Nostr Web Client

default login should be npub. Most of the time you don’t need nsec and you can always prompt for it if you do. nostr:note1nzmdqh0ynty6r0s67qs4wafu9dxuawqhyv4yjdged6zxpks03fes0uklnl

Reply to this note

Please Login to reply.

Discussion

Giggleswitch 2y ago

If that’s the idea would there be a NIP that would obscure DMs within a client until a user signs with their nsec?

Right now anyone can log into a client with your npub and see who you’ve been messaging. Granted the content is encrypted but someone could still infer information just by the cadence of the conversation.

armstrys 2y ago

That’s a problem with the DM spec and will likely be fixed with a new DM spec, not a bandaid over the old spec

Splatoshi 2y ago

What problem does this solve though? You still have to use your nsec to do anything meaningful.

Ryan 2y ago

You could have a trusted app, or even a hardware signing device that holds your key and signs Nostr events for you. No other Nostr app ever needs to know your nsec, they just get signed events back. Lowers the attack surface for losing control of your nsec.

Komi_Hartman 2y ago

Much better, let’s see!

narring 2y ago

Totally agree! This should be the standard for all applications! 🔥