Nostr Web Client

F-Droid has incredibly poor security practices and a strong anti-security attitude held by most of the people involved. They've consistently engaged in coverups of vulnerabilities and targeting multiple security researchers with libel and harassment.

It's a massive single point of failure and not worthy of the trust many people are placing in it. It's adding another trusted party compared to using the apps built and signed by the developers. It is not avoiding trust in the developers of apps.

thePR0M3TH3AN ✝️ 🥩 🍊 11mo ago

Maybe nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 is a better alternative?

Reply to this note

Please Login to reply.

Discussion

eee8f902... 11mo ago

For apps that are signed by the npubs of the developers you know and trust, I understand it to be a better alternative. It will be amazing once all apps are signed by dev npubs.

AFAIK apps that at signed by ZapStore are requiring you to trust Zapstore's build processes, similar to Fdroid.

thePR0M3TH3AN ✝️ 🥩 🍊 11mo ago

Baby steps. 👍

Zapstore 11mo ago

We do not build, but you're correct that you need to trust us (to provide the right hashes).

All indexed APKs are fetched from their original location, mostly from Github, this helps somewhat distribute the trust.

eee8f902... 11mo ago

Appreciate the correction and love the project 🙏