Ok – I've watched the demo and I played with nsec.app. So nsec.app isn't talking to any backend unless you explicitly tell it to do the cloud sync?

I created an account there and then was able (after a few false starts) to get signed into nostrudel using that key. 

When I tried to use the same nip-05 on my phone, it seemed like it was connecting but never finished the connection and I couldn't log in. So I'm not sure, do I need to logged into nsec.app on my phone too? And in the same browser on my phone?

I also didn't set a password when I created the nsec (wasn't asked) but then when I go to sign into nsec.app on my phone, i am asked for a password so I'm not sure what to do there.

I think the idea sounds like a cool one. E.g. not having a custodial nsecbunker could be a good thing, but the UX here is extremely confusing at the moment.  

 Thanks for trying it!

Nsec.app does talk to a backend - to subscribe and get woken-up when there are pending nip46 calls on a relay. But nsec doesn't leave the device unless "Cloud sync" is enabled. I think I will make the "enter password - get your keys synched" the default flow, advanced users could disable it.

The OAuth flow isn't working well from a new device/browser, that hasn't been handled yet. For now you'd have to log in (through cloud sync) or import key into that other browser manually before connecting to new apps there.

It is confusing, because the app looks like a normal web app that's supposed to work across devices and show the same data, but underneath it's not (yet) like that, because it's non-custodial. But that's all fixable and on the roadmap. 

 Definitely all fixable, but I'd take some time to really think through the user journey here. It's a completely new paradigm so it's going to be hard to grok.  

 Yeah, user journey is hard, especially given that existing nostr users have very different demands compared to noobs that could join through Oauth and have no preconception of how it could/should work. 

 The 'oauth on another device' issue is partially fixed now - if there is another active device/browser that can send authUrl then you'll see login screen first, and if you login it will proceed to asking for confirmation etc. The unresolved case of 'there are no active devices that can send authUrl' stays, will be fixing it differently.