Oddbean new post about | logout
shocknet_justin | 1 years ago (raw) | root | parent | reply | flag +3 
 The tradeoff though is that now the browser extension has access to your entire browser storage, and the nostr key which is irrevocable is technically theirs.

Something like nsecBunker but more protocolized should remedy this.
Derek Ross | 1 years ago (raw) | root | parent | reply | flag +1 
 how is it technically theirs? you store it client side. it doesn't go to their servers.

and if you don't trust them, then download the source, compile it yourself, and run the extension yourself.

https://github.com/getAlby/lightning-browser-extension
shocknet_justin | 1 years ago (raw) | root | parent | reply | flag +1 
 Sure if you compile your own extension sure it takes the "them" out of the equation. Otherwise it's still custodial nostr. 

Iirc they do provide backup via email auth? Opting in to that is fine but now the scope is your whole browser. 

And then your still left needing a whole different method on your phone. 

Feeding a nip07 scriptlet with nsecBunker signatures could be a trivial to self host answer.. putting it on the hit list.
TheGuySwann | 1 years ago (raw) | root | parent | reply | flag +3 
 Yeah agree with @Derek Ross, I don't see how the private key is in anyway theirs because I'm using an extension they wrote to locally sign stuff. If they added malware that wasn't noticed, then sure, but otherwise its no different than the bitcoin developers having my bitcoin keys because I'm keeping them available in my Bitcoin Core wallet.

But obviously the relevant attack surface of a browser extension is much worse. I agree however, nsecbunker that is available in an easy, nearly no setup method would be near the pinnacle of this design, imo.
Donask_1 | 1 years ago (raw) | root | parent | reply | flag 
 like always on those private stuff. Pay your own server and maintain it ! That the way.