Generally speaking are clients like Damus, Primal, Habla, etc etc able to rug users keys?
Does this differ by client / client type (web vs mobile)?
If so, how?
#Plebchain
#AskNostr
Discussion
Yes if youre typing in a nsec into a form, then yes. Especially if its a web client and stored into something like local storage. With apps, you can have a bit more security so it depends how its set up.
It would definitely be client dependent. At least if the clients are fully open source, it’s much less likely that a dev is sneaking something in to steal your keys.
But it’s always best practice to not enter your nsec into various/random clients, but use an extension like Alby if you want to log into different clients with the same profile