You guys do realize that EVERYTIME you enter your nsec ANYWHERE it can leak, right? It doesn’t matter WHERE you enter it, local or remote, unless you’re inspecting every line of code + dependencies + firmwares, etc the software or anything in the supply chain could be lying and leaking it…
Discussion
That’s why I am not entering it into anything besides extension that is open source and I can see the source that is being executed. Damus that stores keys in keychain is the other place. And my attack surface is a single key that is not particularly attractive, where a central storage may make it worth the effort 🐶🐾🫡
which is why not having a single large provider is way preferable and why I worked on the whole idea of being able to very easily announce/discover them and why I want one-click installs on home nodes so people can very easily self-host it.
Satellite is going in a similar direction where it's very much a nostr package and can provide nip46 signer services for when you're on the go.