Practice safe nsecs, don't raw dog it into any apps. Use a signing extension. Nos2x, amber etc.
If you did this with coracle, my take is probably nothing will happen, but you can't use that nsec to store any kind of nutsack/ecash anymore.
I do applaud nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz3mhxue69uhhyetvv9ujuerpd46hxtnfduq35amnwvaz7tmjv4kxz7fwwajhxar9wfhxyarr9e3k7mgprdmhxue69uhksmmyd33x7epwvdhhyctrd3jjuar0dak8x6lmt90 for doing the right thing and disclosing, this is a major mistake and a devs worst nightmare. But it's also a user mistake to just paste your nsec into websites. This won't be the last time a security flaw will be discovered.
Is there a recommended signing extension for iOS or should I throw this phone into the ocean immediately?
I mean, you should throw any iPhone in the ocean immediately. š
I know it exists, there is a signing app analogous to amber for iOS. But it's not the ecosystem I'm in, so I'm forgetting the name right now and it's making it hard to find.
Yes, throw that "spyPhone" into the ocean immediately!
#grapheneOS then is your next step...
I might send a junior associate to buy an unlocked cell for me in cash. lol
Iām using nsec.app, but yeah switching to pixel in the near future is my next project.
Nostore is an iOS signing extension
How safe are even signing extensions really? Would you trust an extension to guard a bitcoin key of any value, for example?... or is this in the context reasonable safety is on a spectrum?
I wouldn't trust an extension to guard any substantial amount of money, no
But they are much safer than websites because they run locally and you can build from source yourself, websites you can't know exactly what code is running
If someone intercepts nsec they can read all messages without detection, right?
Apps probably shouldn't allow users to sign in with nsecs these days. Just creates extra work for the app builder imo. Is there any benefit, besides user convenience?
Oddbean new post about login | logout 