Replying to Avatar jb55

Damus’s build process currently bakes the current git hash into the version number in settings. You can look at this hash and compare against the source code with that version. You can clearly see in the code that the nsec never leaves the device or is ever sent to damus servers (I dont even have custom servers that damus talks to)

Not to mention there are no trackers or integrations that have the ability to send information outside of the app. This is why we open source 👌 nostr:note185tvu0nld67ler6lg0hhhuqqua7u5r2svtc5e22zknffd4uuw40s5l4ty6
Avatar
Luke Dashjr 2y ago

This all assumes they trust the git hash is correct and unmodified or spoofed, both of which would be trivial to do. So they might as well just be taking your word for it...

Reply to this note

Please Login to reply.

Discussion

Avatar
HoloKat 2y ago

This is probably true for every app. Nobody reads tos or the code or understands / cares how the info is handled and who has access to what. Only some developers might and the user trusts that enough devs looked at the code and confirmed that it’s not stealing everything from the user.

fd
nobody 2y ago

Yes, I trust will 100%

Avatar
HoloKat 2y ago

There is trust in many things and people we rely on daily. It’s delusional to think we can live in a trust-less society. Trust-minimized, sure.

fd
nobody 2y ago

Yes, you have to be careful who you trust but some is good

Avatar
badonyx 2y ago

It is not true of every app. Bitcoin core has a reproducible build process. You can verify the published binary came from the published source. However I don’t think this is possible for iOS apps due to Apple’s signing process.

Avatar
HoloKat 2y ago

No non-dev user is verifying any binary. They will just install and use. The whole verification thing is for a tiny subset of people technical enough to understand it.

Avatar
The Fishcake (nostr.build) 2y ago

You can always build your own Damus, I do. 🐶🐾🫡

Paranoia has to be applied in healthy dosages. Do you trust Apple to keep your nsec safe? What about all the TLS interactions? Do you trust they private key of each site is safe? This list can go on forever……

Avatar
Luke Dashjr 2y ago

I don't use Apple for a reason (well, several...)

Avatar
The Fishcake (nostr.build) 2y ago

Don’t think that any other company is sacred. And Android as compromised by Google as any other phone OS. Graphene OS is not an exception to this either 🐶🐾🫡

fd
nobody 2y ago

We need something totally new! NostrOS