Thank you for your reply.
Well I use nsec.app but still having my nsec ( even crypted ) on nsec.app server makes not fully safe.
As a lot of clever people are working on Nostr I'm sure it will be even better in the future.
It is a big risk. However, it is not one that is impossible to mitigate with tools that already exist, for the most part.
I am not aware of any videos discussing this subject in particular, and Nostr doesn't really have a "dev team" because there is no central organization overseeing the project. There's just a bunch of independent developers building stuff on a permissionless protocol.
Now... How to protect your nsec:
On a web browser, you can get a signer extension, such as Nos2x or Alby. I think there is another one released recently that starts with a G, but I haven't had a chance to look into it.
In any case, these signer extensions will store your nsec and allow you to log into any Nostr web apps that support sign-in using an extension. Thankfully, the vast majority of Nostr web apps do. Avoid the ones that don't.
On Android there is a signer application called Amber that allows logging into native Android applications, and any web app that allows for "bunker" login. Amber holds your private key, and does not give it to any of the applications you log into with it.
On iOS there is not anything similar yet, but nostr:nprofile1q9z8wumn8ghj7erzx3jkvmmzw4eny6tvw368wdt8da4kxamrdvek76mrwg6rwdngw94k67t3v36k77tev3kx7vn2xa5kjem9dp4hjepwd3hkxctvqy2hwumn8ghj7etyv4hzumn0wd68ytnvv9hxgqpqyaul8k059377u9lsu67de7y637w4jtgeuwcmh5n7788l6xnlnrgsf6xvrd is working on one.
There is also a web app called nsec.app that can store your nsec and sign you into any app that supports "bunker" login.
As you can see, it is an issue that has been thought through, and there are many solutions for already. Not all nostr apps support those solutions, and there are still more ideas yet to be built.
Discussion
No replies yet.