43
markus 2y ago 💬 6

Do people here really paste their private keys into new apps to try them out?

This seems incredibly naive and risky, exposing your entire nostr identity to unknown parties / endpoints…

Reply to this note

Please Login to reply.

Discussion

Avatar
Contra 2y ago

Ya, you def need to Vet some protocols.

43
markus 2y ago

Even if I do, they can change and go rogue whenever they decide to do so.

Currently, we don’t have any forward secrecy at all.

I would like to see more fine-grained access control, e.g. with subkeys, in the future.

Avatar
Contra 2y ago

Couldn’t agree more 🫡⚡️

Avatar
the axiom 1y ago

no, we use nip46

43
markus 1y ago

I assume I have to read up on https://github.com/nostr-protocol/nips/blob/master/46.md but from first glance, my private key is sole and complete access to my entire identity. How would compromising that key not irrevocably steal all access to my nostr identity?

Avatar
PerpetualWar 1y ago

What is the recommended way to test apps with write permissions?