Somehow, it wasn't possible to sync my profile pic to my new phone ... but my private key was. 😟
#damus @damus #nostr
Discussion
Mine appeared after a while, not sure from where ;-) nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s ?
Actually, I don't care about the pp
I care about how and why it's necessary to even store the key ? Shouldn't we take care of it ourselves?
the ios keystore is encrypted, where else would we store it? We prompt to store it there or your password manager. We also ask the user, it’s optional.
If we didn’t most users would lose it
I synchronized my old iphone data to a new iphone and had direct access to damus again on the new iphone after the synchronization was complete. I therefore assumed that my private key, regardless of whether I saved it separately, must be saved in the damus app or in the apple cloud, which is why I was able to access damus directly on the new iphone after synchronization without needing my key.
I’m guessing Apple transferred the app data when you switched phones
Finally someone who has understood what I was getting at. ❤️
Yes I guess you are right.
Because #damus is saving the key in app, and there's not even the possibility to delete it from the app after saving it privately and sovereign in keepass for example, wich I think makes it a privacy concern.
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s is there currently any way to remove an nsec from apple’s key store? It would be intuitive for this to happen on sign out, but I looked through the code and I don’t think it does
Seems like a manual action in iOS passwords is a solution to remove the damus nsec from iOS keystore.
Will open an issue to think through the keystore implications.