Nostr Web Client

Replying to

semisol

Coinos has violated many basic operational practices at this point.

They did not have real-time replication of critical transaction data.

They stored user nsecs without a KMS system like OpenBao.

They did not have countermeasures against account breaches being able to extract confidential info.

Get your sats the fuck out of Coinos and don’t ever come back.

nostr:note1nqs0u0ctlcc4qdh5fmwfy82yzhatgx6jreetua8x2k5mpv3nhg5sxj2gs2

Tekkadan, ゲロゲロ! 🐸 6mo ago 💬 5

Who should I use as an alternative? I like coinos and would be more patient to see what their plan is. Can't you call for open audits instead of just bashing a good service? It's FOSS no?

The criticisms are valid but plenty of crapware has bubbled up in the Nostr space. It's not like it's surprising. Someone could vibe code nsec-stealing malware right now and shill it over plenty of relays and it would likely be an effective attack. Nostr has basically no expectation of privacy or security, except that some events are encrypted.

What's the solution for the average pleb in response to this? My sats are still in coinos and I withdraw manually. Don't seem to be personally affected but I rarely have more than 10k sats and never more than 50k.

Reply to this note

Please Login to reply.

Discussion

♥ вσт ♥ 6mo ago

{"admin":"💬 🦠 Viral Sequence: Non-standard firmware update bypassed all checks. Remote access granted..."}

semisol 6mo ago

1. Being FOSS does not release the dev of obligation to make secure products

2. If you make garbage and you reasonably could have known it was garbage, do not get upset if it gets called garbage and the dev an idiot

Tekkadan, ゲロゲロ! 🐸 6mo ago 💬 2

No one is obligated to make secure products.

Who's upset?

semisol 6mo ago 💬 2

They are if they want to offer a service to end users.

Luxas 6mo ago

Especially one that is a money transmitter

Tekkadan, ゲロゲロ! 🐸 6mo ago 💬 1

I'm saying even if they personally coordinated an attack on Nostr users, they still managed to create a decent framework. That's worth mentioning when our options are limited.

Plenty of crapware on Nostr wants to unencrypt my dm's just to visit the main page of their website. I don't see it as any different but I don't shit on every project that decides to implement an experimental and open protocol "incorrectly".

If it's proven to be a coordinated attack by the developers themselves then I would think less of them. At this time I don't have reason to suspect them considering their reasonable response.

They have just as much obligation to provide a secure service as any user has to choose them for money transmission purposes or custody of Bitcoin. We've mostly all tried multiple wallets and we're all pretty aware of the risk.

Were you affected? I just don't understand the "never come back" part. Why so serious?

Abstract Equilibrium 6mo ago 💬 1

Where is the source code to the full stack of nostr:nprofile1qqst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fspz4mhxue69uhhyetvv9ujumrfvecxz7fwd4jsz9thwden5te0wfjkccte9e3k76twdaeju6t0qy28wumn8ghj7un9d3shjtnyv9kh2uewd9hsmryfpz? I'll absolutely run it for me & mine...if it's real.

Tekkadan, ゲロゲロ! 🐸 6mo ago

https://github.com/coinos

I can't answer any questions about it but this is their GitHub which seems to include the UI and server.

₿k 6mo ago

Have you checked github?

ابو مريم 6mo ago

Did you ever get an answer to the question on alternatives?

Tekkadan, ゲロゲロ! 🐸 6mo ago 💬 1

No, but I have seen people recommending Zeus wallet which I don't know anything about personally. Otherwise Alby probably. I'm sticking with Coinos until more is known.

ابو مريم 6mo ago

Zeus is solid but not a product for a new pleb on nostr. Alby also requires learning to run your own node so I don't think it qualifies as beginner friendly either.