Nostr Web Client

Credit goes to nostr:nprofile1qqsph3c2q9yt8uckmgelu0yf7glruudvfluesqn7cuftjpwdynm2gygpp4mhxue69uhhjctzw5hx6egpp4mhxue69uhkummn9ekx7mqkdk3r2 for the image generator

Could you elaborate on the wallet security?

If I’m understanding correctly: current DM implementations require frequent prompts from signers so users typically accept nip44 decryption by default/trust the site. Therefore a bad actor could leverage this for to take advantage of nip61 nutzaps?

Cody 2w ago 💬 1

Your understanding is the same as mine. Of course, I might also be mistaken, since I haven’t looked very closely at NIP-61.

If my understanding is correct, this problem doesn’t only exist in DM apps. In reality, many users completely trust the nostr clients they use, it’s just more obvious in DM apps in particular. That’s why I’m not very supportive of using nostr private keys to manage wallets.

Reply to this note

Please Login to reply.

Discussion

HoloKat 2w ago

Same reason I don’t want built in wallets. As soon as you do it - everyone’s money is your responsibility. And I only vibe code - a big nope for handling money.