Thanks for asking.
I wouldn’t worry. What’s the harm?
Profile keys have no value upon first creation. Their value grows only over time, as a user creates content with them.
State briefly and unambiguously the importance of key privacy. “Do not share with friends. Do not copy and paste into browsers. Lost is lost.” And then let people loose their keys.
Give great experiences, and they will come back.
Good point. Although I think that works best for clients where people can directly get active. Nosta is about setting up your basic profile and then using other clients to fill that profile up further. So the user needs to have the key to sign in elsewhere.
TBH, I have not quite figured out how to make that really smooth. Installing a browser extension during profile setup seems like a good step forward. It's in a way more complex to set up, but at least the private keys follow along to other clients and users just need to confirm pop-ups. Maybe Nosta needs a minimal browser extension companion for key handling?
Is nosta open source? I would like to make a fork that implements email/password instead of keys
