Nostr Web Client

Bit of a rant here but nostr key management needs more attention. I really feel like we should be much better at this considering most of us are bitcoiners and understand the importance. Why don't we have most clients still not including bunkers or extensions on login? Why do we not have a thriving discussion around nsec protection? It seems revealing of serious issues in development.

I've noticed this particularly on iOS. Until KeyChat entered the appstore we were pretty much reliant on NsecApp which had to be made into a PWA and hardly had any clients that integrated with it.

The impression comes off that your identity is worth less than your money. Or the actual mocking I've seen from some who think non-technical folk who mess things up deserve what they get. Seriously, ftw!

I know the majority of you have alts in fiat that you happily run back to but for some of us this is actually a space we want to build.

What can we do to actually improve this area? Bitcoin has signers, cold storage, multi sig, seed plates... What is the nostr nsec equivalent for these? What's preventing it from happening here?

#asknostr

Reply to this note

Please Login to reply.

Discussion

Keychat 6mo ago

We categorize Nostr apps into web apps and native apps.

For web apps, Keychat uses extension login (NIP-7), with the seed phrase and private key stored in the phone’s secure element.

For native apps, NIP-55 and NIP-46 handle cross-app and cross-device logins.

Because of iOS restrictions, NIP-55 works only on Android. iOS can use only NIP-46, yet when the native app and the signer app run on the same iOS device, signature requests and signatures still have to be sent through a relay, which is less than ideal.

Keychat 6mo ago

nostr:nevent1qvzqqqqqqypzpwleyw4fy3sxt7yvgrran0mpenxqlululur94r9jlax0hd3q3rc7qy88wumn8ghj7mn0wvhxcmmv9uq3wamnwvaz7tmjv4kxz7fwdehhxarj9e3xzmny9uqzqz9fs2p8gzj8320vyp7knks4hyqgdp3uhdcnmgcqps3ynavw3jeq7ssn0c

ابو مريم 6mo ago

I think that relay stuff is what's been bugging my nsecApp lately. I was reading their github last night and it sounds like custom relay configurstions are a no go.

cloud fodder 6mo ago

i think you hit the nail on the head: it's iOS

iOS is simultaneously the large majority of users, and the least appealing for an opensource believing programmer to develop for.

The few apps that did make it to iOS are entrenched and hold the keys for their users, why would they bother creating additional signing apps?

So, because programmers have realized iOS (again, the majority of who you encounter on nostr) can't login to anything, why bother with all these new signing methods?

I think, this will change in the future though when nostr grows enough to 'pay the iOS tax'. And by then some clear standards will have also emerged.