I don't agree, for many reasons:
- It would be extremely confusing for newcomers to use a random app to enable other apps
- A signer already requires a quite complex UI, it's not so easy to include it elsewhere keeping a good UX
- A signer should have a minimal codebase to permits an effective code review and minimize bugs that can impact on security
Your first point is what we already do! We tell someone to download Primal, for example, and then we say oh way go to GitHub and download Amber, a random app, to sign into Primal.
We could solve all of this if Primal was the signer!
This is essentially what Damus is going to do with Notedeck! If it's good enough for nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpz3mhxw309aex2mrp0yhx5c34x5hxxmmd9uqsuamnwvaz7tmwdaejumr0dshszythwden5te0dehhxarj9ekxzmny9u0ljp2l to rally behind, then it's probably good enough for others to consider it.
Your second, point I also don't agree with because this can easily be hidden away in advanced settings.
I do agree with your last and final point though. However, I would concede to code reviewer's approvals.
Amber is not a random app, it is a really specialized app,, a signer, with a specific goal. Since there will be few signers, onboarding guides will be quite similar and easy to understand. This would not happen if every app acts also as a signer.
I suspect that in your actual vision this app would not be random (Primal, Damous, ...) - this would simplify things for sure - but it would also create a dangerous centralized "super app" .
You cannot simply hide in advance setting the complexity of a signer, you need approval flows, kind preferences, easy revocation, etc.
It's not only a code review matter, that by the way cannot be effectively applied to a large pool of apps, it's a universal best practice that said that sensitive code should be isolated as much as possible to reduce bugs and the attack surface.
Finally, I think signers will become an advanced tool for "power users", newcomers will largely use (frost) bunkers created by an "my Nostr profile" app. See Nstart.me and the upcoming companion service.
Amber is a random app to new users. You have to install it from GitHub or you have to install another random app to install Amber. Your average user will not use it. It's an advanced tool no matter how you try to spin it. If it wasn't advanced, every single Android user that exists on Nostr would already use Amber.
Sorry man, but your Nstart falls into this exact category too. It's a random website, (a website!) that a native app user has to visit to go through steps that they've never used either. Your website might have a pretty onboarding flow, but it's incredibly advanced compared to what users use today. It's why I have never once recommended it to anyone that I've onboarded.
A companion app is perhaps the way to go with Nstart, depending what this means, though I still suspect no one will use it unless it's baked into their day to day application. Otherwise it's DoA like everything else.
On-boarding and key usage needs to be roll your face across the keyboard easy or Nostr will always be for the tech savvy and the ultra early adopter.
I totally agree that we need to improve the onboarding, but I simply don't think that embedding a signer everywhere is the solution.
The most likely scenario is that the user will log in using any recommended client, then as soon as they want to explore the ecosystem, they will discover that pasting the nsec everywhere is not sane and will therefore download a “profile manager” (or signer) to manage the different accesses.
Of course, they can also start with the latter app, provided they are properly informed from the very beginning.
PS: for "companion service" I mean something that will allow existentnpubs to create FROST bunkers.
PSS: a website, apart from having a larger attack surface, is more immediately accessible, on every platform, and can be more easily assessed in terms of reliability (through domain).
using a third party application or website to do this is just not something your average person is going to do.
the other stuff of nostr, things that are vastly websites, are barely used today. most people don't want to use extensions and signers. and many don't want to leave their current app.
for example, people stopped using nostr nests because i required them to sign in to nostr. it was too difficult to use an extension or a bunker. many people just do not use them or understand them. that blew my mind. and that's experienced users!
explaining this to new users when onboarding them is even worse! telling them about the other stuff and how they shouldn't enter their nsec, that they need a third party application, it's literally a death sentence. i see it in their faces. they think it's cool, but in practice, it's too new and too difficult.
referring to a dedicated application as a profile manager application is a nice touch. it should manage the user's profile and the user's profile permissions to sign events. and from there the application should recommmend other applications to use.
but im telling you, telling someone to go download a profile manager to continue exploring the ecosystem is part of the issue we have today with extensions and bunkers.
This is a real challenge. And there will always be ‘levels’ of users based on experience, comfort, and security. I would love to see a simple hardware token, such as Yubikey support nsec via nfc. The masses are just now getting used to 2FA and a HW dongle would be user friendly.
People have gotten used to 2FA apps, password managers, hardware tokens and Passkeys; friction is always an issue, but I suppose they can also accept using a “profile center” if they are truly motivated by the quality and benefits of the services.
It's not that different from Bitcoin, if you think about it.
But you certainly have more experience than me at onboarding people, so I don't know what else to say, let's see how the situation evolves 🤞
That's a fair point that some people are already used to interacting with a secondary app for sign-in. Though, many people still get their MFA codes via SMS and for those that have migrated to other methods, copying some numbers and pasting them from an app that has all of your accounts is still very much different and much easier than a dedicated app for Nostr for signing a wide variety of transfers transactions. If it were as simple as MFA codes, you and I wouldn't be having this conversation.
It's very similar to Bitcoin except people rarely send or sign a Bitcoin transaction. Most people just HODL. We're asking people to do this potentially 1000 times a day unless they go with the fully trusted method. While similar, it's still something most don't do. Remember, we're always preaching for people to remove their coins from exchanges because that's where many people keep them.
I'm not saying I know best when it comes to users and what they want, I'm just speaking from experience onboarding and educating them over the last 3 years. I may not know best, but I have a good idea on their pain points and struggles and I have a good idea on what needs to be fixed and improved to alleviate those.
My goal is to take these experiences and issues and turn them into people that are able to do what they do best. Solve complex problems. Then the feedback loop should continue and these solutions should be discussed to make sure that they're still not too complicated or going to cause more problems or not solve anything at all by pushing the issue into the next bottleneck.
Using App A to sign into App B doesn't scale on iOS. It's all hacks that fall apart once Apple takes a look.
And if the goal is to help out normies but it doesn't scale on iOS then consider that goal thwarted.
> It would be extremely confusing for newcomers to use a random app to enable other apps
Not everything must be designed for newcomers.
Newcomers could still use the existing methods.
