Oddbean new post about | logout
iefan 🕊️ | 1 years ago (raw) | export | reply | flag +30 
 It really makes me uncomfortable having my private key (Nsec) in my clipboard just because I want to set up some extension or native app.

Right now, our login process is extremely dangerous, and I mean, you're just one mistake away, and it's over; you can't do anything about it.

Sooner or later, we have to get this fixed, but for now, it's like we are just waiting for something bad to happen.
alphakamp | 1 years ago (raw) | root | parent | reply | flag 
 It is basically a password you can't change
iefan 🕊️ | 1 years ago (raw) | root | parent | reply | flag 
 And there is also no way to recover. Anonymous accounts will have their identities stolen, and we wouldn't even know.
mainvolume | 1 years ago (raw) | root | parent | reply | flag 
 The flat singing though, embarrassing
alphakamp | 1 years ago (raw) | root | parent | reply | flag 
 If clients had some sort of gpg wrapper🤷 I'm not a dev. You would still have the clipboard problem a least once depending on where or how the key is generated.
Иван | 1 years ago (raw) | root | parent | reply | flag 
 NIP-05 right now partially protects against it.
iefan 🕊️ | 1 years ago (raw) | root | parent | reply | flag 
 If you are using a third-party service for that, it will be tied to your public key. 🤔
alphakamp | 1 years ago (raw) | root | parent | reply | flag +1 
 I really don't want to tie my identity to a domain
iefan 🕊️ | 1 years ago (raw) | root | parent | reply | flag 
 Makes sense 🤔
alphakamp | 1 years ago (raw) | root | parent | reply | flag 
 I've played the domain name wars in the fediverse.  I don't think it's relavant, or needed for this protocol.  You are still seeing my messages without it.  I guess I could see relays blocking users without it at some point though
hodlbod | 1 years ago (raw) | root | parent | reply | flag 
 Nsec bunker is the fix. However, I think nsecbunker w/ nip 05 + password login authorized via OAuth is where we should be aimed
iefan 🕊️ | 1 years ago (raw) | root | parent | reply | flag 
 Nsec bunker seem like a perfect solution, it's really fixes all the problems, we just have to make it cheaper and accessible to everyone.
mainvolume | 1 years ago (raw) | root | parent | reply | flag 
 And that’s an expensive thing to do.

😉
HeyWatchItGuys | 1 years ago (raw) | root | parent | reply | flag 
 I agree.  I'm afraid to copy my private key even to make a backup copy of it.  I hope there will be a better solution soon.
LuisSP | 1 years ago (raw) | root | parent | reply | flag 
 Brazil, recently: a youtuber demonstrating a BTC app read, on-line, a password from a .txt file. 
in the same file, a few lines above, there was... his wallet seedphrase
==> his BTC were stolen on-line, in a few minutes, visible in the same video. 

I did not see it, but that was the tale on twitter
allthemsharks | 1 years ago (raw) | root | parent | reply | flag 
 Yeah, I wonder every time I do it if I’ll have to make a new account.
creediator | 1 years ago (raw) | root | parent | reply | flag 
 @jack is supposed to fix this with the hardware and wallet ☹️
Tess | 1 years ago (raw) | root | parent | reply | flag 
 Thanks for sharing our nsec vulnerability!
darknostr | 1 years ago (raw) | root | parent | reply | flag 
 exactimo!
not a good look for non-techy users onboarding, like how do you even start to tell them how it's done, especially for users of centralized platforms like we all have been. they might as well not take #nostr seriously because of the tons of work to be done (even for techy ones, it's a lot of work)
Deleted Account | 1 years ago (raw) | root | parent | reply | flag 
 Dann sollte man sich die Mühe machen, den NSec einfach einzutippen, anstatt aus Bequemlichkeit die Zwischenablage zu nutzen. Es kann so einfach sein.