Keys are simple, external 3rd party dependencies aren't (and, as you note, may not be any more secure). It's all about ease of use for non-technical users. But the days of nsec login are numbered, we just need really solid flows for secure custody. nsec.app comes close.
Discussion
Entering a private key into a web app is much less secure than a signer app or extension. However, a signer app still can have its issues, just less.
A few of the issues:
- Phishing attempts from similar looking domains.
- Hot loading code from a remote server, not signed releases from the maintainer.
- Encourages entering nsec somewhat carelessly into more than one web app. It could be entered into a clipboard, which as been another vector of attack.
- Users habits of this type of behavior from passwords on every other web app. Passwords can be reset via email resets, a private key can not be reset. It can thus not communicate the importance of it not leaking, and thus careless backups and storage.
None of that is good for non-technical users.
Great points. Web apps also have lots more supply chain attack vectors than single-purpose signers might. I especially like your point about training users. Lowering security to accommodate UX doesn't do anyone any favors.
What are your thoughts on https://app.nsecbunker.com/?
It's a good start, but ultimately a custodial honeypot. Self-hosted bunkers are much better, but hard for normies. Multisig could be a great way to solve this, I know it's been worked on some.
start establishing the self hosted bunker paradigm now. its going to be necessary for the internet of the future
The use case for it I think is limited to cases in which delegation is a need, for example for an organization with employees.
It being any kind of added safety or security, I think is a far stretch and confusing use of naming.
It's often custodial and by that nature already leaked; not your keys, not your profile. As for it being self-hosted, a simple signer app that isn't remotely accessible or managed has much less risk.