Oddbean new post about | logout
 Ah I didn't discovered that feature yet!

What also pops up in my mind: from a UX standpoint this feels the same as copy-pasting your nsec in a client which is something we all discourage. How could we explain this to more normie-like Nostr people? 
 I agree, it's the same thing prone to similar issues/errors (copying the nsec and then accidentally pasting it somewhere, etc). We support import of encrypted nsec (nip49), but most apps don't export in that format. If you have any ideas here I'd be happy if you shared them.

One thing I will add to the mix: I think nip46 (Nostr Connect) is missing a standardized "import nsec" flow, i.e. app could generate a key for new user (to reduce onboarding friction) but then if/when user wants to reuse the key in other apps they could choose a provider and app should somehow pass the nsec to the provider, i.e. redirect to provider.com/import/#nsec or something like this. This would mean there is no copy/pasting, and we wouldn't be "training" the user to mess with their keys. 

OTOH maybe this whole "let's hide keys from the user" thing is a mistake and we should instead educate them better etc. But my own experience looking at how non-tech users are trying nostr tells me that people won't read, they will only click big red buttons on the screen and hope for the best. Anything above that causes frustration and anxiety. What's your view here? 
 Reducing friction to signing up and “making the right thing the easy thing” is important. 

If you try to teach users cryptography when they just want to use an app, you’re gonna have a bad time. 
 Reframing the "private key" as a "secret password" is probably along the right lines. Say cryptography to most people and they'll run a mile.  
 I don’t like password, though. The convention is that passwords can be changed, which means people are less careful with them. 
 Yup, passwords often have expectation that they can be reset.

Explaining cryptography isn't needed though to explain that 12 - 24 words should be kept secret and secure. 
 If we do try to educate users then at least we should do this gradually. Forcing someone to learn keys/relays/etc when all they wanted was to post a "like" or write "hello world" makes no sense. There should be a super-easy way to start and get the value user expected, but then a gradual process of explaining why things are the way they are in the context of tasks that users are trying to accomplish. That's probably 100x harder than just snapping a couple explainer screens here and there. 
 I often think of a key which you need to unlock/lock things, like the doors of your home.

But for Nostr it's the signing stuff that needs to be explained / educated in a friendly way. When most people understand why signing data is important, they will understand the encrypt/decrypt easier as well I think. 
 Sure, but if someone steals the key to your house, you just need new locks. If it were #Nostr, you would need a whole new house. 
 Losing your social graph can feel the same for some I think 😮  
 Let me take some time to have some thoughts on this first. As there is no best practice, there are different contexts where multiple solutions could fit.