Replying to Avatar Curiio

I really like this idea! My only concern is that it the Nostr private key would need to be send to the server because there's no JavaScript to sign events client side. This is quite a serious security concern.

A practical workaround of course would be to have a public instance of Nostr (like Iris.to) available via TOR without JavaScript and then an authenticated instance would require you to whitelist JavaScript for the site so it can sign events client side.

In regards to performance performance and user-experience I would assume it would be similar to Dread; a very popular alternative to Reddit that runs over TOR.

The only possible solution I can see without JavaScript running on the site is to have the server send the unsigned event in JSON to the browser for you copy and then you'd have to use an external piece of software such as browser extension or desktop app to sign the event which you can submit to the server. Of course if you're utilizing a plugin you could streamline this much better.

The latter is light-years away from ideal though and wouldn't be widely adopted. If we want these technologies to be used then we need to reduce the barrier to entry.

Of course these are my initial thoughts but if you have any solutions or criticisms then please let me know :)
Avatar
🇵🇸 whoever loves Digit 3mo ago

I also don't see a huge problem with some people using the normie login option where private key stuff is handled in the cloud tbh. Especially if copying unsigned events to a separate app is an option for the more hardcore users

Reply to this note

Please Login to reply.

Discussion

Avatar
Curiio 3mo ago

Personally sending private keys to server just feels inherently wrong. Anyone controlling the server could sign on your behalf FOREVER and there's no way of changing or rotating private keys with Nostr.

Of course there's nothing stopping any client such as Iris.to deploying some malicious JavaScript (unintentionally even) that steals everyone's private keys - therefore servers and upstream code do need to be monitored regardless. That said, we would know if Iris.to or another client was doing such things because we can see the client-side code; although it would likely be too late by then.

Nevertheless if you send your private-key to the server then you have no way of knowing what they'll do with it, how they handle that piece of data, if their servers are compromised etc.

I suppose this is one of the fragile things about Nostr's security model. A supply chain attack would hit really hard!!

#security #cybersecurity #nostr #asknostr