That’s why I don’t use any of those

🤝

this is one of the things that has been pushing me to work as hard as possible; the culture we establish now will have great implications in the future to come

this is also why I evangelize microapps and I'm pushing to get NIP-31 + NIP-89 adopted:

superapps are still a threat and nostr very capturable

https://dev.highlighter.com/a/naddr1qqgrxwrfw5m8garwdvm85aenwajxgq3ql2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqxpqqqp65wxtanuc

naw man. it's cool though cuz zebedee **made** nostr. so they're super trustable.

Are there any custodial closed source clients at the moment? Who is behind them?

Que bien odell espectacular como siempre todo lo que subís y comentas 👏👏👏✨💫

The whole of mastodon and the fediverse work like this and its 10x or 100x bigger than nostr in terms of DAU. Nostr current infrastructure can support 10k DAU, fediverse can support 1MM. Nostr relay infrastructure cant support this, so there needs to be other ways.

Someone has to be working on delegation instead of handing keys over, right???

nostr:note1cllxfajr7sc7hp9vskkne9mmxk02zwd2qtr76xm7tvf8dwkenh4sn9c03z take care about it guys

🫡

🫡

i have no idea how to curate my clients? i added a bunch but dont really know what each one is giving to me in my feed? would love some info on this.

closed source or open, we shall not normalise pasting private keys into websites. 2023 seems to be the year where we're standardising bad practice all around. From pasting private keys into websites to wearing hardware wallets around around your neck to storing seeds on 3rd party cloud servers.

Absurd

I dream of a day that a #nostr client that asks for your nsec will be an obvious scam.

Nsecbunker is awesome, but poor client support. I have used it self hosted for highlighter and it does what it says. I don't know of any other clients it works on.

I have amber installed and up to date using obtainium but I haven't put an nsec into it to try it. Any clients support it yet?

I have heard of hardware signers but not played with any yet.

The tools to do this seem to exist but not be implemented in clients yet. Devs please take a break from pretty or fun features to protect your users.

nostr:nevent1qqsv0lny7eplgv0tsjkgttfujaant84p8x4q93ldrdl9kynkhtvem6cpp4mhxue69uhkummn9ekx7mqzyqzvj9w6alhrsvtl5u6ygjkwuwg2sf5lukqskgjpuhnd6dpal0kvjqcyqqqqqqgrkyg6s

I don’t understand why Zebedee have social media and is close source

#[0]

nah, this is good. would you complain if twitter started mirroring their content onto nostr?

The nauseating self-promotion of #ZBD by crypto and NFT influencers already had my scam alarm Bells going off. Glad to know my gut instinct was correct.

also, complicated and hard to replicate additions the protocol, even if open source, are very bad too (e.g. primal's caching). The right solution is the gossip model, local simple views, not global. and complex

✊✊✊

FOSS. This is the way.

nostr:nevent1qqsv0lny7eplgv0tsjkgttfujaant84p8x4q93ldrdl9kynkhtvem6cpp4mhxue69uhkummn9ekx7mqzyqzvj9w6alhrsvtl5u6ygjkwuwg2sf5lukqskgjpuhnd6dpal0kvjqcyqqqqqqgrkyg6s

While I like non custodial and open source solutions, I also think it's inevitable to have a client that's closed source and profit driven. Why? Mainly because Nostr is open and allows this. I don't think it's a threat to Nostr. I think it's perfectly acceptable for some users.

For example, Twitter could implement Nostr. They'd implement a customized relay and a customized client. They'd manage user relays and user keys for them. (Essentially what ZBD is doing.) Then, if we want to interact with those users, we'd add the Twitter relay. I honestly think at some point down the road, this will happen.

I may not sure it, you may not use it, but that doesn't mean the client won't serve a purpose for some. I don't think they're a threat because in the end, the free market will decide. And if I'm right, the free market will choose open source.

I view them as a Trojan horse. The same as I view custodial solutions for Bitcoin. Give users a taste of freedom then show them they can have even more!

Ageed, true FOSS is forged in the crucible of competition and attempts to usurp it. If nostr gets hijacked because we were ok with relays having this much power, then another protocol fork will arise and solve it true p2p style. IF.

never ever putting my private key into any online form. nope ty.

At first, I kind of enjoined how nice zbd is, years ago, but as more time passes, it's became more and more of what I had left initially. How they're hadling nostr is no surprise to me.

nostr:note1cllxfajr7sc7hp9vskkne9mmxk02zwd2qtr76xm7tvf8dwkenh4sn9c03z

I agree there could be a looming nostr 51% attack (equivalent). When you lock people down to a walled garden relay. With the inability to get nsec exported is a bad combo. Plus having said things recently about being the ones that "made nostr happen" is compoundingly concerning.

I get paid to be paranoid, so hopefully that is all it is. 👾👀💜

zebedee is not your friend. steer clear, imo.

nostr:nevent1qqsv0lny7eplgv0tsjkgttfujaant84p8x4q93ldrdl9kynkhtvem6cpzpmhxue69uhkummnw3ezuamfdejsygqyey2a4mlw8qchlfe5g39vacus4qnflevppv3yre0xm56rm7lveypsgqqqqqqs3zq7q7

Does nostr have any way to keep an offline key and/or rotate keys?

We’re building the experience for the masses and we are obviously in alpha stages as we have stated .

Given we are in alpha and the fact that it is so new you would think there’s praise for the amount of users and engagement we’ve brought, one of the first major companies to release a nostr client.

Instead, we're focused on the fact that there's the OPTION to import a keypair. You can create multiple ZBD accounts, you can choose not to import your primary key, though, for beginners that have no idea what bitcoin or nostr is, or a keypair for that matter, it makes all the difference to be able to get ACCESS to the future.

That's what we're enabling at ZBD. We're making the future accessible.

There will be different implementations of this protocol. Different experiences for different audiences. We all speak the same language of nostr and we use the language of value.

Pretty much why I don't use #plebstr - it's closed source, so I can't trust it.

The same folks who created shitcoin and web3 company's will likely start building custodial NOSTR clients soon enough. If NOSTR succeeds and grows then this cannot be stopped.

The non-custodial builders need to outcompete the custodial builders in terms of UX and functionality.

If you are not afraid ZBD will capture the entire Bitcoin market you shouldn't be afraid it will do harm to Nostr either.

Thing is, they're not a Nostr company. They're a mobile game company that rewards users sats and have added a link to Nostr to provide their social layer. I don't see it as a threat. Are people going to regret building social profiles on a platform that can steal their keys? Perhaps. Probably, in fact, since Zebedee can easily lock them out of their social graph.

Same with nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm?

This like leaving your bitcoins on an exchange? Which ones are closed source?

Curiously "closed source" is not at all the issue here.

This is a shared custody situation which is arguably worse than custodial as it produces plausible deniability for both parties.

If a custodial service does funky things with the stuff under custody, all know they did and the question is if the owner asked them to do so. Here, users could do funky stuff and claim ZEBEDEE did or they could have a rogue employee doing the funky things and nobody would know.

As for the open/closed source situation: In nostr, keys can be protected from closed source clients quite efficiently already and should never be provided to any client regardless of the source being available.

Great and valid point.

Open Source, not Open Sores...

Nostr nsec aberration is the bigger existential threat to nostr than closed source .. imho

This feels different. Yes they have access to your account, but you also have it too. Your account is still public and not in a walled garden.

It's not like twitter where they lock you in, this is different... a system where they lock you out at best, where they ruin your reputation without your consent at worst.

I don't understand. If Nostr is an open source protocol like http etc, on top of which anyone can build, how can one client represent an existential threat to it?

nostr:nevent1qqsv0lny7eplgv0tsjkgttfujaant84p8x4q93ldrdl9kynkhtvem6cpzpmhxue69uhkummnw3ezuamfdejsygqyey2a4mlw8qchlfe5g39vacus4qnflevppv3yre0xm56rm7lveypsgqqqqqqs3zq7q7

The good news is that for nostr to be usable in the real world, key rollover functionality is a must-have. So even though right now you think that your key is your everything, if all goes well you will find out that it’s replaceable in the (hopefully near) future ❤️