Probably the most annoying thing is nostr is when you sign into a client and it starts asking to decrypt all of your DMs...and you have to manually approve every one before you can use the app
Discussion
Right because who has any idea what is going on, and what they are approving?
Yes. I actually worry that this is a potential attack vector, as you eventually stop reading the text and just hit approve approve approve.
"Decrypt All" 🛎️👇🏻
This is one of the many things I have been raising concern about in regards to privacy and nip46. If all of this traffic can be sniffed across any public relays. Every time to load a client and see all of this signing traffic.
Every time a message can be decrypted with nip46 on a public relay there is another potential place your messages can be leaked.
Along with this, I have been working on origin,site,kind - based timed permissions for my NVault signing extension to help avoid blanket permissions. Along with silent denial. All synced to your server account so your settings travel with you across computers/browsers.