Replying to Avatar tony πŸ€™πŸΌβš‘οΈ

signer extension?
15
Change this if you want 2y ago πŸ’¬ 1

Web extensions are not safe

Reply to this note

Please Login to reply.

Discussion

Avatar
MaxMoney21M⚑ 2y ago

Why not? Open source, Chrome sandbox... probably better than random websites.

Avatar
tony πŸ€™πŸΌβš‘οΈ 2y ago πŸ’¬ 1

what’s not safe about nos2x

15
Change this if you want 2y ago πŸ’¬ 3

Web extensions are vulnerable, have privacy loopholes and frequent hacks. Would you save your bitcoin private πŸ”‘ on a browser?

They aren’t audited well.

The best way as of right now to generate your πŸ”‘ on offline device(for example seedsigner) and then allow client to sign events. Hope there will be more ideas how to properly manage πŸ”‘ but definitely not a web extensions

Avatar
tony πŸ€™πŸΌβš‘οΈ 2y ago πŸ’¬ 1

both web extensions and websites can have security vulnerabilities. both web extensions and websites can be safe or unsafe depending on their design and implementation. which client are you allowing to sign events?

15
Change this if you want 2y ago

Using web extensions for storing private key is bad. Point! There should be better alternatives to it! One of the alternatives been already proposed πŸ€·β€β™‚οΈ

Avatar
pukka 2y ago

What do we need to support to get this on iOS? Use their secure element thingy? Or is that a bad idea?