Nostr Web Client

Multiple native apps only allow for copying and pasting. At least one doesn’t even hide the nsec in their settings. Regarding Nostr website clients, they’re limited by the browser. For example, Nostr PWA’s on phones and tablets cannot access the extensions designed for desktop versions of Chrome and Safari.

Dikaios1517 11mo ago

I mentioned above that native apps are a different story, especially on iOS where there really is no other option at this time.

PWAs are also a different matter. If you are using PWAs on iOS then pasting your nsec may be your only option. Not sure if nsec.app might work for that use case. Either way, I still wouldn't recommend pasting your nsec into a client if it can at all be avoided, regardless of how much you trust the developer.

It's a matter of how cavalier you want to be about your nsec possibly being compromised. I have been around here long enough to know that even the most well-intentioned devs in this space make mistakes that can compromise users' private keys.

Hopefully we will see a signer app for iOS developed that will work similar to Amber, and which can be used both for native apps and PWAs. I saw that nostr:nprofile1qyvhwumn8ghj7un9d3shjtnndehhyapwwdhkx6tpdshsz3thwden5te0v33rgetxda382uejd9k8garhx4nk76mrwa3kkvm0dd3hydphxe58z6md09ckgat009ukgmr0xf4rw6tfvajks6mevshxcmmrv9kz7qgwwaehxw309ahx7uewd3hkctcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshsz9nhwden5te0wfjkccte9ekk7um5wgh8qatz9uq3vamnwvaz7tm9v3jkutnwdaehgu3wd3skuep0qyghwumn8ghj7mn0wd68ytnhd9hx2tcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpr9mhxue69uhhwetvvdhk6efwdehhxarj9emkjmn99uq3xamnwvaz7tmsw4e8qmr9wpskwtn9wvhsqgp808eanapv0hhp0u8xhnw03x50n4vj6x0rkxaaylh3el735luc6yxfwryn is going to be making this a priority.

Reply to this note

Please Login to reply.

Discussion

Terry Yiu 11mo ago

Yes, I’m currently working on a native Nostr signer on iOS. I’ve paused most of my other Nostr work to do this.

A 11mo ago

Thank you for the further clarification. I wouldn't be surprised if I were the only new Nostrich to want to get a feel for the different apps before narrowing down to daily drivers. Security is a sliding scale, I understand more than the typical layperson, but I am still just a layperson on the subject. #Nostore worked great on the iPad. It wasn't on a list I was previously sent, so I appreciate you pointing me in that direction.

nostr:npub1yaul8k059377u9lsu67de7y637w4jtgeuwcmh5n7788l6xnlnrgs3tvjmf for those of us in the back of the class, what is a signer for Nostr?

Terry Yiu 11mo ago

Your Nostr private key (nsec…) are secret and unlock access to anything and everything. This key is used to sign events / messages that cryptographically proves that they came from you. You do not want to paste your private key into random apps, especially if they are malicious and steal your private key, or are poorly coded and have bugs that cause you to sign malformed data.

A Nostr signer app allows you to keep your private key stored in exactly one safe and secure place. If you want to use a Nostr client without pasting your raw private key, the client must communicate with the signer in order for it to sign any event or encrypt/decrypt direct messages, etc.

Amber is the only native signer app that exists on Android (NIP-55). No native signer apps exist on iOS — that’s what I’m building. Note that I’m not talking about browser extensions (NIP-07) like Nostore which do work in the same way that I described but only for web clients accessed from the browser.

hasky 11mo ago

this Nostr sign app as one key to sig in ( login ) to multiple website using your

Single nsec . It store on the app.

Hmm if you use Google password manager , they save all your password and which website for which password .

For nostr sign app it’s one key 🔑 your private key to sign on different nostr app . If I get it right …