Oddbean new post about | logout
 the only way i can see it working is if the remote service you connect to via wireguard and your bunker is running on your machine listening on your wireguard address... then the key is in your possession on your computer and not copied to another machine

there might be other ways to make a tunnel, but i know i can do it this way with wireguard already, it is very easy, i run my relay this way and it makes it internet accessible, i can even put all kinds of subdomains to point at any number of web servers i want to run 
 i could probably even set up a service that deploys all this automatically and all you have to do is install one program which opens the wireguard tunnel and signs for you, on your own device... could easily be made for all platforms too, it's a very small thing

would be a combination VPN/bunker service, so you get VPN protection in the deal 
 Nsec.app stores keys in your device, it's running inside browser service worker which is weken up by a push message if server detects that sw is sleeping and not replying