Why are extensions better?
Discussion
I don't have a tech background.
I do recall reading that one should not keep private keys in the client, but the article didn't explain why.
Why is it better to store my private key in a browser extension instead of in the Amethyst client?
The most important thing is to always securely backup your keys.
For Amethyst login, you have to use your private key, and extensions are only used when you are logging into some Nostr web application.
When using the extension, the web application author does not get your nsec.
I do enter the nsec tho? As that's necessary for using the extension to log in?
You just have to enter your nsec once in the extension. After that you can log into any Nostr WebApp; you just get the popup for approval.
Thank you all for your patience 🙏
So browser extension is safer to use than putting nsec directly in client, because the author of the extension can not access your key (why not? We are trusting them to not put a back door in their extension and access my nsec?)
Versus putting the nsec in the client which is less safe. (author of the client is less trustworthy than the author of the browser extension?)
It's all software, so aren't we trusting someone in each case?
Suppose there are 10 Nostr WebApps; you can't trust all of those apps, and entering your private key inside a browser every time you log into some WebApp is inherently unsafe.
Since the extension is already open source, you are not placing trust in anyone and please backup your nsec, this is the only way you can access your account.
Got it. Thank you. 🙏
I'll zap you once I get my wallet fixed.