Oddbean new post about login | logout @ZBD won't be the only Nostr client to custody keys for users. Even if ZBD plans on allowing users to export their keys at a later date, at some point we will most likely see another Nostr client that won't allow this. They may even clearly state this in their business model. The beauty of Nostr is that it's truly open. That means any client can be built in any shape or fashion that fits their user's needs. The free market will prevail here though, I think. Users will want to try other experiences and advocate for their clients to allow them to do this. And if they don't, those clients may not make it. Freedom and user choice will prevail.
Is there a reason you’re stanning so hard for ZBD? Surely they can defend their own practices. Why are you?
I don't have anything else to do at the moment and I wish for people to hold everyone to the same standards.
The pitchforks are already out. What other clients are doing this?
Plenty of clients don't support all features of Nostr. Did you know that Damus doesn't support GiftWrapped messages, Communities, and plenty of other NIPs!? Damus doesn't support exporting your NSEC though.
Can you sign into Damus with a nsec from another client?
Yes. They never lock down your account.
Yep. You can. People do it every day!
Damus absolutely does.
Does** typo
I kinda assumed freedom to change clients was already the standard.
It generally has been. I remember saying back in January that some day we could see Twitter add Nostr support. They'd generate an npub for every user and they'd just be using Nostr and not even know it. They'd custody keys and manage them on the backend. We're actually seeing that scenario now. My bad for putting that out into the ether, I guess. 🤣🤣 But seriously, of Nostr and open and people can do what they want, them a client treating exporting their nsec as a feature should be okay too. Not all clients will be exactly the same. Not all clients will be for everyone.
What you’re describing is more like mostr.pub where fediverse users are writing events with nsecs tied to their Mastodon accounts. I don’t know much about how that works though, but I’m pretty sure @Alex Gleason isn’t sitting on a pile of nsecs.
I highly doubt he's personally messaging everyone on Mastodon and providing them with their NSEC 🤣
No, they can’t login using it either but I think nobody has the nsec as it’s probably generated cryptographically and never stored anywhere. Someone correct me if I’m wrong please.
Twitter could and I hope does exactly this. Then I will charge Elon 10 BTC for the idea and send it all to Nostr devs.
Twitter would probably not do this because then it would have to support an open standard where they can’t police the content.
Oh they absolutely could. They could run their own relay and indexing service and control all content which goes in and out. It wouldn't be a vanilla experience, but it's how they would probably integrate Nostr.
But if an X user’s note ends up stored on a relay that doesn’t support delete, it’s stuck out there in the wild.
That's something they'll have to come to terms with and give users a choice to opt-in. I assume it will a check box. "Participate in Nostr: your Tweets will be sent to Nostr. Please note that doing so, your Tweets on Nostr may not be able to be deleted from all Nostr servers."
I don’t see it happening under the current regime.
Well said. ZBD is the equivalent of wrapped Bitcoin or Grayscale.
You get me. 🫂
🫂 I still don’t get ZBD. 🤣
I do and I don't. I do, because not all users and businesses are the same. I don't, because apparently I'm in the camp that doesn't play with their camp because I can't use the client yet.
Exclusion builds resistance.
The only difference is you can't unwrap them in case of nostr, you are trusting them for forever.
Great point. Was throwing gum at the wall for analogies. Never fuxd with wrapped Btc so didn’t know that.
Forever is a long time. They said exporting is coming.
How do you know they will not keep it in their servers? It's like me saying, send me your key I will delete it later.
That's a great follow up question that I didn't ask them when originally inquiring about NSEC management. @theoriginalbhd will you be able to delete your NSEC from ZBD custody once you export it? And will it be purged from backups? Or once ZBD has your NSEC, will it always have a record of your generated NSEC?
Cringe 😬
I'm glad we're on the same page. Your cringe worthy notes are the whole reason I started talking about ZBD tonight.
It is an open protocol. What is so hard for people to understand that means in can be used against your cause? There will be several custodial Nostr clients, it’s only a matter of time. They may unfortunately be even be more popular than non-custodial someday. The key is to make the experience better on non-custodial apps than on the custodial apps. Email works better custodial, web hosting works better custodial, there is another chance to overcome those two issues and more with making Nostr better as non-custodial. That will be possible when we acknowledge the serious user experience issues with non-custodial and work to constantly make the experience better than custodial. ZBD solves many experience issues for its users and ignoring that is doing us a disservice.
Freedom of choice doesn’t exist for the users who have been captured by a client that violates the spirit of the protocol. We should not be celebrating them.
Everyone starts somewhere.
And for some that’s where it ends.
Beware of @ZBD! Your NSEC is in danger. The very idea of #Nostr is in danger. Don't give the ownership of your nsec to a client. nostr:nevent1qqspmcmf8txh94gy86fl6yjk4ahkq6ytf05s7crvg0tv8xju3alp83spzdmhxue69uhk7enxvd5xz6tw9ec82c30qgsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqrqsqqqqqpd9f4rp
It's a feature to them. They said they're going to add it or did you not see @theoriginalbhd mention this numerous times?
Have you told Vitor and Holdbod your highly interesting take on them?
I am going to send you a bunch of GiftWrapped DMs.
So you're okay for one client to do this, but not okay for another client to do it? Yikes.
Nostr key custody should be a test bed for bitcoin key management. Anything unique outside of “we just hold the keys”? What’s the trade off gained technically?
Nostr key custody should be a test bed for bitcoin key management. Anything unique outside of “we just hold the keys”? What’s the trade off gained technically?
Oh I understand it. I just like pushing your buttons. Remember when you said that clients could post for you if they managed your keys... How is that different here? Alex could fake a post and we'd never know unless we went and looked on Mastodon to confirm it. That's a lot of work that 99% of people aren't going to do, because we're trying Alex. Your move.
How many clients do this now?