Oddbean new post about | logout
 I assume this is a good reason to always use signing extensions yes? That would avert issues like this, unless the extension itself was somehow compromised or had a bug, is that right? 
 Yep, remote signers and browser extensions are a great solution for this, and have been around for years now. 
 Perhaps it would make sense to post a list of signing extensions on the login page, and recommend that people use those rather than entering an nsec, or perhaps you already do that? 
 Your last sentence is important--what you're really asking (or assuming) is that we can "trust" the code more in signing extensions (and frankly that may not be the case).

This is one of the weaknesses in the open source community. We all assume that because the code is available to all, it's "good".

But what really happens (in more cases that we might want to admit) is the only "audit" the code receives is from the original developer--I'd even dare to say that most projects out on git hub probably receive very little (if any) code review prior to being released. 
 Yes, I guess I am hoping (!) that the code for a signing extension would be rigorously reviewed.. and even then, I am aware it could have a vulnerability (but any code could have that, so at some point we (esp us non-coders) have to *trust* the code 😅) 
 Well, there's the rub...unless you go in and review the code yourself, you must end up trusting others...

And when someone like  @hodlbod posts "hey, we have an issue" I automatically trust that developer even more.

What I *really* worry about is dishonest projects / developers, and you see it all the time. Someone releases an app on the Play Store that does something nefarious...happens more often that most realize.

And look at all the data breaches out there--those are code mistakes that ARE audited (heavily) and still they happen... 
 I hear you. What do you see as the solution?
I don’t have one, though I do see it is probably a good idea to let new users know that this issue has not been solved, and that they need to be aware that there is a chance their nsec could be compromised.
Of course, that would cause friction too, but my approach with onboarding people to both #bitcoin and #nostr is to remind them that this is all a big experiment, and we are part of it, part of creating the potential for freedom, even as we move into a digital age. 
 Agreed.  Unless you've diligently ensured your nsec has continuously remained isolated from the Internet (which might be nobody), it's prudent to operate as if your nsec has already been compromised. 
 Why have it even as an option? 
 Keys are simple, external 3rd party dependencies aren't (and, as you note, may not be any more secure). It's all about ease of use for non-technical users. But the days of nsec login are numbered, we just need really solid flows for secure custody. nsec.app comes close. 
 Entering a private key into a web app is much less secure than a signer app or extension. However, a signer app still can have its issues, just less.

A few of the issues:
- Phishing attempts from similar looking domains.
- Hot loading code from a remote server, not signed releases from the maintainer.
- Encourages entering nsec somewhat carelessly into more than one web app. It could be entered into a clipboard, which as been another vector of attack.
- Users habits of this type of behavior from passwords on every other web app. Passwords can be reset via email resets, a private key can not be reset. It can thus not communicate the importance of it not leaking, and thus careless backups and storage.

None of that is good for non-technical users. 
 What are your thoughts on https://app.nsecbunker.com/? 
 It's a good start, but ultimately a custodial honeypot. Self-hosted bunkers are much better, but hard for normies. Multisig could be a great way to solve this, I know it's been worked on some. 
 start establishing the self hosted bunker paradigm now. its going to be necessary for the internet of the future 
 I am guessing two possibilities:
1. The friction to onboard new users would be pretty high as it currently stands, if they have to go and figure out using a key extension.
2. The developer, in this case @hodlbod, would need to trust that the signing extension options are excellent, and have been audited rigorously.
I can imagine that as a developer, if one knows one is acting in good faith, it might be easier to trust oneself and one’s  intentions, than those of others?

Curious to hear thoughts, esp from developers @hodlbod  @jb55  @Vitor Pamplona  @miljan   @Martti Malmi @Kieran @brugeman 
 Very well put 
 Nsec login definitely doesn't make much sense, aside from "bunkers are high friction for now so Damus users should just paste nsec". This will improve as bunkers improve, I will share a significant step forward in this area next week.

Local nsec signup makes total sense - let users start asap but then let them export nsec to a bunker. Nostr-login widget has this option built-in, only works with nsec.app for now but will be proposed as NIP upgrade when we are confident it's good enough.
 
 I agree, nsec.app is the smoothest experience I've seen so far. Thinking about seeing if I can integrate it into the onboarding experience in Coracle, friction notwithstanding. 
 Awesome! I'm sure there's a lot to improve there, please let me know if you have ideas or issues. 
 I am guessing two possibilities:
1. The friction to onboard new users would be pretty high as it currently stands, if they have to go and figure out using a key extension.
2. The developer, in this case @hodlbod, would need to trust that the signing extension options are excellent, and have been audited rigorously.
I can imagine that as a developer, if one knows one is acting in good faith, it might be easier to trust oneself and one’s  intentions, than those of others?

Curious to hear thoughts, esp from developers @hodlbod  @jb55  @Vitor Pamplona  @miljan   @Martti Malmi @Kieran @brugeman 
 Very well put 
 Nsec login definitely doesn't make much sense, aside from "bunkers are high friction for now so Damus users should just paste nsec". This will improve as bunkers improve, I will share a significant step forward in this area next week.

Local nsec signup makes total sense - let users start asap but then let them export nsec to a bunker. Nostr-login widget has this option built-in, only works with nsec.app for now but will be proposed as NIP upgrade when we are confident it's good enough.
 
 I agree, nsec.app is the smoothest experience I've seen so far. Thinking about seeing if I can integrate it into the onboarding experience in Coracle, friction notwithstanding. 
 Awesome! I'm sure there's a lot to improve there, please let me know if you have ideas or issues. 
 What are your thoughts on https://app.nsecbunker.com/? 
 It's a good start, but ultimately a custodial honeypot. Self-hosted bunkers are much better, but hard for normies. Multisig could be a great way to solve this, I know it's been worked on some. 
 start establishing the self hosted bunker paradigm now. its going to be necessary for the internet of the future 
 I agree, nsec.app is the smoothest experience I've seen so far. Thinking about seeing if I can integrate it into the onboarding experience in Coracle, friction notwithstanding. 
 Awesome! I'm sure there's a lot to improve there, please let me know if you have ideas or issues.