Nostr Web Client

Pomade is getting closer — take a look below for a demo video, or try it out yourself at https://pomade.onrender.com.

https://coracle-media.us-southeast-1.linodeobjects.com/pomade_demo_3.mov

For more details, take a look at the repository at https://github.com/coracle-social/pomade.

I am currently looking for security-oriented reviews, so if you're interested in using this project for your client, please take a look at PROTOCOL.md and tell me if you see any major attack vectors! Of course, an email-based recovery protocol can only be so secure (email providers, senders, clients, and signers are all assumed to be somewhat trustworthy). If you really want to go deep, a review of the signer code would also be helpful.

Finally, if you'd like to run a signer please let me know and I'll add your signer to my master list of recommended signers.

Reply to this note

Please Login to reply.

Discussion

Sync 12h ago

Once that is covered there is no more, onboarding friction ?

hodlbod 12h ago

That's the idea

Geektoshi 11h ago

Heading out to touch grass for a week tomorrow, but been poking around Pomade so happy to share thoughts tonight.

su-do 11h ago

It would be great to have a shot list of actions required to test

hodlbod 10h ago

Just released a new version that has some explanations. The test flow is sign up, back, login, back, recover. Should give you an idea of what's going on

Michael J Burgess 10h ago

I have a few questions about the platform's functionality and accessibility. Firstly, is it a prerequisite to have designated signers to access and use the platform's features? Furthermore, are users allowed to log into the platform an unlimited number of times, and is its design exclusively oriented toward business applications, or can individual users also take advantage of its offerings?

Additionally, if there are reservations about using email as a login method but a commitment to creating a user-friendly experience, would it be possible to implement two-factor authentication (2FA)? Options such as a rotating password mechanism or a one-time login link could significantly enhance security while ensuring ease of use for all users.

Moreover, for users who may be more technologically adept, it would be advantageous to consider integrating Universal 2nd Factor (U2F) support. By providing the option to utilise physical security keys or biometric authentication methods, such as fingerprint scanning or facial recognition through a mobile application, the platform could greatly improve both its security measures and overall usability. Implementing these enhancements could better serve a broader range of users, ensuring everyone feels safe and supported while using the platform's features.

These are just some thoughts to mull over as you consider improvements or potential solutions tailored to various user needs. Have you even considered making a simple nostr only alturntive of your own