Nostr Web Client

Ayo team purple, could you help me understand something?

How does nostr:npub1am3ermkr250dywukzqnaug64cred3x5jht6f3kdhfp3h0rgtjlpqecxrv7 protect your private keys in a way that’s different from any given client? Does it use your phone’s secure element/something like that?

Or is the thinking just that having just one simple, open-source signing app with lots of eyes on it and minimized attack surface is a significantly better choice than unprotected nsecs with any client you find appealing?

#asknostr #grownostr #thanknostr

Reply to this note

Please Login to reply.

Discussion

fmar 11mo ago

IMO - > simple, open-source signing app with lots of eyes on it and minimized attack surface

boston wine 11mo ago

Great, that was my sense. Thanks 🙏⚡️

Kosmosis 11mo ago

You are not entering your nsec in an app or webpage in plain text.

The app asks Amber to sign.

Aber signs and sends back to app.

At least that's my understanding.

boston wine 11mo ago

Got that part — but we’re still giving Amber the plaintext nsec — so my understanding is that it’s better to do that just once, with an app that many people have reviewed (and that doesn’t have lots of other code or opportunity for bugs/compromise) compared to doing that every time you want to use a new client. Something like that?

Kosmosis 11mo ago

Yeah, I think that's right.

boston wine 11mo ago

Seems logical enough 🤙