Oddbean new post about | logout
The: Daniel⚡️ | 20 days ago (raw) | root | parent | reply | flag +1 
 +1 for Nostr as a sign-in alternative.
melvincarvalho | 20 days ago (raw) | root | parent | reply | flag +1 
 https://nostrcg.github.io/http-schnorr-auth/
orangepillapp | 7 days ago (raw) | root | parent | reply | flag 
 wouldn't using a proton email + APK achieve the same result? 

why would you want to tie your nostr identity to orange pill app? isn't it safer to keep them separate?
HODLBurger | 7 days ago (raw) | root | parent | reply | flag 
 No. We need to normalize throwaway identities. Also, have you tried to make a protonmail recently?

Don't make your users need to jump through hoops to try to be anonymous. There's literally zero a reason for it now that NOSTR exists....

Do better!  It's a cool concept, but a terrible implementation as is.
HODLBurger | 7 days ago (raw) | root | parent | reply | flag 
 There's also a ton of (now unnecessary) friction in needing to create a user + password. You don't need to have a database of accounts anymore. The era of walled gardens is over.
HODLBurger | 7 days ago (raw) | root | parent | reply | flag 
 It's about defaults. By default, and by your own admission above, you are creating a honey pot of KYCd users.
orangepillapp | 7 days ago (raw) | root | parent | reply | flag 
 The only thing we require to sign up is an email address, email addresses are not KYC. 

as for the need for walled gardens, we obviously disagree.
HODLBurger | 7 days ago (raw) | root | parent | reply | flag 
 To be fair, in many cases email addresses are at a minimum 'Light KYC' or let's just more accurately call it personal identifiable information.  Unless you're getting a temporary phone number to verify with, most peoples "private email addresses" are most certainly linked to their identity.

I don't think you understand the concept of nostr login... Your private thing can exist nearly exactly as is, without the need to own the user profiles / account list / social graph of future billionaires using your thing.
orangepillapp | 7 days ago (raw) | root | parent | reply | flag 
 we don't do passwords.

you should try our product, before passing judgment 😉
HODLBurger | 7 days ago (raw) | root | parent | reply | flag 
 I've actually paid for it a while back before realizing that I added myself to a honeypot. I'm not lying when I say I'd be a user without the privacy issues.

Maybe it was an email code or something like that I don't remember.
orangepillapp | 7 days ago (raw) | root | parent | reply | flag 
 Yes we use OTP to login / signup instead of passwords - which are security holes. 

We’re not against adding Nostr as a login method, it just doesn’t seem to be this massive privacy improvement from what we’re currently doing.
orangepillapp | 6 days ago (raw) | root | parent | reply | flag 
 Would you rejoin OPA if we allowed Nostr login?
HODLBurger | 6 days ago (raw) | root | parent | reply | flag 
 At least for a few months, I was an early member and there wasn't much activity then.
orangepillapp | 6 days ago (raw) | root | parent | reply | flag +1 
 great, we will add nostr login before the end of year
The: Daniel⚡️ | 7 days ago (raw) | root | parent | reply | flag 
 It takes no work to create a new npub. You don’t have to give up any personal information at all. That’s powerful.
orangepillapp | 7 days ago (raw) | root | parent | reply | flag 
 Agreed in theory. In practice most people would use their regular npub to sign up for OPA reducing their opsec. 

Btw, we don’t require any personal information.