I stopped developing nsecbunker because it had horrible centralizing tendencies which caught me off guard; I launched it as a POC but it started taking off in a way that would have been bad for nostr would it have continue to scale like that. We are now getting a FROST-based bunker that solves the completely custodial, completely ruggable setup in favor of a collaborative-custody of private keys. The difference between a Coinbase and an Unchained or Casa: signers assist in getting you keys but they can't unilaterally sign on your behalf. For the user it *looks* the same, it's as frictionless as Bluesky where the user can choose to ignore all key material, but in the back there is no one single party with access to the entire key which is a massive difference in terms of sovereignty.
Interesting. Looking forward to see it
Very interesting.
big if true
I am still not sure signed data are that necessary or useful, but using FROST + server side signing is great, because even if you don't care about signed data, you don't pay a huge price for it anyways... you still can keep your keys sovereign. nostr:note1n554d40shdrfa6lslcsn8pel4r4msjtmmq6ddny4zhusmmpk8cnqxtv0s5
Idk if it's only me but I hate this shared custody stuff. Teach your users to self custody through good UX. It's not impossible to keep a private key safe. I'm not against personal remote signer's. I just don't like THAT being the way most people are going to interface with nostr. nostr:nevent1qqsf622k6hctk357a0c0ugfnsul636acf9aasdxkej23t7gdasmrufspzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyrafsj7hmweg9ur7zmn6apajdg48hxuskujx53rhrux0ttjcqx84yqcyqqqqqqgdp379q
I’ll support
Really curious about this, how would you setup this to be UX friendly? Where are the user controlled keys are going to reside? I suppose there will need to be a user controlled active signer somewhere no?
The proces on https://join.the-nostr.org/ (just a demo, do not use it) is rather smooth, only that this does not explicitly give you the underlying privatekey, but it is actually stored locally so trivial to add. You 'need' an active signer only if you want to be part of the multisig. Not sure how usefull that actually is, you only reduce the trust a tiny bit. Its still a threshold signature so collution is still possible so at the end of the day you still trust those that you made part of the FROST. So no, you dont need to be an active signer, you just get a bunker link and you are off. If the link gets compromised you can ask the signers to stop signing and create a new FROST based on the same key with the same resulting Npub
so let me get this straight, you hire more nsecbunkers instead of just one? I am not going to pass judgment on that I promise I just want to know what is, and will keep mu opinions to myself this time.
nostr:nevent1qqsvj0cct80na8szr4wj7p2ljc76hqjzggumvg9n2lv6shz6945ltdsprdmhxue69uhhyetvv9ujuumwda68ytnwdsargwfe8yuj7q3qt6jxfqz9hv0lygn9thwndekuahwyxkgvycyscjrtauuw73gd5k7sxpqqqqqqzmja3dw
😅 I am not concerned with collusion because I don't even think I can get a single human being to signup yo multiple services to do just one thing, I can't even convince myself to bother.
I dont follow. What do you mean by 'multiple services'?
Don't you need multiple service providers to hold your keys and sign on your behalf, basically multiple signers, these are services. I can't imagine the UX of asking normal people like myself to sign up to multiple providers and judge who deserves my trust and who don't
Meh. You can just trust an aggrigator directly like on that demo-site, or a nice market place where you select your providers, pay and move on with your day should do it. Judging whom to trust is a problem in so many places/things yet the world still functions.
Me is the wrong attitude if your mission is to make public keys usable for most people. But I don't think I can offer much better alternatives given that key delegation was already rejected in Nostr before. Diversity of experiments are good as well.
Have you been working on the FROST-based bunker already? POC?
Yes there is a POC: https://join.the-nostr.org/ ⚠️Dont actually use this!⚠️
Really good to hear thanks! I’ve had so much trouble trying to use nsecbunker and kept thinking it was my lack of skills 😅
What is the current safest key signing method(s) for clients to use for nsec's? In dummy language for me?