How much do I have to zap nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s to get a PWA version built of Damus? π
Discussion
Iβd contribute to this zappening
Couldnβt zaps just be handled by the wallets with a share sheet extension?
An issue remains where/how to store the nsec.
Browsers do not have a secure storage method at present. Iβm not sure how native client choose to store private keys currently, but they are almost certainly better than storage options in browsers that exist now.
The one pattern for key management that shows the most promise is creating key objects using the WebCrypto API and storing the unserialized objects in indexdb for use in signing/encryption.
https://gist.github.com/saulshanabrook/b74984677bccd08b028b30d9968623f5
Even so, this relies heavily the security of the code which βlocksβ these objects from being imported and on the browserβs single-origin policy browser.
This may not be that much worse than the current state with native apps, but it remains to be proven by folks much more experienced with browser security than me.
As with most clients, the best course going forward is going to be some combination of hardware signers and nsec bunker to get the keys off the critical execution path.
Nostore
This idea is actually all upside.
Apple can't shut it down, and you more than double your user base. Win/win.
While we are asking questions;
What are ylur three favorite flavors of mescaline?