Oddbean new post about | logout
 This app isn't my thing and I've never planned on using it but at the same time I've never thought about setting people up to Rob them and or do more .. 
 Hey, thanks for your thoughts! 🙏 I get it—it’s not something everyone thinks about or even wants to use. But when it comes to Bitcoin, it seems smart to think about safety from all sides. There’s always a chance someone could misuse the app, so staying careful feels important. I appreciate you sharing your perspective!  
 Imo the bigger threat/risk is the honeypot of bitcoiners tied to their Google IDs. They should at LEAST be using nostr for accounts. 
 +1 for Nostr as a sign-in alternative. 
 wouldn't using a proton email + APK achieve the same result? 

why would you want to tie your nostr identity to orange pill app? isn't it safer to keep them separate?  
 No. We need to normalize throwaway identities. Also, have you tried to make a protonmail recently?

Don't make your users need to jump through hoops to try to be anonymous. There's literally zero a reason for it now that NOSTR exists....

Do better!  It's a cool concept, but a terrible implementation as is. 
 There's also a ton of (now unnecessary) friction in needing to create a user + password. You don't need to have a database of accounts anymore. The era of walled gardens is over. 
 It's about defaults. By default, and by your own admission above, you are creating a honey pot of KYCd users. 
 The only thing we require to sign up is an email address, email addresses are not KYC. 

as for the need for walled gardens, we obviously disagree.  
 To be fair, in many cases email addresses are at a minimum 'Light KYC' or let's just more accurately call it personal identifiable information.  Unless you're getting a temporary phone number to verify with, most peoples "private email addresses" are most certainly linked to their identity.

I don't think you understand the concept of nostr login... Your private thing can exist nearly exactly as is, without the need to own the user profiles / account list / social graph of future billionaires using your thing. 
 we don't do passwords.

you should try our product, before passing judgment 😉 
 I've actually paid for it a while back before realizing that I added myself to a honeypot. I'm not lying when I say I'd be a user without the privacy issues.

Maybe it was an email code or something like that I don't remember. 
 Yes we use OTP to login / signup instead of passwords - which are security holes. 

We’re not against adding Nostr as a login method, it just doesn’t seem to be this massive privacy improvement from what we’re currently doing. 
 Would you rejoin OPA if we allowed Nostr login? 
 At least for a few months, I was an early member and there wasn't much activity then. 
 great, we will add nostr login before the end of year 
 It takes no work to create a new npub. You don’t have to give up any personal information at all. That’s powerful. 
 Agreed in theory. In practice most people would use their regular npub to sign up for OPA reducing their opsec. 

Btw, we don’t require any personal information. 
 good point, you can download the APK from our footer website