Nostr Web Client

At the moment, I don’t have plans to integrate an ecash wallet. I don’t think it’s particularly safe.

For example, I could release a DM app that secretly asks users to sign transfer events, and I could steal their funds with very little effort. In today’s DM apps, users already have to approve a lot of encryption/decryption operations just to make things work, so they’re basically forced to approve everything.

In your demo video, the feature that interested me the most was using AI to generate images directly inside the editor, it looks extremely useful.

lemon 3w ago 💬 1

Credit goes to nostr:npub1r0rs5q2gk0e3dk3nlc7gnu378ec6cnlenqp8a3cjhyzu6f8k5sgs4sq9ac for the image generator

Could you elaborate on the wallet security?

If I’m understanding correctly: current DM implementations require frequent prompts from signers so users typically accept nip44 decryption by default/trust the site. Therefore a bad actor could leverage this for to take advantage of nip61 nutzaps?

Reply to this note

Please Login to reply.

Discussion

Cody 3w ago 💬 1

Your understanding is the same as mine. Of course, I might also be mistaken, since I haven’t looked very closely at NIP-61.

If my understanding is correct, this problem doesn’t only exist in DM apps. In reality, many users completely trust the nostr clients they use, it’s just more obvious in DM apps in particular. That’s why I’m not very supportive of using nostr private keys to manage wallets.

HoloKat 3w ago

Same reason I don’t want built in wallets. As soon as you do it - everyone’s money is your responsibility. And I only vibe code - a big nope for handling money.