you're trying to imply that publishing a confidential message unencrypted but with a preamble that says "do not read" is exactly the same as using signal because signal could technically ship a compromised apk to you and leak your message
everything is social pressure and trust at some level
you're pretending to ignore that the levels of trust required are distinct
It's not though. On Nostr I operate under the assumption that someone already has my nsec, we all should do that. Because it's entirely possible. I bet at least one person has my nsec right now, maybe a few people. I'd never know. Nostr really does rely on social pressure so why bother trying to be secret?
But if I started again on Nostr and did only Frost and bunker and White Noise and all that, in that case it'd be different. That's still a really bad experience, so I'll wait. But the tech matters, you have to admit.
All good points in this thread, but i’ll still take a key i control over some rando server managed by someone else.
If you have lots of money tied to a key i probably wouldn’t use it in mobile apps that are hard to verify… i would read the source code and compile from source and just use notedeck.
Anyone not reading the source code and compiling it themselves has to trust someone, even in the keyserver case. The server case is even harder for people because people have phones, not computers with servers.
We are already lightyears ahead in comparison to legacy social media platforms and protocols, at least users have the ability to choose their risk tolerance levels with different clients. On legacy they can read your DMs and make posts on your behalf if they wanted to.
True. It's not only risk tolerance it's friction tolerance too.
Though to be fair I should give frost/igloo/bunkers and all that another go, maybe the experience is less friction-y than before. Try living on Nostr for a few weeks bunker only, see how it goes.
