Replying to Avatar stat

yep. the security is in the hands of the client.

apple in general is extremely good with handling this, actually mobile in general.

however, if a web client is poorly coded, you can trick the website into loading a script. if you can run a script on the browser, you'll be able to steal cookies / private keys etc

however, if you're using mobile, then the security risk of nostr is the same as any other social media that allows exchange of free form text
Avatar
Anthony 2y ago

I assumed so.

Have there already been malware instances?

Reply to this note

Please Login to reply.

Discussion

Avatar
stat 2y ago

yep! in the early days, new web clients were spawning everywhere and many people quickly figured out you could do elementary (script kiddie) xss injection and steal cookies

however in this phase, web clients are more mindful of this and things like alby helps a lot

Avatar
Anthony 2y ago

Ok.

As a Damus user what should I be looking out for?

This seems like ripe environment for social Engineering which is a no brainer.