Nostr Web Client

Signer extensions are dead to me. Absolute dead-end for storing keys.

They are the worst security nightmare. They don't exist on mobile. Browsers can't even agree on a spec.

Time to rebuild the web3 promise with NIP-46 and PWA. It's so obvious. It just works.

The age of nostr-RPC interfaces will be glorious.

I am currently using Nostash on iOS, wdym? On desktop nos2x and Alby work just fine for me.

All implementing the same simple API and being pain-free compared to trying to set up a custom bunker (how to ensure uptime?) and adding apps…

One example is hist.nostr.land. It would be simply impractical to use bunkers for an app they will maybe use only once in a while.

Please Login to reply.

Tell me how to get this UX with bunkers:

signing extensions require you to inject arbitrary code into literally every website

you know what I'm talking about

okay so what? I can audit what they are doing

not to mention chrome and firefox have features to click-to-enable extensions on websites

click to approve code injection 😂

alright I am going to cook up a tasty PWA signing flow for you, with a nip-7 bridge for dessert.

if you like it, you can help me make a safari version 😁

but I can audit the code being injected with my own extension build so I don’t care

nsec.app has a decent flow, and I'm going to make it even better

so all users should be beholden to one centralized signing app?

also, one invisible code update can exfiltrate your nsec, and then could be removed. and you wouldn’t know

where I'm going, there won't be an nsec to exfiltrate :-)

but I get your point. I think you can disable updates for installed PWAs (via the service worker)

the service worker will always be updated from the backend

I have done offline installs before, I think you can just keep it local with no remote host.

Both PWAs and extensions can fetch packages dynamically anyway

Looking forwards to seeing where all this goes… 👀

#nostr #memes