Oddbean new post about login | logout If these are the worst issues then we have come a long way 😅 https://i.nostr.build/bPAasqEPOUCgySvt.jpg
Someone wrote "The UI of Nostr still kinda sucks" and now I'm not sure what the UI of Nostr is.
The "fake accounts" thing is solved by web of trust, no ?
It is resolved by NIP5 : https://nips.nostr.com/5
Sure but it takes some effort to setup.
If we are talking about how 95% of people use it, then not at all. Many beginner friendly Nostr clients now automatically assigns nip05 address for you. So it kinda failed as a 'verification' mechanism unless you have a well known domain that belongs to you and took the effort to set it up.
One key issue worries me. Could there be a two-key standard (one hot and one cold)? With such approach, if your hot key is hacked (since it’s stored within apps), you could use the cold key (stored in a secure hardware device) to generate a new hot key and somehow invalidate all the posts or actions made since the moment the hacking occurred.
yeah there has been a few proposals on this but I don't think they really took off. it's just not a common problem (yet)
i would love a tapsigner as a second key NFC to my phone (e.g. stuck in the phone protector or smt) and have this 2of2 capability on mobile
the UX I'm moving towards is nsecbunker + confirming signing requests with your apple watch. would be cool af. multisig might be too annoying for every time you want to like a post.
hence the tapsigner fixed in place musig is handled in the back so the user doesn't need to worry you can have a backup tapsigner at home for when you lose the phone and have both keys in an alby extension for desktop and also backing up for phone lost case
ps i would like to not have to 1) have an apple watch - dislike ecosystem, dpmt wear a watch 2) touch my phone to sign for every single message. you may have noted when i post, i post a lot
you wouldn't be required to use an apple watch, I was just thinking of the optimal and least annoying UX for a damus nsecbunker implementation. I guess it could auto-sign, but I personally wouldn't use that. clients are very buggy and nuke contact lists all the time
ps i would like to not have to 1) have an apple watch - dislike ecosystem, dont wear a watch 2) touch my phone to sign for every single message. you may have noted when i post, i post a lot
Look into nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75spzpmhxue69uhnzdps9enrw73wd9hszynhwden5te0wp6hyurvv4cxzeewv4eszynhwden5te0wfjkccte9enrw73wd9hsxv8qkt nsecbunker https://dev.nsecbunker.com
Looks like a todo list :)
Even if all that's the case, it still doesn't "suck". I am thoroughly enjoying myself on this pla..... protocol 💟
It's weird how many "bitcoiners" don't seem to understand public/private key pairs
Also funny that so many of these are being actively worked on right now.
Password reset 😂 what a 🤡
ah, iam not alone with the image problem 😅
For the problems of knowing who DMs who, the NIP-42 could possibly solve this. It would however require its impementation being mandatory for a relay, and require a user to be authenticated towards said relay in order for it to send the DMs back though. And for the wallet that gets hacked, I'd say... Don't use a client that doesn't support an extension to handle the keys (not sure though) ? Or a signer app (Again, not sure if that's the intended purpose, nor if they are widely supported 😅)
