i kinda stopped using amber.. why? because apps ask for too many permissions and abuse our nsecs. to use any app you have to approve all anyway.
better would be apps using device keys for all that garbage and my nsec just for when i want to send a message.
Agreed, and Amber is annoying to run as well with the notifications and junk.
these apps sign 10s of thousands of things every second and here i am trying to see what is being approved..
made me sad 😭
It makes sense to set some actions to always approve. You have the right point but this is still a test network. There is room for the future of Amber, I am certain.
Core app gang but I would reskin it personally
Wait I'm gonna reskin my amber because I can lol hold up
When you say “device keys” do you mean just a generated pair of keys specific for that operation that don’t need identity (but need to publish a nostr event nonetheless)?
I still use amber for when I need remote signer (bunker) stuff. But I agree with you about the permissions, I was complaining about this 4-5 months ago any no one understood.
Every native Nostr app doesn't understand when I refuse to sign an event. They just continues to ask for a signature until I close the app or give in. It makes them unusable
I think that nsec.app does it, but there should be an agreed upon set of basic + advanced presets for different kinds that will be auto signed. That way it doesn’t flood the user with a bunch of sign requests, because they’ve already preapproved for the given kind it’s asking to sign in whatever group they allowed.
A standard might be nice but why are the apps flooding me with sign requests in the first place?
yes, i think if apps want to continue to use nsecs and relays as their database, they either need to standardize it or use device keys.. amber must be able to parse out the content of an encrypt/decrypt.. and recognize what it is used for in the case of overloading a single key like this.
when i use PGP, the mail app doesn't use my PGP key for storing a last read UI notifications..
😅
ahaha, that's a relay access control issue. the purpose is so that other apps that recognise the data can have the settings without a further complication in syncing the settings. a lot of clients do this, jumble does it, for example. one of the first things i see when i log requests it sends.
This is apos' fault, not Amber"s one.
Using Amber, or any other signer, more will force apps to improve how they manage rejections.
Hopefully, but in the short turn it just means I don't use any other apps :)
That "garbage" often includes meta data that should be signed by an nsec. The issue is that most people rush through that first step on Amber when adding a connection; if you spend an extra 10 seconds reviewing permissions, then this issue doesn't occur (until the app adds more permissions that weren't approved during setup)
its not tho, its a bunch of app data that is meaningless to any user, like machine encoded last clicked this page timestamps and unread/read notifications .. it is not standardized at all and it all pops up under "nip44 encrypt/decrypt"
and if you reject any of them, the apps just spam the requests and break, they require you to blanket approve all of it.
there needs to be some API to tell amber what permission set the app needs, with reason texts for each of them, so you can approve them in one go. this should be a client side thing, also, but if amber had a batching API call to set permissions in one hit that would help a lot too. and app devs should think carefully before they add new ones.
actions it does are both signing events and as well for some, encrypting.
there is small things that would improve on amber side, but really, most of it is client devs responsibility.
its an area of no nips.. just encrypt/decrypt gobbltygook 10,000 times a second. 🦖 i only use this statistic cause thats what vitor said amethyst does.
yeah, there's a lot of areas that the nips are lagging way behind what is actually being used. the "gobbledygook" is regular JSON data. it should be simple to define a thing where there is an app identifier as the keys in the object and then that contains arbitrary json. then the apps wouldn't be clobbering each other's format.
it really needs a nip to at least explain this. but client devs are a bit dim and none of them have even thought for a moment about cross-client interop with this feature.
probably it would be a lot better if the events were addressable and the label was the app name.
i'm not gonna waste my time trying to explain this to either teh nip guardians or the app devs tho. when i make a client, i will define a protocol that is interoperable and then just sorta subtly POINT IT OUT a few times. ideally, i make several clients and then i make it so they interop to demonstrate the principle.
also, what is up with freaking out about signers signing and encrypting events anyway? a) nobody else can read it and b) outside the timing of the signals it leaks no information except maybe the app being used. the combined single event encrypted with object with multiple tags for different apps avoids that metadata leak.
i don't get what the paranoia is about encrypted events. sure, non-encrypted events being signed willy nilly ok, but if the event is encrypted, it's already one step lower on the risk level.
We generally recommend the device key approach wherever it makes sense. It's used exclusively (save for kind 0 and WoT DMs) in Trackstr and nostr:nprofile1qqsdjx9yymrv7q50cwt2zm076q732lwzx4tz0za5rjg3hzqaxcearaspzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz79lc9uc, and for nostr:nprofile1qqsxhugzf33nvzfmvvkm9k3pkedyf37c9qcy2na56atrfw3grctpeyqpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7cl24cn we do a lot of signing with ephemeral keys to avoid the same problem
There's more we'd like to improve, such explaining why a permission is required post request / whilst waiting for the signed event
Users should never be expected to "accept all", steer clear of apps that require too many permissions.
a signature with an ephemeral key is meaningless.
the apps should be starting out with a thing to show ALL of the required/optional permissions and bam, done. this is partly an issue related to the permissions system. android even has this, where you have to permit like 4 different things on first startup. the signers could improve on this by allowing batch pre-authorizing these actions, you can exclude the ones you don't want (the signer should explain the implications) and never be asked again until the app is upgraded and needs new permissions.
also, another feature request for signers:
whitelist or blacklist based on relays
yes, jumble is one of the best apps for the permissions mgmt. very clean, never had a problem.
currently, when i open any app (like jumble even) my fox2x pops up asking me to accept primal permissions and is slowly dying because i clicked someone's primal share link 2 months ago, they will not go away, and primal spammed nos2x to deth. eventually ill have to re-install it again to regain its functionality. from clicking one bad link!!! crazy.
What if you had your nsec sign that your device key was you, and if the device key leaks we just pretend that you deleted every event it signed 🤔
