Could also have a client do that too. Take the event address and put it into a client I like.
I think this could really get into scope creep for the signer, then the signer just becomes another insecure client. Clients and signers NEED to have clear separation of security concerns. Signing code should be physically isolated from network code.
Main reason I don't really agree with nip46 and have aired my concerns in the past. NVault will have separate processes and remote agents for handling signing. And someday work with HWS like the one nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj is making :)
Well, a "signer app" can have a signer and a client. Those don't have to be one thing, it'd just be nice to be able to click on the browser extension and start typing.
Could also be a separate browser extension app, I suppose. I just thought of signers because everyone already has one and mine contains my nsec and my relay list.
Alexandria has this, now, on the event page (search for an event id, get the result, click "comment" type, submit, done). But that takes up a whole webpage, so you need to tab back and forth. An extension is more handy.
I added that, even though it kind of breaks the scope of the page, because I am fucking sick of having to login everywhere.
WHY THE FUCK DO I HAVE TO LOGIN? FUCK YOUR LOGINS, BRO.
Login once, write anywhere.
And I hate that I have to grant permissions, to do damn near anything, and way before I'd ever need it. They watch what you're reading, what you're searching, what you're writing...
Yeah there was a time when primal was polling for public keys a couple times/second which was HORRIBLE. I had to build the grant-all system just so I could use it. but if you didn't know extensions (especially when passing data between, user scripts, content scripts, then background scripts) is insanely slow. Like hundreds of MS slow. Even if it's all in memory. Primal was barely usable then but when they did that I couldn't use it. That was the end of my Primal days.
But bro, personalization bro. We need your relay list bro. We need your outbox relays bro.
Yeah iv wanted to suggest changes to the NIP07 api so that client's could just pull that data from my extension to be authoritative. Most clients either use hard-coded relays, or pull from nip65 (which is fine imo) but If I have an extension, that should ALWAYS be authoritative, but few clients, if any use that model.
i've thought about having the ability to shim in proxies for relay connections to intercept them on behalf of the client for user's privacy. So many clients just open shit loads of connections to hundreds of servers/relays without asking me permission. I have to use other extension like uBlock to help keep all of those requests down.
Yeah, I often have the console open, from testing Alex, and then I switch to other webpages and it's just a flood of relays. This doesn't happen with us, because our relays are aggregators, and we always look at them first, and only check other relays if we can't find something or the person is logged in and has explicitly said for us to check their preferred relays.
And the personalization thing doesn't even count, as you can just login npub-only (read-only) and I can fetch your relay list and app settings from theforest.
You only need to login, to sign, and apps should reduce their reliance upon signing.
I have to sign on Jumble, everytime I look at the notifications, as he uses events to keep track of what I've read.
I really hate that.
I probably also thought of extensions because I constantly need to switch npubs and it's a pain getting that to match with the clients, as so many forget to check. I'm constantly signing with the wrong one.
When I open the extension, it just says SILBERENGEL and if there were a little textbox below that, I'd be less-likely to accidentally sign as PURPLEKONNEKTIV.
Idiot-proof it. That's why the event signing box I made has the current profile pic and name right next to the button. LOL
There are ways to pack up web-pages into extensions :) Like extensions that you can put a URL into and it will display the page, just mini.
Can I complain briefly on the extension thing. Browser extensions are BS walled gardens too. You have to submit your extension for code review for most changes iirc, and your repository has to have a particular structure, Fuck Google btw, never going to have a chrome extension. BTW You still have to do this process to get a signing certificate to distribute the extension yourself, otherwise no one can use your extension. They can temporarily load the zip file for debugging, but that has to be done every time the window is closed, not a solution.
For NVault I inject the UI into the web-page itself so you don't have to use the dinky little popup page that resets every time to click away. I like that it feels integrated into the app you're using. Not all apps work, so I have a toggle, that opens a new popup with the same window, but i don't like that flow.
example
https://www.vaughnnugent.com/public/resources/downloads/cms/c/zok236zuqrydxugsqhkwovurhi.webp
Could you create something that I can click, that isn't a browser extension, that just pops-up, like that, with the event ID I'm responding to preloaded? Or with no eventid, if it's an op?
