Oddbean new post about | logout
Mike Dilger | 8 months ago (raw) | root | parent | reply | flag +2 
 I know everything I say is public, and with nostr that is actually the entire point - to avoid being censored, not to be private.

But yes intel agencies could be hacking us through our sloppily developed nostr software. I mostly just presume they already have access to everything and don't trust computers with true secrets. I use a SeedSigner for the only secret I need to keep secret.

Then I also develop things as secure as I can, just to be the best I can, in the face of difficult odds.
JoeBoonie | 8 months ago (raw) | root | parent | reply | flag +3 
 The should be NOSTR teams that friendly hack each other's apps to find vulnerabilities and report any to the creators.  It would be good practice for the integrity of the protocol.
Mike Dilger | 8 months ago (raw) | root | parent | reply | flag +1 
 Have you met @semisol yet?
JoeBoonie | 8 months ago (raw) | root | parent | reply | flag 
 No but just followed him.
Mike Dilger | 8 months ago (raw) | root | parent | reply | flag 
 He has a habit of demonstrating his points about security and spam and the like so that they can't be ignored and the issues have to get fixed. It is all for the good of nostr of course, but can be a tad annoying when you are working on something else.

There is also a repo where people complain about compatibility issues between nostr apps: https://github.com/nostrability/nostrability

Speaking of, I was about to write a bot that requests connection to people's nsec bunkers to see how many people will authorize their private keys to sign my events, not realizing what is going on. Could be fun!