Subnostr

I agree, Jeff. I always prefer to disclose these types of issues and vulnerabilities privately. That said, Semi's actions let the cat out of the bag and people have already started using it prior to me sharing his note. I wanted to let people know what's going on.

I believe you hat Primal will have all of this fixed in the near future with custom user controls. I'm excited to see what they produce as I think Primal is a great client and is doing great things for Nostr.

JeffG 2y ago

I wouldn’t even call this a vulnerability. It’s just a partially finished (known to be naive implementation).

We’re not doing ourselves favors by expecting fully mature software at this stage.

I appreciate the poking and the experimentation but the way it’s done just feels likes it’s in bad faith rather than collaborative or helpful.

Reply to this note

Please Login to reply.

Discussion

No replies yet.