Nostr Web Client

Here's an #asknostr for today as I finish up a round of research. I've already looked into this a lot myself but it's ever-changing and there are people way deeper than me into this.

Frictions and risks related to key management are often cited by critics as one of Nostr's limitations. You lose your key, and you lose your identity. Plugging your key into a bunch of different apps is not ideal, since the more you do, the bigger the potential attack surface is for a leak.

Restricting your usage to a couple apps or browser extensions, and using them to sign for other applications, seems to be the best method so far for minimizing the attack surface.

Looking beyond that, what sorts of protocol updates or app services are ideal to help minimize the frictions and risks of key management while keeping the protocol itself super simple as it is?

Derek Ross 1y ago

it's a tough technical feat, because most people just do not use web browser extensions and asking them to use one to sign into an application is one of the most challenging things ever, apparently. i believe that signing applications like Amber are the future. it supports both native and web apps. sadly it doesn't have large adoption, yet, but i believe it's the easiest "set it and forget it" type of scenario.

Reply to this note

Please Login to reply.

Discussion

No replies yet.