Oddbean new post about | logout
 How did they implemented their non custodial wallet, without the user getting any seed phrase or a channel opening? 
 Great question. Idk. 

But I kept trying to respond to you (on Primal) and this popped up several times 👀 

https://m.primal.net/LnSG.png  
 Right after you clicket on reply button? 
 Yeah, Primal for web on safari. So weird. New feature being tested? (All those wallets are horrendous though) @miljan it’s so weird 🤷‍♀️ 
 something weird is going on, same here primal on safari but I dont like getting suddent prompted to connect a wallet out of nowhere 
 Especially non-Bitcoin wallets 
 Not good. 
 What if primal is under a shitcoin attack? 
 WTF this is happening to me too what is this?

nostr:note1lkmn2wlqa7pvla9xrqqs73hvhqyx6n3thujs98z5zuh27zqh89rq6tuvrp  
 Is Primal becoming a shitcoin? 
  @miljan I dont know whats going on but its nearly unusuable for me right now and deeply concerning that this is being prompted

nostr:note18zvngfpppupmleay49j6vp0yjcskqr5svp8u5wkdvc2x8f9p6dss6snmcp  
 Woah interesting 
 Weird. Are those wallet prompts being displayed in response to an action you are making on Primal? If so, can you tell me the exact steps to reproduce.  
 Replying to a note or quoting a note brought it up for me on desktop/safari 
 Basically clicking anywhere after loading the primal site after a few seconds. 
 Thank you for reporting; we will investigate first thing tomorrow!  
 Thanks! 
 https://stacker.news/items/747507. looks fixed?

nostr:note1pf2dv7xhx9zj92yez0kqgfwr6y8sspsqjgqpnlme7rarzeqnqpdqrqsys4  
 There is an enormous amount of unauditable shady crap that gets downloaded and stuffed into JavaScript apps like React when you build them. Web apps are hard to make secure, generally shouldn't trust them and not through fault of the dev. 
 I agree with this 
 *on a MacBook 
 Yeah I literally just posted the same. Thought it's been compromised or maybe some rouge change crept in through an update. 
 🤨 
 A great list of wallets one should never have 
 This looks like an XSS attack 
 👀 
 My friend sent me the same image yesterday asking the same thing. what is this exactly? 
 This is like a phishing thing, right? Where the attacker just hopes you will clicky click on the scam wallets? @hodlbod 
 AAH! could be.  
 Yep, exactly. Definitely don't use it. 
 fwiw, I did a malware scan now and found nothing. so all good 😊  
 That looks like you have a full of shitcoin apps installed and your device is asking which one to use.
When you play with shit, you smell like shit. 
 Nope. I do not. Same thing was happening to others as well who were using Primal desktop. Follow the entire thread to see what the devs have to say. TLDR, it’s an XSS attack 🙄 

The one annoying thing on nostr is when people jump to conclusions and or gossip 🙄 
 I am on Primal desktop. But my browser is always clean. never play with crap.
Even if it is a XSS attack, that shit must come from something you did. 
 Nope 👎 it did not. 
 what you are seeing is Wallet Connect

a web3 solution to connect wallet to the app

it's a shitcoin thing, just a bit of code on the website that allows for a QR-based handshake

https://walletconnect.network/ 
 Can I block it? 
 In browser, inspect element, remove JS?

maybe using an extension like NoScript?

... I would tell the devs/open a github issue, sure you are not the only users not interested in this new feature they added...

or change nostr client, data portability rocks
 
 Why is this suddenly being promoted on primal for no reason? 
 I don’t know that I’d called it promoted, but it is suddenly there and wasn’t earlier today 
 I meant prompted, but I understand, very weird 
 not a primal dev or user

my guess they added the code in but misconfigured the flags for when it should appear (not on reply function definately)

It's a free thing, they add it, now web3 domain holders can 'connect with wallet' and use their publickey as their identity (I am guessing)

not necessarily going full shitcoin, but welcoming users who want to connect via a web3 wallet... like a Google or Facebook OAuth 
 Something is hijacking all button clicks. I don't know what post it is, but I was able to replicate it. 
 Seems ok on my phone app. Just happening on my Primal for web with safari on MacBook 
 Also started for me earlier trying to reply to @619297f6c93475d89ca8122b9e75cc6383486941aecbcd3eed... 
 Replicated it, it's an XSS 
 Holy shit! https://github.com/airbnb/lottie-web/issues/3127 
 So now we can blame Airbnb? 
 You're much faster than I am 
 Amazing. I was just inspecting that too, but seemed like an innocuous library. 
 If you're getting a wallet connect popup on primal desktop... DON'T connect to it.

nostr:note1zjqtju8gx6sr6ud0xw207ezpnn9jcgnvwlp6075fgrhtk9hd5m7quy7hng  
 Están atacando  
 I'm not sure it is specific to nostr or primal, anyone using this plugin would probably be affected. 
 En mi caso no estoy usando primal 
 nostr:nevent1qqspfq9ewr5rdgpawxhn898lv3qeejevyfk80sa8l2y5pm4mzmk6dlqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qq3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnwsxpqqqqqqz3dsavw 
 Nostr devs on top of things 🫡 
 Insane, primal just removed the lottie-player https://github.com/PrimalHQ/primal-web-app/commit/299a26daa1ec6ebc642e117827c9b21c0b3117ec 
 Yep, just discovered myself that this is the source of the issue: https://github.com/airbnb/lottie-web/issues/3127 
 Last time there was an xss vulnerability on nostr (anigma) lots of people leaked their nsecs 
 Nostr devs on top of things 🫡 
 nostr:nevent1qqspfq9ewr5rdgpawxhn898lv3qeejevyfk80sa8l2y5pm4mzmk6dlqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qq3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnwsxpqqqqqqz3dsavw 
 The WalletConnect popup on the browser webpage. Instead of zapping it would bring up a bunch of shitcoin wallets. HodlBod clarified that it was likely an XSS Attack and was able to replicate it. Primal since removed the Lottie player. 

nostr:nevent1qqsd8r8gkljxp08q6x8rh26zevsduf26kegkvde9p57pu3qwfvv06nqpzdmhxue69uhhwmm59e6hg7r09ehkuef0qgsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgsrqsqqqqqp7mxule 
 And then this happened. 😬 

nostr:note1lkmn2wlqa7pvla9xrqqs73hvhqyx6n3thujs98z5zuh27zqh89rq6tuvrp 
 🤣 how embarrassing for the best funded app on nostr. 
 Literally marketed as "Le App Bitcoin", and then they use legit shitcoin libraries. 😅 

All of the #Monero guys, who have had to put up with so much crap on here, including from #Primal fanboys, must be looking at this like
https://media.tenor.com/12vmKWVVJrwAAAAC/death-stare-black-snake-moan.gif 
 I am legit LOLing. 
nostr:nevent1qqswg74ckj5f6ywy4r5k3f2dc0t6hyrzfhwqka2fdn3umwthcgphxhcprdmhxue69uhhw6r9v96zu6rpwpc8jarpwejhym3wvdhj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqzgkykve 
 @Ava did you see this go down? 
 I uninstalled Primal over a month ago. It's been lame for too long. After keeping it installed and trying to like it as a backup client for ten months, it was time to say goodbye. What went down? The inclusion of crypto wallets? 
 They've been using crypto libraries, while marketing themselves as a Bitcoin app, yes, and it sort of bubbled up, due to an attack on the library.
Primal web repo hasn't moved in 6 months, not even a bug-fix, but they rolled back this particular commit, last night. 😅 

Their whole "Bitcoin Nostr" schtick always rubbed me the wrong way, anyway, as Nostr isn't supposed to just be for Bitcoiners, and they turned Nostr into a feeder for Strike KYC, but whatever.

https://media.tenor.com/i2V9q28KQ0QAAAAC/dottie-underwood-agent-carter.gif 
 Oh wow! I missed that. That sounds very hypocritical. And I agree—I've said it time and time again—if Nostr is only for Bitcoiners, it's dead in the water. But deceptive marketing is not the way. Thanks for the heads up! 
 
nostr:nevent1qqsg7htxj8sqcglsfp8ltmnn9stn9g2xrujry6c7yd8qks8kt6576vcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzutuj9w 
 I say let the poor marketing continue. Could be a great way to help them dig their own grave🤷‍♂️. 
 More people need to know. 
nostr:nevent1qqsqt8fa2lwj7uz4876fd52nkmqsfz6nmxwyd99ljvy7zltm76wywxqprdmhxue69uhhw6r9v96zu6rpwpc8jarpwejhym3wvdhj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqzt2c0dm 
 I'm a Monero guy right after Bitcoin Guy 
 meh
Primal is obviously the Apple of nostr.

centralized 3rd parties are security holes blah blah 
 You mean "most fleeced?" 
 https://image.nostr.build/7e0b02e97c0c26a6475eced36b7e964ebe590812398d82bc7b9181d3cc64d1b8.jpg 
 Other than keeping Primal users from experiencing ALL of nostr inc the "other stuff"?
https://media2.giphy.com/media/IkBMOwZ44Ug7GxNuQx/200.gif 
 I feel about Primal, the same way I felt about Mutinity Wallet.

Countdown läuft... 
 How did you feel about Mutiny Wallet? 
 CEO had a terrible attitude and I told him that he wasn't going to last long and he didn't. 
 I see. Looks like it's not around anymore too. 
 It does seem that way. If you had to make an educated guess, what percentage of total nostr users do you believe use primal as their primary client?  
 I suspect that it's a majority of those onboarding, lately, unfortunately, but we manage to salvage some of them and get them to other clients.

This is one of their VC boards, FYI.
https://ten31.vc/team 
 I suspect a lot of the problems Nostr has been having are a direct result of people onboarding through Primal, but it won't let up until Primal finally goes away or completely reforms. 
 Kind of ironic, isn't it? Bitcoin and freedom advocates scaring away bitcoiners from freedom tech😅. 
 https://image.nostr.build/3d12aa572321505e4a78099dc1bc0b3935f6fbd231bd73e0b3069767257bb35f.jpg 
 Primal: the best funded shitcoin on nostr.  
 
nostr:nevent1qqspx2kn0zvk6ccfpfvkp4w4cptcgdxsg9eahvc7ltz6zzh44r5dwkcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qgnwpctdec0aa00hfy4lvadftu08ccs9677mr73h9ddv2zvw8fu9sxpqqqqqqzk2vefy 
 
nostr:nevent1qqspx2kn0zvk6ccfpfvkp4w4cptcgdxsg9eahvc7ltz6zzh44r5dwkcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qgnwpctdec0aa00hfy4lvadftu08ccs9677mr73h9ddv2zvw8fu9sxpqqqqqqzk2vefy 
 I won't say anything because I'm sat next to a window 😁 
 Making Nostr all about Bitcoin seems to have sucked in a bunch of grifters and finance-suits-in-hoodies, and it's turned newcomer's microblogging feeds into a cheesy, discount-version of Bitcoin Twitter.

Nostr has zaps, but zaps aren't the reason Nostr exists. Nostr predates the zap. Nostr has its own agenda. The real Nostr devs care about Nostr, for its own sake, and not just as a place to spend Bitcoin.

This note is signed with my private key and published to the relay on my laptop. GFY.

nostr:nevent1qvzqqqqqqypzqaw3y9q68yvef3qxy5qlz4wzud8yr2xre7d7l8jd055cy569350zqytkummnw3ez66tyvgaz7tmrv93ksefdwfjkccteqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcqypa39d2hcm8rpehgre683zrv3r42lkat0vndaz85f90kzuukr5cx7g5eqfw 
 100% and GFY

Cool, yeah bitcoin, got it. But like lets to other normal social and business things here too, it's why were here. I don't want any other platform. 

I also have no idea what Bitcoin Twitter was, but the reason it's call Bitcoin-Twitter is kind of gross imo.  
 to be fair, nostr uses taproot cryptography, and bech32 encoding

not sure why it didn't use JSONRPC2 like Bitcoin P2P network tho

i think fiatjaf thought it would be clever to do something super minimalistic and full of implicit semantics 
 Bitcoin is life 
 The GFY was a nice touch. 
 Umm.... okay here i have to disagree with you. I would not spend half as much time on nostr if it weren't for the doors that open and limitless possibilities with lightning 
 GM GFY 
 I've thought this for a while. It's especially true since many people don't understand that they aren't locked into "an app."  
 Yes. 
nostr:nevent1qqsfgl0n4eqc7vj8drxhzp9ytypksfxndst0xpyyc0favtauqjj5cfcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqz03j2cg 
 What do you recommend for MacOS? 
 do you use web clients?
i like to use:
https://nostter.app
https://nostrudel.ninja
https://habla.news
https://www.yakihonne.com 
 Thank you I’ll take a look 
 Stop being an idiot and run Linux.  
 😅 

Just had my new employer ask me if I wanted a Windows or a Linux laptop, and it was like,

Wait... is this a trick question? 
 So long as you get to choose your own install.. Right? 
 No, only Ubuntu. 😭 

I don't want to talk about. I'm grieving. 
 It will be fine. 🫂 
 It's great that they offer Linux!  
 I've been using Linux, at home, since like 2005, and tested on a Linux/Windows dual-boot since the 1998 or something, but this will be my first Official Work LinuxOnly Laptop.

I'm happy about that. 
 What a great day! 😁  
 Nostur  
 Why? 
 The increasing follow-concentration is a direct result of their trending list and their preset follow-list for newbies. This was immediately obvious, from the get-go, but they have just left it like that.

Also, whilst the majority of the other devs and relay-managers immediately jumped on the ReplyGuy issue, Primal was lackadaisical. They are often AWOL, and they don't seem to use the relay, web client, or image server, themselves, on a daily basis, so they let the systems atrophy, and fill up with literal garbage, while performance crawls to a halt.

The other devs are eventually annoyed by their own stuff being broken, since they use it regularly themselves, but Primal devs are like vegan butchers. They can legit watch their repos rot for half a year and not give a damn. I've seen a lot, but that takes the cake.

Primal got way too much funding and way too much adoring press, from the get-go. They're front-and-center at the conferences, of course, talking a big game. They be like
https://media.tenor.com/GAPSxsTdaiwAAAAC/valentino-rossi-rossi.gif 
 Seriously? What problems is primal causing?  
 I guess that makes me one of the salvaged users since I only used primal for a few days before I turned to amethyst.

Thank you! I just took a look at this. Wow! Primal is well-funded. I can't deny that. But... it's becoming exactly what it promised not to. I actually just un-installed it.

Lol we don't really need a Bitcoin advertisement platform. Companies like Blackrock and Fidelity are doing all that for us.  
 @Silberengel there’s valid criticism of any app. Primal is no exception. 

What is the point of kicking Primal for using a FOSS dependency, and fixing an exploit quickly? 
 Why did the devs from other apps have to figure this out and report it to us? Where are their devs? Where are they ever?

Where did they dig up this library? Why were they using it?

Why have they left that repo to rot for 6 months?

Also, they've been like this, from the beginning. I'm incredibly underwhelmed by the entire project. I've always encouraged people to switch to a different kind 01 client, as soon as possible, and I bet that those that switch early, are more likely to stick around. 
 @Silberengel one of nostr’s strengths is folk outside the app devs figuring out bugs, and sharing this one with the app devs one way or another. 

I don’t think I’ll change your view on Primal. 

Fixing a bug reported from outside the team quickly is a good thing. 
 Yes, but I expect them to then be upfront about what happened and _immediately_ investigate it themselves, and openly self-report with their biggest npub.
They should be aggressively transparent.

Yeah, don't bother trying to change my mind on Primal. Waste of your time. 
 nostr:nevent1qqs2h2ry87lt73kypkppjxh73xke6e73xqay4sqzzx0ak7lfxuv028cpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygr46ys5rgu3n9xyqcjsru24ct35usdgc08ehmu7f47jnqjngkx3ugpsgqqqqqqsaqjqhe 
 You mean "most fleeced?" 
 Other than keeping Primal users from experiencing ALL of nostr inc the "other stuff"?
https://media2.giphy.com/media/IkBMOwZ44Ug7GxNuQx/200.gif 
 I feel about Primal, the same way I felt about Mutinity Wallet.

Countdown läuft... 
 How did you feel about Mutiny Wallet? 
 CEO had a terrible attitude and I told him that he wasn't going to last long and he didn't. 
 I see. Looks like it's not around anymore too. 
 It does seem that way. If you had to make an educated guess, what percentage of total nostr users do you believe use primal as their primary client?  
 I suspect that it's a majority of those onboarding, lately, unfortunately, but we manage to salvage some of them and get them to other clients.

This is one of their VC boards, FYI.
https://ten31.vc/team 
 I suspect a lot of the problems Nostr has been having are a direct result of people onboarding through Primal, but it won't let up until Primal finally goes away or completely reforms. 
 Kind of ironic, isn't it? Bitcoin and freedom advocates scaring away bitcoiners from freedom tech😅. 
 https://image.nostr.build/3d12aa572321505e4a78099dc1bc0b3935f6fbd231bd73e0b3069767257bb35f.jpg 
 Primal: the best funded shitcoin on nostr.  
 
nostr:nevent1qqspx2kn0zvk6ccfpfvkp4w4cptcgdxsg9eahvc7ltz6zzh44r5dwkcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qgnwpctdec0aa00hfy4lvadftu08ccs9677mr73h9ddv2zvw8fu9sxpqqqqqqzk2vefy 
 
nostr:nevent1qqspx2kn0zvk6ccfpfvkp4w4cptcgdxsg9eahvc7ltz6zzh44r5dwkcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qgnwpctdec0aa00hfy4lvadftu08ccs9677mr73h9ddv2zvw8fu9sxpqqqqqqzk2vefy 
 I won't say anything because I'm sat next to a window 😁 
 Making Nostr all about Bitcoin seems to have sucked in a bunch of grifters and finance-suits-in-hoodies, and it's turned newcomer's microblogging feeds into a cheesy, discount-version of Bitcoin Twitter.

Nostr has zaps, but zaps aren't the reason Nostr exists. Nostr predates the zap. Nostr has its own agenda. The real Nostr devs care about Nostr, for its own sake, and not just as a place to spend Bitcoin.

This note is signed with my private key and published to the relay on my laptop. GFY.

nostr:nevent1qvzqqqqqqypzqaw3y9q68yvef3qxy5qlz4wzud8yr2xre7d7l8jd055cy569350zqytkummnw3ez66tyvgaz7tmrv93ksefdwfjkccteqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcqypa39d2hcm8rpehgre683zrv3r42lkat0vndaz85f90kzuukr5cx7g5eqfw 
 100% and GFY

Cool, yeah bitcoin, got it. But like lets to other normal social and business things here too, it's why were here. I don't want any other platform. 

I also have no idea what Bitcoin Twitter was, but the reason it's call Bitcoin-Twitter is kind of gross imo.  
 to be fair, nostr uses taproot cryptography, and bech32 encoding

not sure why it didn't use JSONRPC2 like Bitcoin P2P network tho

i think fiatjaf thought it would be clever to do something super minimalistic and full of implicit semantics 
 Bitcoin is life 
 The GFY was a nice touch. 
 Umm.... okay here i have to disagree with you. I would not spend half as much time on nostr if it weren't for the doors that open and limitless possibilities with lightning 
 GM GFY 
 I've thought this for a while. It's especially true since many people don't understand that they aren't locked into "an app."  
 Yes. 
nostr:nevent1qqsfgl0n4eqc7vj8drxhzp9ytypksfxndst0xpyyc0favtauqjj5cfcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqz03j2cg 
 What do you recommend for MacOS? 
 do you use web clients?
i like to use:
https://nostter.app
https://nostrudel.ninja
https://habla.news
https://www.yakihonne.com 
 Thank you I’ll take a look 
 Stop being an idiot and run Linux.  
 😅 

Just had my new employer ask me if I wanted a Windows or a Linux laptop, and it was like,

Wait... is this a trick question? 
 So long as you get to choose your own install.. Right? 
 No, only Ubuntu. 😭 

I don't want to talk about. I'm grieving. 
 It will be fine. 🫂 
 It's great that they offer Linux!  
 I've been using Linux, at home, since like 2005, and tested on a Linux/Windows dual-boot since the 1998 or something, but this will be my first Official Work LinuxOnly Laptop.

I'm happy about that. 
 What a great day! 😁  
 Nostur  
 Why? 
 The increasing follow-concentration is a direct result of their trending list and their preset follow-list for newbies. This was immediately obvious, from the get-go, but they have just left it like that.

Also, whilst the majority of the other devs and relay-managers immediately jumped on the ReplyGuy issue, Primal was lackadaisical. They are often AWOL, and they don't seem to use the relay, web client, or image server, themselves, on a daily basis, so they let the systems atrophy, and fill up with literal garbage, while performance crawls to a halt.

The other devs are eventually annoyed by their own stuff being broken, since they use it regularly themselves, but Primal devs are like vegan butchers. They can legit watch their repos rot for half a year and not give a damn. I've seen a lot, but that takes the cake.

Primal got way too much funding and way too much adoring press, from the get-go. They're front-and-center at the conferences, of course, talking a big game. They be like
https://media.tenor.com/GAPSxsTdaiwAAAAC/valentino-rossi-rossi.gif 
 Seriously? What problems is primal causing?  
 I guess that makes me one of the salvaged users since I only used primal for a few days before I turned to amethyst.

Thank you! I just took a look at this. Wow! Primal is well-funded. I can't deny that. But... it's becoming exactly what it promised not to. I actually just un-installed it.

Lol we don't really need a Bitcoin advertisement platform. Companies like Blackrock and Fidelity are doing all that for us.  
 Oh wow! I missed that. That sounds very hypocritical. And I agree—I've said it time and time again—if Nostr is only for Bitcoiners, it's dead in the water. But deceptive marketing is not the way. Thanks for the heads up! 
 
nostr:nevent1qqsg7htxj8sqcglsfp8ltmnn9stn9g2xrujry6c7yd8qks8kt6576vcprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzutuj9w 
 I say let the poor marketing continue. Could be a great way to help them dig their own grave🤷‍♂️. 
 More people need to know. 
nostr:nevent1qqsqt8fa2lwj7uz4876fd52nkmqsfz6nmxwyd99ljvy7zltm76wywxqprdmhxue69uhhw6r9v96zu6rpwpc8jarpwejhym3wvdhj7q3ql5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqsxpqqqqqqzt2c0dm 
 Why did the devs from other apps have to figure this out and report it to us? Where are their devs? Where are they ever?

Where did they dig up this library? Why were they using it?

Why have they left that repo to rot for 6 months?

Also, they've been like this, from the beginning. I'm incredibly underwhelmed by the entire project. I've always encouraged people to switch to a different kind 01 client, as soon as possible, and I bet that those that switch early, are more likely to stick around. 
 @Silberengel one of nostr’s strengths is folk outside the app devs figuring out bugs, and sharing this one with the app devs one way or another. 

I don’t think I’ll change your view on Primal. 

Fixing a bug reported from outside the team quickly is a good thing. 
 Yes, but I expect them to then be upfront about what happened and _immediately_ investigate it themselves, and openly self-report with their biggest npub.
They should be aggressively transparent.

Yeah, don't bother trying to change my mind on Primal. Waste of your time. 
 nostr:nevent1qqs2h2ry87lt73kypkppjxh73xke6e73xqay4sqzzx0ak7lfxuv028cpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygr46ys5rgu3n9xyqcjsru24ct35usdgc08ehmu7f47jnqjngkx3ugpsgqqqqqqsaqjqhe