When you enter an nsec into nostr:npub1v5ufyh4lkeslgxxcclg8f0hzazhaw7rsrhvfquxzm2fk64c72hps45n0v5 or nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm or nostr:npub1tnpfz60snm7ler8k8c69335n37we6690qttl88t556yzkjxhahjq3kkkpe extension, do they see it or not?
Where is it stored?
Why do people say it isn’t a good idea to enter one’s nsec into many apps?
Depends, if the app is open source you can at least verify the code to check where they store it. Usually an app (unless malicious) will store it in your device's local storage. This is still a lot of work to verify every app, for better security it would be beneficial to store it in a signer app and only have to verify the signer's security, this way you can still "login" to many apps without ever sharing your nsec with them.
Even reviewing the code isn't a failsafe method though, as there's no way to verify that the build you're running is the same as what's on GitHub, right? Unless you're building it yourself from source. Either way, better to trust just one signer app.
Yes signed apps are obviously better in this case, and you can verify the build with what's signed.
The Alby Browser Extension is an application that runs only in your browser. It doesn't share your keys with any other app. That's why you can use it for Nostr key management.
Thanks for this, look forward to reading tomorrow!
