Nostr Web Client

#Day7 #21DaysOfNostr

Is it possible for a Nostr client to claim themselves to be decentralised but have centralised servers?

This was brought to my attention yesterday. If it was the case then could that client have access to your/my nsec too?

One of my main concerns with Bitcoin for example is newbies are coming into the space thinking they're buying an ETF and have full exposure to Bitcoin. When in reality they're buying an IOU of an IOU with Fiat, in return for Fiat. The key holder owns the Bitcoin.

The reason I'm on here is because I 'can't be cancelled' and not 'a slave to the algorithm'. Although if the servers are centralised and I'm unable to tell the difference - it begs the question...What's the point?

Laan Tungir 1y ago

If you put your nsec into a client, then that client has access to your nsec. The question there is, what, if anything does that client do with your nsec? So if you are on Primal, and you enter your nsec, does Primal send your nsec back to a server someplace and keep your nsec for nefarious reasons? This is why you might use a browser extension like nos2x or Amber on android.

In your last paragraph you discuss the servers (in #nostr we call them relays) being centralized. If you go to this page, and give it some time to load, you can see that there are hundreds of relays all over the world.

#Nostr relays are very decentralized.

https://nostr.watch/relays/find

You are very safe from being cancelled on #nostr. But that doesn't mean anybody will pay attention to you. The concern is getting an audience.

Reply to this note

Please Login to reply.

Discussion

Sean 1y ago

thanks for clearing that up! I'll take a look

Linda 1y ago

Not all clients store the nsec in client. Many store it in the device keychain and equivalent for Android. They simply reference the nsec where it is stored on device.

Which means when you paste in an nsec, it is not always being stored by the app.

Laan Tungir 1y ago

It is being stored by the app, because unless it is being stored by another application like nos2x or Amber, the client can, and in fact needs to get the nsec back so that it can sign and decode with it.

The app can't just reference it, unless the keychain does the signing and decryption, which I don't think it does, but maybe I'm wrong here?

It is just storing it in a different memory location. It doesn't protect you from the client being malicious.