilst the majority of the other devs and relay-managers immediately jumped on the ReplyGuy issue, Primal was lackadaisical. They are often AWOL, and they don't seem to use the relay, web client, or image server, themselves, on a daily basis, so they let the systems atrophy, and fill up with literal garbage, while performance crawls to a halt. The other devs are eventually annoyed by their own stuff being broken, since they use it regularly themselves, but Primal devs are like vegan butchers. They can legit watch their repos rot for half a year and not give a damn. I've seen a lot, but that takes the cake. Primal got way too much funding and way too much adoring press, from the get-go. They're front-and-center at the conferences, of course, talking a big game. They be like https://media.tenor.com/GAPSxsTdaiwAAAAC/valentino-rossi-rossi.gif
Leave my boy Rossi out of this. https://image.nostr.build/15f242b2c20e6d50ef55dc25e58a4eeea23612c375f29d929cb91a3debafb22d.gif
‘like vegan butchers’ 🤣https://media.tenor.com/T8NUkKuaGAsAAAAC/ohhh-whoah.gif
I guess that makes me one of the salvaged users since I only used primal for a few days before I turned to amethyst. Thank you! I just took a look at this. Wow! Primal is well-funded. I can't deny that. But... it's becoming exactly what it promised not to. I actually just un-installed it. Lol we don't really need a Bitcoin advertisement platform. Companies like Blackrock and Fidelity are doing all that for us.
@Silberengel there’s valid criticism of any app. Primal is no exception. What is the point of kicking Primal for using a FOSS dependency, and fixing an exploit quickly?
Why did the devs from other apps have to figure this out and report it to us? Where are their devs? Where are they ever? Where did they dig up this library? Why were they using it? Why have they left that repo to rot for 6 months? Also, they've been like this, from the beginning. I'm incredibly underwhelmed by the entire project. I've always encouraged people to switch to a different kind 01 client, as soon as possible, and I bet that those that switch early, are more likely to stick around.
@Silberengel one of nostr’s strengths is folk outside the app devs figuring out bugs, and sharing this one with the app devs one way or another. I don’t think I’ll change your view on Primal. Fixing a bug reported from outside the team quickly is a good thing.
Yes, but I expect them to then be upfront about what happened and _immediately_ investigate it themselves, and openly self-report with their biggest npub. They should be aggressively transparent. Yeah, don't bother trying to change my mind on Primal. Waste of your time.
Other than keeping Primal users from experiencing ALL of nostr inc the "other stuff"? https://media2.giphy.com/media/IkBMOwZ44Ug7GxNuQx/200.gif
I feel about Primal, the same way I felt about Mutinity Wallet. Countdown läuft...
How did you feel about Mutiny Wallet?
CEO had a terrible attitude and I told him that he wasn't going to last long and he didn't.
It does seem that way. If you had to make an educated guess, what percentage of total nostr users do you believe use primal as their primary client?
I suspect that it's a majority of those onboarding, lately, unfortunately, but we manage to salvage some of them and get them to other clients. This is one of their VC boards, FYI. https://ten31.vc/team
I suspect a lot of the problems Nostr has been having are a direct result of people onboarding through Primal, but it won't let up until Primal finally goes away or completely reforms.
Kind of ironic, isn't it? Bitcoin and freedom advocates scaring away bitcoiners from freedom tech😅.
https://image.nostr.build/3d12aa572321505e4a78099dc1bc0b3935f6fbd231bd73e0b3069767257bb35f.jpg
Primal: the best funded shitcoin on nostr.
I won't say anything because I'm sat next to a window 😁
Making Nostr all about Bitcoin seems to have sucked in a bunch of grifters and finance-suits-in-hoodies, and it's turned newcomer's microblogging feeds into a cheesy, discount-version of Bitcoin Twitter. Nostr has zaps, but zaps aren't the reason Nostr exists. Nostr predates the zap. Nostr has its own agenda. The real Nostr devs care about Nostr, for its own sake, and not just as a place to spend Bitcoin. This note is signed with my private key and published to the relay on my laptop. GFY. nostr:nevent1qvzqqqqqqypzqaw3y9q68yvef3qxy5qlz4wzud8yr2xre7d7l8jd055cy569350zqytkummnw3ez66tyvgaz7tmrv93ksefdwfjkccteqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcqypa39d2hcm8rpehgre683zrv3r42lkat0vndaz85f90kzuukr5cx7g5eqfw
100% and GFY Cool, yeah bitcoin, got it. But like lets to other normal social and business things here too, it's why were here. I don't want any other platform. I also have no idea what Bitcoin Twitter was, but the reason it's call Bitcoin-Twitter is kind of gross imo.
Yes. nostr:nevent1qqsfgl0n4eqc7vj8drxhzp9ytypksfxndst0xpyyc0favtauqjj5cfcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqz03j2cg
What do you recommend for MacOS?
do you use web clients? i like to use: https://nostter.app https://nostrudel.ninja https://habla.news https://www.yakihonne.com
Stop being an idiot and run Linux.
It’s on the list.
We can all learn from this. No judging. https://media.tenor.com/Sfo7_u-zu_QAAAAC/its-life-so-mistakes-are-going-to-happen-amanda-holden.gif
😅 Just had my new employer ask me if I wanted a Windows or a Linux laptop, and it was like, Wait... is this a trick question?
So long as you get to choose your own install.. Right?
No, only Ubuntu. 😭 I don't want to talk about. I'm grieving.
It's great that they offer Linux!
I've been using Linux, at home, since like 2005, and tested on a Linux/Windows dual-boot since the 1998 or something, but this will be my first Official Work LinuxOnly Laptop. I'm happy about that.
Nostur
Why?
The increasing follow-concentration is a direct result of their trending list and their preset follow-list for newbies. This was immediately obvious, from the get-go, but they have just left it like that. Also, whilst the majority of the other devs and relay-managers immediately jumped on the ReplyGuy issue, Primal was lackadaisical. They are often AWOL, and they don't seem to use the relay, web client, or image server, themselves, on a daily basis, so they let the systems atrophy, and fill up with literal garbage, while performance crawls to a halt. The other devs are eventually annoyed by their own stuff being broken, since they use it regularly themselves, but Primal devs are like vegan butchers. They can legit watch their repos rot for half a year and not give a damn. I've seen a lot, but that takes the cake. Primal got way too much funding and way too much adoring press, from the get-go. They're front-and-center at the conferences, of course, talking a big game. They be like https://media.tenor.com/GAPSxsTdaiwAAAAC/valentino-rossi-rossi.gif
Leave my boy Rossi out of this. https://image.nostr.build/15f242b2c20e6d50ef55dc25e58a4eeea23612c375f29d929cb91a3debafb22d.gif
‘like vegan butchers’ 🤣https://media.tenor.com/T8NUkKuaGAsAAAAC/ohhh-whoah.gif
I guess that makes me one of the salvaged users since I only used primal for a few days before I turned to amethyst. Thank you! I just took a look at this. Wow! Primal is well-funded. I can't deny that. But... it's becoming exactly what it promised not to. I actually just un-installed it. Lol we don't really need a Bitcoin advertisement platform. Companies like Blackrock and Fidelity are doing all that for us.
Oh wow! I missed that. That sounds very hypocritical. And I agree—I've said it time and time again—if Nostr is only for Bitcoiners, it's dead in the water. But deceptive marketing is not the way. Thanks for the heads up!
Why did the devs from other apps have to figure this out and report it to us? Where are their devs? Where are they ever? Where did they dig up this library? Why were they using it? Why have they left that repo to rot for 6 months? Also, they've been like this, from the beginning. I'm incredibly underwhelmed by the entire project. I've always encouraged people to switch to a different kind 01 client, as soon as possible, and I bet that those that switch early, are more likely to stick around.
@Silberengel one of nostr’s strengths is folk outside the app devs figuring out bugs, and sharing this one with the app devs one way or another. I don’t think I’ll change your view on Primal. Fixing a bug reported from outside the team quickly is a good thing.
Yes, but I expect them to then be upfront about what happened and _immediately_ investigate it themselves, and openly self-report with their biggest npub. They should be aggressively transparent. Yeah, don't bother trying to change my mind on Primal. Waste of your time.