Replying to ca94907f...

The bigger issues are access to encrypted messages, using popular accounts for scams, existing users with big followings not being able to recover them, things like that.

Like imagine if Chrome had some exploit where hackers were able to read the contents of browser extensions under certain conditions, a hacker sat on it for a year and collected the keypairs of Fiatjaf, Gleason, Will, Dorsey, all the big names, and then used them all at once to shill some kind of fake KickFundMe or crypto scam.

You know these dumb niggers would fall for it and you know a lot of the more casual browsers wouldn't move to their new keypair.

NOSTR has a lot going for it but it seems like a security nightmare just waiting to happen.
Avatar
Low Information Voter 11mo ago

I really hope the "big names" are using dedicated clients. Web extensions are convenient and user-friendly (I'm using one now) but the attack surface is comparatively large.

No real getting around that tradeoff, other than encouraging experienced users to try different clients.

Reply to this note

Please Login to reply.

Discussion

ca
ca94907f... 11mo ago

Search your heart.

You know they're not T_T

Avatar
H 11mo ago

I would expect it's much more likely that a client would have a vulnerability that allowed attackers to obtain private keys (this already happened with lume) and if there were a vulnerability in safari, chromium, firefox etc it would be used for a much more valuable target than nostr private keys at which point it would be identified and patched.