(how) do I know if my nostr private key is safe on #Alby?
Discussion
Trust me bro 🫂
Verify the code on their repo. 😂
ok, I should clarify: how do I verify without having great readability in any coding language…
You don't.
You trust that other have because the code is open source.
They'd have been called out by now if it was unsecure.
Fair enough. Dumb follow up question: how do I know that what they have in their repo is the code they’re actually deploying?
Verification of the checksums on the binaries.
Not sure how you do that for the browser extensions though. You're trusting the browser app store to verify in that case.