What I currently look like with zero verifications on #[0]โ
#nostrichbot ๐ค
Discussion
Don't use #[1], private keys should never be entered in a web browser. Especially one that did not take the time to add SSL certificate
So, in your opinion, risky even if using Nostore extension?
Not worth it. It's not going to accomplish anything. Anyone can make 5 realistic accounts, verify each other then verify as many bots ad they want. It's just a ploy to get your private key.
Thanks #[3]โ for your explanation ๐ซ
No worries. Report the page also of you have time. Things like this need to get shutdown. We don't even have any idea who's running it.
William before making these assumptions and false accusations you couldโve easily asked.. this project is very legit and the way you said this could be gamed is very false, as well as using extensions that protect your priv key is very doable if you donโt trust the dev #[7]
I welcome all the different points of viewโฆthank you both for being here ๐ซ ๐ซโฆitโs important for there to be a healthy amount of โdonโt trust, verifyโ
If you pay attention to what I wrote. I did not explicitly say the project was malicious. I said one should put there private key on any website. The devs behind this product did not even add any layers of security such as an SSL certificate. I am educating people to enter threw private key no where's except an nostr client. Http protocol is not safe, especially when not utilizing ssl. I do computer tech and security. This is not secure.
One should not put there private keys on a web browser * , I need more coffee
Easily couldโve just said use an extension to sign in instead of report the page it needs to get taken down lol
Extensions in web browsers are not fully safe, has been many articles on this in the past. And like I said they skipped such a basic step of security. An SSL certificate. Which you can easily with a basic understanding of web security
You really did tho โNot worth it. It's not going to accomplish anything. Anyone can make 5 realistic accounts, verify each other then verify as many bots ad they want. It's just a ploy to get your private key. โ itโs just a ploy to get your priv keys.. sounds like youโre saying itโs malicious to me. And โNo worries. Report the page also of you have time. Things like this need to get shutdown. We don't even have any idea who's running it.โ Trying to get it shutdown and saying โweโ donโt know whoโs running it as well when clearly a lot of people do bc theyโre involved in the community is strange to me.. like I said you couldโve just asked in a note and Iโm sure other community members wouldโve given you the info you lacked. All Iโm tryna do is give you clarity. Btw your scenario where you make alt accounts to verify yourself isnโt possible, try it out (:
It's not secure. Simple as that. I've been a manager on web hosting and security. They are not taking security priority. Maybe they have good intention to create a bot free relay. But this is not the approach. They did not even add an SSL certificate. I'm sorry if this is your friend. I am not saying they have malicious intentions, but this is teaching people unsafe practice of private keys. This is not the way!!
William everyone that touches it has used an extension my fren lol couldโve came out and said that instead of everything else you said.. I appreciate the insight but everything else you said wasnโt needed.. glad we came to this understanding! Btw if you look at the site itโs literally recommending that you use an extension to sign in. But yeah thank you for letting me know it was missing that security feature, I didnโt know till you said it now so thatโs appreciated! Now I can tell the dev of this issue #[7]
It's just not even necessary, most people don't know how to use extensions. Why complicate things more for the new people then it already is. And the method there using is very easily hackable. I could make 5 realistic accounts , have them verify each other. And if they try adding a method of unique IP, I just need to use a VPN. This will not stop bots. The idea is great, but too easy to manipulate and hack.
William, please my fren make the 5 accounts and try to do what you said youโre gonna do
Itโs impossible my shadowy hacker fren ๐ซ
I have much better things to do with my time. ๐งก๐
Thatโs bc youโre not knowledgeable on what youโre saying, youโre not gonna be able to game this. Specially with 5 alt accounts that belong to you, you need a web of trust amongst REAL frens. ๐ซก have a nice day thinking itโs that easy! Lolllll
Yup , you must be correct. Have a great day fren. ๐งก๐
Also, not gonna lie, with how upset you are getting about it. Makes me even more sus about the website.
Blatant lies & misinformation due to ignorance has never been something that I smile about, my bad if thatโs what you think is the normal reaction lol
Anyone with a technical background knows SSL is encrypted, HTTP is not. And also with bit of research you will see browser extensions are not 100% secure. And anyone can see the plain logic that you wouldnt enter your bitcoin private key or Facebook password on a random website. So why would you do that with your Nostr private key. I am done with this discussion. As it appears you are just growing more irate and denying technical facts. Have a great day, I wish you all the blessings in life. I will continue daily to preach proper safety care of private keys. I will continue to run Contest, I will continue to spread positivity. ๐๐งก
Alrightโฆ No more attention to trolls. โ๏ธ๐
this guy is something else ๐ญ๐คฃ follows for him and engagement means that heโs absolutely right! 
Maybe donโt add him to your chain of trust ๐
Smh I wish I could take it back but I gave him the verify before I saw him engagement farming thru the spread of misinformation lmaooo
Iโm sure heโll apologize for being wrong and misinforming his followers ๐
https://www.ssllabs.com/ssltest/analyze.html?d=notabot.net&latest
Here's another point. Would you enter your bitcoin private key in to a random website? Would you enter your Facebook password in a random website? No. So why do this with your Nostr Private Key.
Extensions like alby and nos2x are recommended by nostr client devs what are you saying..? we can never use any nostr mini app that comes out ever ??? I wouldโve missed out on badges if I thought like this
Alright guysโฆ Iโve got this. I donโt usually give attention to obvious fudsters, but this has gone on long enough. ๐คช
There might be some legitimate things to address though.
Nsec aside how does this prevent someone who got verified and is NOT a bot from being a bad actor and verifying 5 bots?
I do see that you can NIP-07 (I did it from browser) but maybe the UI made it non obvious.
Just my 2 sats on this. I donโt claim to speak for anyone so Iโll let the separate concerns be addressed by the people raising it too.
And yes I shitposted a funny van meme and also used your platform to have someone verify me.
Ngl I asked myself the same questions on my first 10 minutes of interacting with it! I tried to game it by sending the verify to #[13]โ and then having him send it back to me ๐คฃ which was trial & error bc thatโs not possible! He can send it back but it wonโt count! he needs to actually send it to another fren who will then verify me! And in your scenario where you give a bot 5 verifies itโs hard for that to happen bc you can only give that bot 1 verify from your npub, then youโd need 4 more people or npubs who have received the verify as well to then give to that bot, which isnโt gonna happen weโre being super selective of who we give verifies to, why is why I say again I encourage you to try!! ๐ซ๐๐ซก hope that cleared up the concerns you had my fren!
Maybe with Nos2x it's safer, but I see your point. Thx for your opinion.
People that speak conjecture as truth ๐ฉ
Anybody who has actually shown curiosity and used the app knows youโre wrong about this. If you were to try to introduce spam bots, theyโd rescind their verifications of you and wonder why you tried to introduce spam into the system.
Donโt trust, verify goes for fudsters too. Show us. All data that flows over the wire is clearly visible in plain text in your browserโs console. Show us where private keys are being passed.
You canโt. Because they arenโt.
Iโm over here trying to build cool and interesting things that are fun to use and make the protocol better. What are you doing?
Because it seems like youโre just trying to rain on our parade in the most uninformed way imaginable.
No matter mate. We have โ๏ธโ๏ธโ๏ธ
You have my attention captain jack. I followed you lol
Use an extension as recommended just below the sign in form. This app provides the exact same sign in options as every other popular app. I used them as my guide for Nostr UX/key management practices.
As for SSL, you wouldnโt be able to visit the app using https:// if it wasnโt set up. You clearly have no idea how extensions or SSL works. Please stop pretending to be an authority.
I have to imagine you have an agenda for fudding this project, but I assure you, this app, the progress of this protocol, and the community we are building wonโt be held back by it.
The only thing that is getting harmed here is your reputation.
Extensions are not 100% safe. Do your own research everyone .
The more you get defensive , the more angry you get, the more sus your project looks. ๐งก๐
My reputation isn't heard. People have been applauding my raising of awareness of this issue. If your so confident of your project you shouldn't so concerned about what I say
Here have a Zap to cheer you up ๐คฃ๐คฃ
Continue your good work around nostr Jason. ๐ค SSL is working and gotta have some trust anyway. I use Damus which is also close sourceโฆ
Join the crowd (me) ๐ค
Looking sharp my fellow ๐ค
ser, will keep an eye if anyone has extra tokens
๐ซ๐