I'm not happy to and haven't entered my private key in a website/client app. Anyone else share the same concern?
Discussion
I got over my reluctance with time. I won’t enter it into an app/PWA that’s new to the scene, but with established clients, I took the plunge. Perhaps, do as I did and have a few different keys, one to test with that’s read only, one lesser account I don’t post interesting content from, etc. you can work your way up to using your full account as confidence builds.
Confidence based on anything other than verification is something I can't do.
Context....do you know who is running the website/client that your giving your private key to. Who else has access to that private key in that website/client. How is your private key on that website being stored? I'm a bitcoin oldie......DON'T TRUST VERIFY. If I can't verify I will forego the integration.
It’s a big issue for most people. The goal is to try to do it as few as possible by using browser extensions, the new nsec bunker tool coming, or other methods.
In my opinion it should be a big issue. I only use browser extension, which is easy for me because I don't use social media on mobile devices. The movement looks to be towards app based integration with nostr which will require disclosing private key to a third party. Correct me if I am wrong on that detail.
I guess soon there will be ways to swap the key without loosing the attached identity. Once this has happened I'll create a new key which will only be used via HW signer.
Is there or could there be a way that integrating with a client app didn't require giving them your private key? I'm not familiar with HW signer but would seem that if I can use a browser extension to validate on a client, is that what a HW signer would do? Would it enable signing in to a client without giving them the private key?
I've never did and won't will until I've found a pretty solid solution. 😅 That's just the way I am. 😂
BUT I desperately wanna try another nostr client, where I checked in with my account. 😅🤷♂️
