Oddbean new post about | logout
 What missing documentation do you think should be added to https://docs.soapbox.pub/ditto/ ?

As for custodial login, apart from the UX/freedom concerns I have with it, it's a huge liability on the server owner to store potentially thousands of keys... one breach to the server would permanently compromise potentially thousands of accounts. This would paint a huge target on Ditto servers. Right now Ditto is the most secure piece of complex software I've ever build because there's nothing to hack.

I get that there are issues with the keypair flow. Believe me, it's a big problem in my mind. Adoption is hindered by it. But this is Nostr. Keys are the entire point. We have to convince users that they want to manage their own key.