Oddbean new post about | logout
franzap | 9 months ago (raw) | export | reply | flag +34 
 Fascinating conversation about software integrity verification on the latest bitcoin.review pod

There is a huge issue with phishing specifically with apps like @craigraw's Sparrow Wallet.
 @ODELL suggested adding a known set of hashes in a trusted place and enforcing TOFU (trust on first use: all versions have the same signer) to Sparrow which would help mitigate attacks during updates.

Shout out to @PABLOF7z for bringing up zap.store in the conversation! I'm building it to fix this exact problem:  verifying packages stored anywhere using webs of trust. Trust is inherently social so the nostr social graph is a perfect fit.

And agree with @NVK that current app stores do serve a purpose, curation and reputation will always be important, but having a free market for it is just as important.

For those interested I wrote about this topic at length:  https://stacker.news/items/404908
franzap | 9 months ago (raw) | root | parent | reply | flag 
  @SimplifiedPrivacy.com Podcast here are some thoughts on the problem
SimplifiedPrivacy.com Podcast | 9 months ago (raw) | root | parent | reply | flag 
 Thanks for sharing.
Yeah trust on first use is certainty better than the current system.  Developers for Bitcoin can be signing with Nostr keys and then the general public can check via the official channels.