Oddbean new post about | logout
Braydon Fuller | 20 days ago (raw) | root | parent | reply | flag +1 
 Why have it even as an option?
hodlbod | 20 days ago (raw) | root | parent | reply | flag +1 
 Keys are simple, external 3rd party dependencies aren't (and, as you note, may not be any more secure). It's all about ease of use for non-technical users. But the days of nsec login are numbered, we just need really solid flows for secure custody. nsec.app comes close.
Braydon Fuller | 20 days ago (raw) | root | parent | reply | flag +2 
 Entering a private key into a web app is much less secure than a signer app or extension. However, a signer app still can have its issues, just less.

A few of the issues:
- Phishing attempts from similar looking domains.
- Hot loading code from a remote server, not signed releases from the maintainer.
- Encourages entering nsec somewhat carelessly into more than one web app. It could be entered into a clipboard, which as been another vector of attack.
- Users habits of this type of behavior from passwords on every other web app. Passwords can be reset via email resets, a private key can not be reset. It can thus not communicate the importance of it not leaking, and thus careless backups and storage.

None of that is good for non-technical users.
SimplestBitcoinBook | 20 days ago (raw) | root | parent | reply | flag +2 
 What are your thoughts on https://app.nsecbunker.com/?
hodlbod | 20 days ago (raw) | root | parent | reply | flag +1 
 It's a good start, but ultimately a custodial honeypot. Self-hosted bunkers are much better, but hard for normies. Multisig could be a great way to solve this, I know it's been worked on some.
atyh | 20 days ago (raw) | root | parent | reply | flag +1 
 start establishing the self hosted bunker paradigm now. its going to be necessary for the internet of the future
SimplestBitcoinBook | 20 days ago (raw) | root | parent | reply | flag +3 
 I am guessing two possibilities:
1. The friction to onboard new users would be pretty high as it currently stands, if they have to go and figure out using a key extension.
2. The developer, in this case @hodlbod, would need to trust that the signing extension options are excellent, and have been audited rigorously.
I can imagine that as a developer, if one knows one is acting in good faith, it might be easier to trust oneself and one’s  intentions, than those of others?

Curious to hear thoughts, esp from developers @hodlbod  @jb55  @Vitor Pamplona  @miljan   @Martti Malmi @Kieran @brugeman
hodlbod | 20 days ago (raw) | root | parent | reply | flag 
 Very well put
brugeman | 20 days ago (raw) | root | parent | reply | flag +1 
 Nsec login definitely doesn't make much sense, aside from "bunkers are high friction for now so Damus users should just paste nsec". This will improve as bunkers improve, I will share a significant step forward in this area next week.

Local nsec signup makes total sense - let users start asap but then let them export nsec to a bunker. Nostr-login widget has this option built-in, only works with nsec.app for now but will be proposed as NIP upgrade when we are confident it's good enough.
hodlbod | 20 days ago (raw) | root | parent | reply | flag +1 
 I agree, nsec.app is the smoothest experience I've seen so far. Thinking about seeing if I can integrate it into the onboarding experience in Coracle, friction notwithstanding.
brugeman | 20 days ago (raw) | root | parent | reply | flag 
 Awesome! I'm sure there's a lot to improve there, please let me know if you have ideas or issues.