It's possible to build a trustless nsecbunker: a bunker where your private key is not held by the online service provider, but by you in your phone.
Just make an app that receives signing requests via Push Notifications. The bunker server then simply reads new NIP-46 request events from the user's relay and Pushes it to the app. The app wakes up, gets the event and presents an approval screen to the user. After approval, the app sends the NIP-46 response to the client.
The entire permission system would run on your phone.
It would be like a 2-step-auth for every signature. Every like would hit the phone for approval.
Maybe @greenart7c3 can turn Amber into that.
The push notifications are read/intercepted unless you provide a custom push notification service locally on your phone. Can't you do sharing through a specific identifier between apps?
You can just encrypt the push message. The Push provider cannot see anything. We do that for Amethyst using Google's and Unified Push's API. No one sees anything.
Sure. I'm glad it's considered; that's why I commented. 👍
I setup ntfy a few months back and I can't remember what it's for
Push notifications of the Foss edition of Amethyst.
Off topic, I've installed the obtanium but i already have amethyst installed, should i delete It and install via obtanium or not?
You will have to uninstall if you installed Amethyst from the PlayStore
And this is how you make a decenralized password manager
Seria possível fazer um aparelho offline assinador? Se comunicando por cabo, bluetooth, qrcode, etc?
Sim. É só alguém querer fazer :)
É possível até uma página da web acessar um dispositivo via WebUSB.
admiro seu nível de paranoiakkk
Seems like nostr connect with passwords
With passwords? It's just nostr connect. No need for other passwords.
I thought you said nsecbunker though? Nostr connect wasn’t mentioned in the original post
I get it now. Interesting idea.
Good bye authenticator apps! Hello freedom
Yes, maybe I can turn amber in a nip 46 app too.
And with the local relay app everything stays in the phone
You, sir, are doing the work of the Lord.
Either you do it, or I can use the Push Notification we have for Amethyst to send it to Amber. :)
Nostr identity is broken and insecure. Kludgy identity solutions bolted on top of nostr will not fix the problems.
ATProtocol has done a far better job with identity. Key recovery without having to burn down and rebuild your network is the most important one for typical users.
Sorry, nostriches. Nostr identity just sucks.
I definitely want to do this!
Two step with for every like or other action is a shitty UX.
You can setup your device to auto reply.
I talked about this with will last summer; I would *love* to have something like this, and I think onboarding clients are in a great position to do this.
Ultimately I think the goal should be easy onboarding without locking-in the user into any specific client (would lose the magic of nostr's interoperability!) and without asking the user to jump through a bunch of unknown hoops they are blindly following (if the don't churn)
(is "install this app, copy this secret, put this other secret in this other thing" really non-custodial when the user is basically just executing a bunch of things they don't understand?)
Oddbean new post about login | logout 