"If you hesitate to paste your nsec into the app, we totally get it - just use your (or someone else's) npub to log in and look around. However, if you do add your real keys - those are handled by a separate library, stored in an encrypted form and protected by the Android keystore, inaccessible to any JS code, immune to XSS or app-level bugs."
A little nugget from Spring, the nostr browser
How are we feeling about this nugget honestly? I don’t know enough to know exactly how much trust this involves as a user.
Please Login to reply.
Better than localStorage.
Appreciate that, thank you. 🙏🏼
