Oddbean new post about | logout
Lux | 15 hours ago (raw) | export | reply | flag +2 
 How soon until we see a malicious #nostr app/browser extension? As it saves the nsec/npub to local storage it also sends it to the dev's api. 

Or, a stored xss on a fav web client that has visitors blast spam kind 1 notes without them knowing as they have their signer set to always authorize.

I wouldn't doubt these scenarios will eventually occur if/as nostr grows. Stay vigilant.
TheGrinder | 15 hours ago (raw) | root | parent | reply | flag 
 soon enough. But we'll probably see some fake apps and browser apps first stealing the identity of those who paste their private keys into webforms.
Sync | 15 hours ago (raw) | root | parent | reply | flag 
 Especially with a DM saying hey somebody send E-cash login to redeem 😆
aivii | 15 hours ago (raw) | root | parent | reply | flag 
 Don't sign in to anything thst doesn't allow to use Amber.
vinney | opfn.co | 13 hours ago (raw) | root | parent | reply | flag 
 They are all but guaranteed to occur. If they don't, Nostr is irrelevant.