Nostr Web Client

If this becomes the preferred way for people to use nostr, then the nostr client becomes a defacto custodial wallet, even though they may not be focusing on that.

It's a change from a "push" based payment to a "pull" based one. The responsibility for security of customer funds now rests on the nostr client. How much: All of it? None of it? Some of it? Do they even want that?

If an exploit is found, or bug introduced - hackers will very quickly exploit it to its maximum (one of the best things about lightning! but also one of the most challenging). Even with limits set, that can be a lot of money, and a lot of damage to everybody involved.

Wallet of Satoshi 2y ago

For example:

Suppose nostr is wildly successful. There are 100 million WoS users on nostr, and WoS has implemented a limit of 50K sats for NWC zaps by nostr clients per customer.

If one morning we all wake up and there is 50,000 sats missing from 100 million accounts...

Reply to this note

Please Login to reply.

Discussion

ish4k 2y ago

I might be totally wrong, but one possible solution for this would be an app integrated wallet like zion does?

ish4k 2y ago

Derek Ross 2y ago

I'd like to hear nostr:npub1xv8mzscll8vvy5rsdw7dcqtd2j268a6yupr6gzqh86f2ulhy9kkqmclk3x 's thoughts on this. It's a good debate to have to make NWC as secure as possible for users.

Xtr3m3hodl 7mo ago

This is a non issue and they know it. Just come out and say you aren't implementing nwc instead of hiding behind an hypothetical scenario.

Most wallets that implement nwc allow users to set the limits. Anyone using nwc to zap would knows this at the point of connecting the nwc string.

They could even have made it an advance only feature that you can only expose in settings instead of this half hassed excuse

nostr:nevent1qqszwzvh6cduxh6tfxs0xdh67luve3rt6yrcpnrr9v3m7qkk6l84cysppemhxue69uhkummn9ekx7mp0qgstu8vf099ljt09m4jvres0dgk8ps2q4wkfjvjp3lhrp3wxxllfg7grqsqqqqqpskzenu