Nostr Web Client

PSA:

If you get an error: "Possibly a malicious file. Aborting installation" it's because it's true. The hash of the file in the nostr event does not match the hash of the downloaded asset.

Two possible reasons:

- The developer modified the release after publishing the nostr event to the Zapstore relay

- There is a server compromise or a man-in-the-middle attack

This is Zapstore protecting you, not trying to annoy you.

In the case of APKs indexed by Zapstore (from Github, for example) this will be mitigated with the new zapstore-cli indexer going live in a few weeks.

If the app was signed by a developer, you need to contact the developer.

I am going to improve the messaging, and add a "reckless mode" for those who want to install or upgrade despite the mismatch.

FreedomTech 7mo ago

The proprietary apps do this more than others. Makes you wonder who's changing what and why?

Play it safe. Assume worst case scenario of some Anonymous hacker scum or government 3-letter agency injecting malicious code.

Reply to this note

Please Login to reply.

Discussion

Abstract Equilibrium 7mo ago

nostr:nevent1qqsvkxenxest6j85tryj2ks0f57n8upw2sheuxe5mr494ltl6rmjaqspz4mhxue69uhkummnw3ezummcw3ezuer9wchsygzdhl9hchwmsfyln3lt3ss7qx0s37lm0mzaa42q3ds5ty97hrgkj5psgqqqqqqsuwvhv2