Replying to Avatar elsat

You mention “In general I like to know what I'm signing”

In your experience, which apps led you to not be sure what you are signing on nostr?

For example, “amethyst and amber signer on android”.
Avatar
Aida 8mo ago

Yeah, that is why I don't give apps the direct access to the nsec and why I limit what permissions they have in Amber.

I read the raw json of the notes to see what is in it.

Reply to this note

Please Login to reply.

Discussion

Avatar
Diacone Frost 8mo ago

That's paranoid. Like you really belive that, say amethyst, will show you 100 times the real thing and then suddenly go rouge?

Avatar
elsat 8mo ago

In my experience I see

“signer X is asking you to sign kind-818171”

It is therefore not crystal clear or human readable, to the prompt reviewer what they are being asked to sign.

Avatar
Diacone Frost 8mo ago

true story

Avatar
Aida 8mo ago

I would not sign that without looking at it and understanding what it is.

Avatar
Aida 8mo ago

Yeah it is a bit. In the case of Amethyst it can do posts, comments, reactions, drafts, but for example addition to follow list is something I still check manually to make sure that the newly signed list is not damaged. I'm not thinking that Amethyst would do this maliciously, but it can still happen due to a syncing error for example.

Avatar
Diacone Frost 8mo ago

fair enough