as a nostr newbie this was my first real stumble:
half the apps ask you to paste your private key to log in.
nip-07 signers (browser extensions) don’t work on mobile.
if nostr adoption spikes via bitchat, that’s a major disaster waiting to happen.
would you ever paste your private btc key to move funds?
then why paste your nsec just to post?
Have you heard of Amber? It's a mobile app which stores your nsec to sign in various apps (not all support amber login)
You can get it on nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgpzdmhxue69uhhqatjwpkx2urpvuhx2ue0e2p4dj or if you don't use zapstore directly from github https://github.com/greenart7c3/amber
yes i am aware of those kinds of nip-22 signers. it‘s a good thing they exist but it just defends you a little bit.
if you end up leaking your nsec, amber will still not help you. you will loose everything.
i could not find any signers for ios, though. amber is also just for android.
Sure, if your nsec is leak through an app, amber doesn't protect you. That's why I don't use those apps where my nsec is required.
I now there's a hardware signer, but can't remember the name... Maybe in LNbits shop or a dude here built one.
I don't care about the problems you brought up in this reply to be honest.
Apple users? Fuck em
Leaking nsec? Just use Amber and stop pasting your nsec everywhere.
That all said and out there, you were probably looking for frostr
nostr:nprofile1qqsxu35yyt0mwjjh8pcz4zprhxegz69t4wr9t74vk6zne58wzh0waycpr9mhxue69uhkgetjva5kw6fwdehhxarjxyhxxmmd9uq5gamn8ghj77tvwpc8g6fhv3uxkcm3w4nx2drtxfmngurrxfmrxdmhwe3hsumkv5mk5mmv0fhxjut3vdj8j6tkw9c8zmr9xdkxjepwdahxjmmw9uratzma i think your initial intuition is correct to think of contingency in case of disaster but the resulting „presign a new identity in advance“ is your geek brain talking.
normie users are lazy and struggle already with user+password. there needs to be a solution that requires no thinking and is secure by design.
not dunking, just trying to provide my perspective of building products for normies for a few years.
Now you are talking to the wrong guy, because i copy paste my nsec all over the place and in whatever app i come across. But that is besides the point.
I agree. Let me take a shower and take a walk first, il post later today. But i will mention that bunkers like amber, or the frost-bunker start.njump.me provides are half the story, and bunkers should be the default way of using Nostr, for more reasons than 1 (bunkers could be smarter and really powerfull identity management system). But i will be going into the compromise/key-transition side of things first.
More than simply “bad design” by app developers, pasting nsec is gonna bring the lawyers chomping as regulations increase.
Nos2x-fox works on mobile
