It's possible to build a trustless nsecbunker: a bunker where your private key is not held by the online service provider, but by you in your phone.
Just make an app that receives signing requests via Push Notifications. The bunker server then simply reads new NIP-46 request events from the user's relay and Pushes it to the app. The app wakes up, gets the event and presents an approval screen to the user. After approval, the app sends the NIP-46 response to the client.
The entire permission system would run on your phone.
It would be like a 2-step-auth for every signature. Every like would hit the phone for approval.
Maybe nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5 can turn Amber into that.
Nostr identity is broken and insecure. Kludgy identity solutions bolted on top of nostr will not fix the problems.
ATProtocol has done a far better job with identity. Key recovery without having to burn down and rebuild your network is the most important one for typical users.
Sorry, nostriches. Nostr identity just sucks.
No replies yet.
