Are relays going to store encrypted data for you though? It would suck to lose all your passwords.
Context: I'm working on multiple features that rely on storing encrypted data on relays.
Introducing...
Vault - NOSTR Password Manager
A free, open source, and decentralized password manager.
Download extension:
https://chrome.google.com/webstore/detail/vault-password-manager-on/namadahddjnkmjgdnncdlhioopmjiflm
Source code:
https://github.com/jinglescode/nostr-password-manager
-- == --
More info:
Vault utilizes zero-knowledge encryption to safeguard your data while storing it on NOSTR network for enhanced resilience.
Vault saves all your passwords and notes securely by encrypting your data twice; once with your secret key and once with your passcode.
Your data are not stored on any centralized server, but rather on a set of relay servers. This means that it is resilient to attacks and that you are the only one who can access your passwords.
Security experts recommend that you use a different, randomly generated password for every account that you create, and Vault makes this easy. Vault can generate passwords and store them for you, this means that you only need to remember one password, your passcode.
Looking to store and swiftly retrieve your data? Vaults facilitate searchable items, allowing you to effortlessly copy the desired information with a single click.
Vault is free, open source, and decentralized; and will always be.
-- == --
Status and questions:
- Version 1.0.0 approved on Chrome Web Store. Version 1.0.1 is the real version I wanna push to you guys, might have to wait for 24 hours for approval
- Enhanced Safe Browsing? - Apparently for new developers, it generally takes a few months to become trusted.
- Read history? - not really, just that need to read what page you are currently on and paste the URL when you add new items
-- == --
nostr:npub19mduaf5569jx9xz555jcx3v06mvktvtpu0zgk47n4lcpjsz43zzqhj6vzk
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s
nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc
nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6
nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m
nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424
Discussion
https://satellite.earth/cdn charges a ridiculously small price to store your pictures today.
If we have 3 of these providers you can probably pay them all a total of 50 satoshis and they will store your stuff for a million years.
Having them just be content-agnostic Nostr relays makes the integration easier for everybody.
SLAs
As more and more valuable data is ingested by Nostr use cases this will need to happen (and pretty sure will happen organically)
absolutely. i really think we'll see NIP-95 relays at some point as well. specialized relays will become commonplace. your purplepag.es relay is a great example of this too.
It’s in my plan to launch relay just to store this for users. Do you think that would be a good idea that would partially solve this?
I don't think clients should run relays. Not doing so forces clients and relays to come up with an incentive model for the service they're offering. If a client runs a relay for their special purpose, the relay is artificially supported by the client service. If the incentive model for other relays to exist doesn't exist, the client becomes a centralized service with a front end and a database for the majority of users.
Of course, you could run your own to experiment with how such a relay should operate, but an accepted model for relays to accommodate encrypted data needs to emerge.
I have a thought about you saying “storing sensitive data”. I was thinking we can make a specialised relay, open source relay, for storing all sensitive data. So anyone can spin up their own if they like. Otherwise, we can host one or two too.
Yeah, client operators running a particular type of relay for a particular use case is totally fine. I think something like pay per event might work. Keeping a balance might be tricky though if the user wants to stay anonymous (as is common with encrypted data). Maybe a relay could issue a payment key out of band and have the client AUTH with that?
Food for thought.
If you have similar use case, and we can get more hands on deck to design something.
Yes, let's put a pin in it. I want to address this at some point, but don't currently have the time and public relays seem to be ok with encrypted data for the most part. Once they start rejecting encrypted events and it breaks Coracle this will be top of the list.
that's a good question and valid concern. so, we can store them also on our own relay. what about maybe a sync feature where all passwords are stored also in a local database that can be re-broadcasted to different relays in the future? so, if your relays disappear, you aren't screwed because you at least have a locally encrypted copy?
I’m the current code. Encrypted data are stored locally. And IF for some reasons relay you are connected to says “no data” it will NOT override your local data.
See GitHub for implementation.