Oddbean new post about | logout
 Its one by one as requests come in and you can choose whether to be asked again or not for future requests. Fairly logical, but not the best UX given how nostr event signing, encrypt and decrypt happens at different points asynchronously in response to whats going on. 

Addressing that may be improved if web apps enumerated permissions they want/need up front (and why) and allowed users choice in the same way android and ios app permissions are granted.

As a user, I really dont like arbitrary prompts wanting to decrypt without context. Last thing I'll tolerate is one wanting to deceypt DMs when im not even looking at DMs. So anytime decrypt is requested, context needs given to the user. FWIW, this is why Corny Chat asks the user if they want to decrypt n number of petnames. 
 when i say app enumerating permissions, i mean all the types of things the app could do, even if its not doing it at that time.

reprompting every X time (once a day?week? month? forever?) and ability to revoke/clear such grants would be useful  
 I've been thinking about this, I definitely prefer always having granular control of what is signed and what is not signed on a case-by-case basis, but I am a power user, so will have to see how other people prefer to use it. 
 That is preferable, but if you get pop ups all the time you take an action it leads to notification/confirmation fatigue. Best if it pop ups the first time and asks you for reasonable settings, and if you wanna go super custom then you can do that as well.