As users who keep our entire digital lives on a single nsec, this is sobering.
Hopefully most of us have been signing web clients using a browser extension, but for any standalone apps where the only option we have is to paste our key, the best we can do is pray there is no malicious or buggy code that will compromise us.
It’s past time we had a way to fix this, or anyone who thinks this experiment in open source decentralized communication will succeed is fooling themselves. nostr:note1x953gmpz6nwhtm5ys6hadgtre90xx9t8984hdj5nkzud93rq36nsuf0saj
Pasting nsecs inside Clients is crazy. And signer apps should not have permissions to use the Internet.
You paste nsecs into Amethyst.
Yep. Users are free to take the risk. The recommended approach is to use Amber.
Since it’s that risky, it probably shouldn’t be permitted at all, and users should be required to use a local signer. This is essentially the biggest design flaw that exists.
Tried multiple times already. But just look at the replies here nostr:nevent1qqszee98s53cn9ml7cxcuaslmzlx87usq98wd6nedygs8g4ylklej8qpz3mhxw309akx7cmpd35x7um58g6rsd3e9upzq3svyhng9ld8sv44950j957j9vchdktj7cxumsep9mvvjthc2pjuqvzqqqqqqykp88um
I know. This stuff is not user-friendly, which is why Blueksy has millions of users and people here are salty about adoption rates.
Key security is not the reason they have millions of "account creations" (not users).
I think it plays a big part. It’s easy to set up a nsec. It’s nearly impossible to expect people to secure them properly.
everyone is starting out with the wrong premises. nostr's strength was never about beating legacy social media at its own game. here, we can create a conversation space where digital life is not centralized around a single key, anonymity is the norm, and follows don't exist.
join me in Corny Chat today to get a glimpse of what this future looks like
In for ojene would very much have thanked you if that button hadbeen there earlier when I installed Amethyst and found myself having to copypaste my nsec. That felt really icky.
I think we should bite the bullet and figure out how to make it work
Yeah, I think on Android it will be about zap.store and figuring out how to recommend signer apps without knowing how the user will install them (PlayStore/Zap.Store/F-droid/Aurora/Obtainium/Apk, etc)
yes its time for good offline signers like #seedsigner for bitcoin !
Signers need to connect to relays in most cases
Only on nip46 cases. The rest is managed via local API like amber does. You can use the offline version that exists today.
Frankly, I think we need to be careful even about giving the wrong impression that browser extensions will ultimately be a sufficient 'fix' to securing our entire digital lives. Messaging ought to be that nsecs are inherently insecure ATM. Do your best to minimize its exposure; but, treat your current Nostr profile as an experiment you will likely eventually abandon for a secure one.
this is not the way to use nostr
the choice is clear: build the walls of our own digital prison with your entire digital life on a single key, or build a thriving digital city in cyberspace by protecting anonymity
nostr:nevent1qvzqqqqqqypzpmnw5yatnljuff5w47d35d87q99xddqpzlzsac4xzn6vm22ekmn5qqsgvdyqhqp82qesx9ccgc8ka9ju483fkk7ct99uqw948m8sw2a9kdggaqvdu
nostr:nevent1qvzqqqqqqypzqqm9x092su3hd9rdfe8aafxp5pzpak3cegkem9qhhvmqqm96406cqythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9uqzp8tc6gutu6l4kdgtm63jqq7x076wv6fr8x36m86q354m5adsrdq4y8x3wq
Oddbean new post about login | logout