Nostr Web Client

At the moment, I don’t have plans to integrate an ecash wallet. I don’t think it’s particularly safe.

For example, I could release a DM app that secretly asks users to sign transfer events, and I could steal their funds with very little effort. In today’s DM apps, users already have to approve a lot of encryption/decryption operations just to make things work, so they’re basically forced to approve everything.

In your demo video, the feature that interested me the most was using AI to generate images directly inside the editor, it looks extremely useful.

lemon 3w ago

Credit goes to nostr:nprofile1qqsph3c2q9yt8uckmgelu0yf7glruudvfluesqn7cuftjpwdynm2gygpp4mhxue69uhhjctzw5hx6egpp4mhxue69uhkummn9ekx7mqkdk3r2 for the image generator

Could you elaborate on the wallet security?

If I’m understanding correctly: current DM implementations require frequent prompts from signers so users typically accept nip44 decryption by default/trust the site. Therefore a bad actor could leverage this for to take advantage of nip61 nutzaps?

Reply to this note

Please Login to reply.

Discussion

Cody 3w ago

Your understanding is the same as mine. Of course, I might also be mistaken, since I haven’t looked very closely at NIP-61.

If my understanding is correct, this problem doesn’t only exist in DM apps. In reality, many users completely trust the nostr clients they use, it’s just more obvious in DM apps in particular. That’s why I’m not very supportive of using nostr private keys to manage wallets.

HoloKat 3w ago

Same reason I don’t want built in wallets. As soon as you do it - everyone’s money is your responsibility. And I only vibe code - a big nope for handling money.