Do nostr “accounts” need a back door? It’s all open for everyone anyway? 🤔 

 The Nostr front door 🤣 

 Or do you mean like reading dms without you knowing? 

 Yeah, DM, and I mean they can just leak the key, and you won't have an account anymore. 

 Privacy is dead as of 9-11 never forget 

 At least they can afford to fight the gov’t if they choose.

Can your at home relay afford it? 

 Relay don't have access to your private key. 

 Got it.

Yes. 

 That’s not a valid argument, if you keep it private, it keeps them out anyway. 

 Until they knock down your door 

 I mean they would have to knock on your door, and there would be at least some kind of fight. 

If you give up your nsec, you wouldn't even know, and someone will be reading your DMs. 

 Any opinion on an end to end encrypted solution? So that even the service provider (custodian) can’t decrypt the keys?

I know it’s not perfect but the current ecosystem for managing keys isn’t smooth enough for everyday users and I’m wondering if there are any solutions on the horizon. 

 Every normal Nostr client already has that. E.g. in Amethyst you have private DMs. 

 I mean for key storage of private keys. Thinking of an oauth type flow to log in to various clients without having to copy and paste the private key. 

 Why? To prevent a client leaking the key? Then just "login" with npub, most clients provide this feature. 

 Ima actually thinking about for more normal folks that think in username and password instead of private key and public key. 

Create a way to allow them to give an email as username and set a password. Offer 2FA and a reset password flow. 

Then they can get their npub and/or their nsec so they don’t have to store it themselves

Eventually the hope is that clients support “login with WhateverWeCallIt” so it’ll insert the nsec automatically into the client (and for clients that store it locally, store it locally)

Further down the line I’d imagine it would be a way for folks to set which clients they want to give what access so that we can give people a way to get rid of the annoying NIP 7 pop ups. 

Mostly it is for folks that are less self-custody maxis, but still care about controlling what clients can do with their keys. 

 Well, this sounds like a custodian solution. It destroys the main advantage of nostr - absence of centralised places controlling our profiles. If all the private keys were stored in one "storage", then the government will go to that place (like it goes to facebooks and twitters) and install censorship there.

Also, normies don't use many clients. Install Amethyst and use it. Why to install many clients? If you are a geek kind of user, who is curious about software, I understand that. But it is not a big deal for such kind of users to copy-paste nsec from one app to another. 

 But you can’t post or decrypt DMs with just an npub 

 The vast majority of people here on Nostr get this. The vast majority of the world does not get this. It's why Bitcoin and Nostr have such small amounts of adoption. ZBD is an on ramp, IMO. Just like Coinbase, etc. Eventually you understand this and leave Coinbase with your funds. Coinbase still knows about all of those purchases though. Just like leaving ZBD, they could still have your NSEC. You won't truly be free from either until you go no-KYC and self custody. But you could generate a new NSEC yourself on a new client, just like buying no-KYC from Bisq. It's the same to me. 

 But the only problem is even if I leave them they will still have my keys. 

 that sound like a one night stand without the safety on 🤣 

 Lmfao 🤣🤣 

 especially if the country is based in 'murica. as far as i know, its the only country that extend its law to its citizens & PR beyond its own border and can somehow implicate non citizen that uses its citizen's services even abroad. lol 

 I'm not worried about it.

Y'all worry to much about your nsec.

If you're not doing anything wrong, what have you got to hide?  

 Absolutely. Using a centralized client like ZBD effectively means your nsec could be handed over to the state on demand. 

 I still wonder why some people prefer to use a centralized client?! In the past, with the bird app and other services, we didn't have the option for decentralized option...And now that we have this freedom to use a centralized client 🤦‍♂️🤌 

 Why did ZBD go this route? 

 Because they are scammers. 💯💯 

 @andre helped get the first paid relays on #nostr so I’ll give benefit of the doubt but I don’t understand what the logic is? 

Is it maybe an abstraction so Users can rotate passwords which nostr keypairs don’t allow? 

 They wanted to create a nerfed, walled garden experience. But the really shady thing they did was when you created your account, they provided an option to input an existing nsec or make a new one. Thankfully, I opted to make a new one to try it out. If I had actually given them my npub, they would have held a copy of it on their servers. There is no evidence they’re only storing that locally on the device. 

 Meant to say nsec the second time but you get the point. 

 Is it just a walled chat app for their gamers? 

Not pasting my nsec anywhere, need devs to integrate with keystores so ppl aren’t getting rugged. Rugged users will be bad for adoption.

BTW I love that I can zap for helpful info like this, paying for you to take the time to fill me in. Such a great usecase! 

 Where is the ZBD Nostr account? 

 @ZBD You can see they actually mined theirs. “1earn” 

 Agree. It's the same principle with #bitcoin private key.

What lessons have we learned there? Create, and keep, your private key (hence your nsec) offline.

This means, perhaps, something like a USB-C YubiKey integration for mobile devices. 

But...confirm message signing for every like, boost, zap? Can't do NFC, too insecure. Buometric? Idk. Seems a little bearish for widespread adoption... 

 Nice one