Nostr Web Client

Solid read, thanks Max.

Nice little article - curious though… isnt using nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm a security risk? A third party app hosting keys ?

Also - nostr:npub18lzls4f6h46n43revlzvg6x06z8geww7uudhncfdttdtypduqnfsagugm3 next time you should start the article w the fact youre invested in every co you mention. Cheeky move to put it at the last line…

Please Login to reply.

Thanks! 🙏

That article is already out of date though so just shared an addendum on HN.

To the best of my understanding, nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm is quite safe. You’re storing the keys locally in your browser extension, not on their server. While this is still not as safe as using the secure element on your phone, I don’t believe anyone I know has had any issues. nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm is also open source with lots of eyeballs on it, which is good for security. What’s more, they now offer child key permissions to restrict what can be signed I believe. Perhaps nostr:npub1xv8mzscll8vvy5rsdw7dcqtd2j268a6yupr6gzqh86f2ulhy9kkqmclk3x can share more details

Ahh cool, thats good to know. Thanks for sharing that.

🤙

yes, the Alby extension is completely client side. The keys never leave your computer, they never leave the extension.

So the user is in full control.

and the code is and must be open source to be able to verify everything.

How am I able to control my Alby from Zeus if the keys never leave the extension?

There is a difference between the nostr keys and the alby lightning account.

you can connect the lightning account to Zeus. But the keys you configure in the extension and those are only there.

Does this make sense?

It’s still a bit of a UX problem in that space but we work in making this more clear.

Oh yes, of course. sorry I thought the convo was about the Bitcoin keys.