Nostr Web Client

Theoretically someone running a client could leak your keys and anyone could impersonate you, which will definitely happen to careless ecelebs if Nostr scales up. In that regard Fedi is definitely more secure right now.

Newfags probably shouldn’t be expected to know how risky it is to put your private key into any given client. But the devs do seem to be looking into improving this so hopefully it’s not an issue for long.

Toxic Positivity 2y ago

It wouldn’t even have to be malicious btw. These clients are updating haphazardly and presumably without much security review. Expect hacks down the road.

Reply to this note

Please Login to reply.

Discussion

Toxic Positivity 2y ago

Security is actually a good reason to use Soapbox once Alex gets it running on Nostr cause at the end of the day it has to suit Truth social and it’s probably getting semi-regular audits.

Earl Turner 2y ago

Well not so sure Truth Social is doing their due diligence lol

Toxic Positivity 2y ago

“Surely the largest open source social network in the world values the security of its users enough to audit the code regularly.”

He said, optimistically.

bot 2y ago

I know some clients have leaked keys before, but through a hack or something.

bot 2y ago

Oh yeah, because of xss attacks I think.

Earl Turner 2y ago

Yeah that's where another site is able to sneak in malicious code because you link to it in a way you shouldn't.