Question for #[0] #[1] #[2]
Seems trivial for a bad actor to skim/phish private keys at the application level then own your Nostr identity. What am I missing here?
Discussion
Web apps are easier to hack than native apps, but you can improve security by keeping your key in a browser extension like getalby.com.
Still, even the browser extension or native app could steal your key. We need some way to mark keys as compromised or expired, and add new keys to your identity.
This applies to your private messages as well that are even now not too private due to meta data publicity.