Sure, but you cant do that on a minimal app like Amber. Everybody will see it.
Also, most people already have their keys there and have no desire to put it anywhere else.
Discussion
Then i guess these users are not our target users
That's most users. Frankly, I don't understand the insistence. You can do both... Have the nsec and the nip55 implementation. It's super easy.
there are many reasons. It makes the code signing path asynchronous which greatly increases complexity in all of our code paths.
Not being able to mix in data into nsec in different ways prevents us from integrating our one click setup wallet.
The ux flow for signing seems pretty bad, needing to switch apps to approve things, when this could be done within the app instead.
Mine is synchronous. And again people are doing the flow. Things can always improve. But you are not in a space that users are willing to play by these rules.
nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpz3mhxw309aex2mrp0yhx5c34x5hxxmmd9uqsuamnwvaz7tmwdaejumr0dshszythwden5te0dehhxarj9ekxzmny9u0ljp2l I like you a lot and I support a lot of what you do. But, it is so very clear by your stance on this how much you've been influenced by apple gatekeeping by developing in that space for so long. I'm zapping you anyways as a thank you for your work. You should consider adding flows that enable the user with more choice. More secure choices...
no you just donβt understand what i am building. It will be more secure on a whole when there are thousands of dynamically loadable non-web nostr apps on a browser with a built in signer.
I think the problem is we already have something really secure and you're asking is to leave it to trust yours. Even if I do trust yours, and I'm keen to, I still have to leave my solution that already works for me and use a separate solution. Adding another thing to keep track of for me.
notedeck apps work on all platforms, so you will need to do this regardless when you open up the app on other OSs. The point is we need a solution regardless.
Our signing solution can be just as secure or more than amber via an associated sub-service with no internet access.
Yes but only for your apps. I don't doubt that you can make something secure.
only for my apps? this will be an open development platform.
What do you write notedeck apps in?
right now its rust but eventually want to do something wasm based
Wasm is really cool
ASM is cool. WASM is retarded.
Yeah the goal is just point it at a website or maybe even reference apps via nostr notes pointing to blossom/web servers. Then you could share apps over nostr and load them dynamically.
This would allow anyone to write notedeck-level-performance native apps without web baggage.
idk how much history of programming you are aware of but i have personally witnessed the stagnation of technology for about 20 years.
in my teens i saw things done in software with a 7mhz processor that still hardly can be found anywhere today, 3 decades later.
like tear-free animation. flicker free sprites. sound without dropouts. applications without obnoxious retarded rockstars posing as their progenitors.
Okay but I think you're missing my point that it'll only be for apps developed on your platform.
I don't want one click anything. I'm an idiot, not a moron.
It's not hard to approve things in amber. I enjoy seeing a popup alerting me to something that's new and needs my attention and approval.
Quite frankly, I see no reason to trust anyone, even you, with my nsec, which, for the record, is more important to me than the seed phrase on my cold storage stack. Which, bee tee dubs, is harder to wrap my head around than "copy and paste one thing, hit approve, and you're good to go."
So, asking people who DO NOT TRUST to "trust me, bro" is silly at the very least.
Look how much we evolve.
We have apple's "one click, dumb people" into in the android ecosystem now.
What a great time to be alive π
In your current setup, how many people do you have to trust (aside from Amber)? Is it not all the makers of the hardware of your phone? We can't zoom in to consider only one part of the stack as needing to be trustless. Looks to me like Will is trying to make more than one layer of the stack, and doing it himself so that it can be trustless (as possible) (for him). Fun to watch.
I was really just trying to solve the βneed to install a browser plugin or appβ barrier for normies. To do that i had to build an entirely new browser not based on the web. Might be crazy, but weβll see.
Very few. I run custom ROMs and Linux, which is about all I can do and still be connected. If that becomes too much, I'll just disconnect be annoyed for a while but get over it.
I don't fully trust will. Or hazard. Or Vitor. But I certainly don't want to trust any of them fully with my nsec. I have to trust something to start, and that is amber, but I prefer that since that's offline and not popular enough to be a target of hacking at this point. It may, in the future, and that will be something to figure out.
I can't code any of this, but I certainly have an opinion on how I want to interact with nostr clients in general. I understand more of why will is doing things the way he is, but I'm not going to use his stuff if he doesn't support nip46 signing. His objections have one good point and the rest is just being a bull-headed iOS conformoid.
Amber just draws over the current add when it needs you to sign, you don't leave the app, have you tried it yet?
You don't need to switch apps. It's up to the user to choose if they fully trust the app or just some permissions just like Alby extension
Indeed, priv key mixin should be a feature for NIP46. The async logic would work for nsec-present, too, just faster. NIP55 approvals happen - of course - on the trusted app with the keys, not in your app. Consider it a popup controlled by the wallet.
I advise every new Android user to get Amber because virtually every Android app, plus most web apps support it.
nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpz3mhxw309aex2mrp0yhx5c34x5hxxmmd9uqsuamnwvaz7tmwdaejumr0dshszythwden5te0dehhxarj9ekxzmny9u0ljp2l you should maybe look at "complaining" as advice.
Survivorship bias of a very few users who like complicated solutions to things
A dev who underestimates users.
i am interested in all the users who arenβt here yet.
A loud and very small group of technical users who like using 10 apps to use nostr will not make nostr succeed.
Those users will likely stick to amethyst anyways. I am going for everyone else.
That beats the hell out of primalβs lame update
You can build your app to target the users you'd prefer, of course.
But you don't need to attack or criticise other users at the same time.
I will now even though I was impatiently waiting for years for this release.
The protocol is working
Shouldn't we be promoting freedom to choose whether they use a signer or not? Threats to security grow exponentially and the more Nostr grows, the more threats will impact its users.
This limp stance toward security should alarm anyone who uses the app...
Amber is not complicated.
And on nostr survivorship bias is something you, as a dev, should listen to. We're the stubborn idiots who have been around long enough to actually USE nostr. If we aren't your target market, then you are missing out on the most powerful force for getting people to use your software.
You're pissing off the very people who would gladly help you bootstrap people into your ecosystem.
You're a smart dude, and one I genuinely respect as a dev... But I'm never rawdogging my nsec into an app ever again. Especially if it us using chrome as a base, since I avoid chrome at all costs. I'm here because I don't use big tech BS, and that is rather unfortunate to learn.
So, yeah. I'm not your target. But I probably should be.
Nah. It's better to piss off the technical users, who recommend apps to friends and help them get started. That way they will never recommend your app. Brilliant marketing.
That's really the exact thing I was thinking.
Correction: not using the chrome browser, he's referring to the core structure of his app as a chrome, the app is fully native
The implication here seems to be that when Will does what he thinks he should, and people get pissed about that decision, that it's Will's responsibility. I reject that premise. The beauty of NOSTR is that one can choose.
Each developer choosing to make the client that fits them best should be celebrated. Each developer averaging some perception of what they think the user wants wouldn't end well. Worse if developer chooses based on the comments of the vocal, biased by selection. Better to consult principle and common sense.
TLDR, It's good that there are multiple opinions, not bad.
Developer bias complaining that iOS users don't expect such a feature.
Evolution and survivorship bias are not the same thing. Survivorship bias is a class of misapplication of bayes theorem due to bad priors. Evolution is the process of inferior things dying off as better options take over.
I evolved to using amber exclusively because it provides superior security. The weak (security) apps will all die in time or improve their security. I will continue to ratchet forward my security practices as tools and my skills improve.
It's it very few users though? In your own OP you said you've never seen this kind of response before? Which is true? Think about that.
I think app fatigue is a thing.
It took me ages to get amber cos I hate having yet another app. I hate apps lol.
I don't really understand what the devs are talking about tho. I just wanted to say 'app fatigue'.
there are many users like this, including me. I am building an app I would want to use...
It's also an onboarding nightmare to need to tell someone to download another app.
Download nostr app
Download wallet app
Download signer app
I just want one app.
I just want to throw my phone in the thames
Oh, no. Even these quirky reactions don't work. π I feel similar way. π©
My experience with Nostr is the opposite; i dont see the need for one app.
Its the fact i can frictionlessly use whatever app that is the most convenient for whatever purpose, is part of what is so nice about Nostr.
Bunkers/amber is a huge chunk of what allows it to be so smooth
I should qualify- I want one app to do one thing well. That could mean several apps to do several things well.
Which is why key management is important. I don't want to paste my nsec into every app. I want it in one, that signs things for everything else.
Yup. Thatβs why I like Amber on Android. I use it for Amethyst. Once I get around to creating an Android app, I plan to use Amber and Nostr Wallet Connect.
TIL π€π½
Ok, fine, but you are also complaining some Android users don't understand your app.
Pitty, I was keen to try Damus
Same I don't think I'll be able to sign into damus with my main without remote signer support, don't think this is going to fly on nostr either, this is not the lagacy internet, key management should be a priority, I'm surprised at hearing this tbh.
Exactly this. I have amber to hold my keys safely. Everything else is a portal I can sign into with it. Now you want to be the one unique client to hold my keys while you do other things online exposing a greater attack vector to my keys? No thank you.
I don't keep my data on my server, but I do connect encrypted drives to it!
Single purpose appliances work best.
And I don't want to ever have to paste my nsec anywhere ever again!