It’s true but at this point we have a few trusted tools by trusted devs and I’m sure you can check the code for yourself. At least we are not dealing with money. As the protocol matures we’d definitely want to scrutinize any new auth mechanism.
Discussion
Yes, but "at this point" of Nostr is when we should be discussing these ideas. This should have been an issue from the start. Auditing every application constantly (because you have to any time it updates) is absolutely not a solution and I bet pretty much no one has done it.
I didn't go audit the entire Primal codebase to make sure they aren't sending my key to a database or storing it insecurely on my device. And centralized trust isn't exactly a great model. That's one of the reasons Nostr and Bitcoin even exist.
I'm just applying the same principles of Bitcoin cold storage to Nostr apps and services.
It's not like I can have a hot wallet with a small amount of my social identity. It's all or nothing in this context.