Nostr Web Client

For the last several months I've been working to develop patterns for using keys with cross-platform applications like Flotilla in a way that doesn't scare people off. This is crucial for achieving my stated goal of creating software that serves the kind of people who do not know what a public key is.

There has been plenty of work in this area by other people which has brought this goal slightly nearer for me. In particular, I think`ncryptsec` for backups and good mobile signers like Amber are the cleanest solutions out there so far, and multi-sig key storage protocols like bifrost and promenade promise to substantially strengthen security without increasing the burden of new concepts on users.

Unfortunately, none of these solutions remove the need for users to learn what keys are. Users are going to have to be able to use keys, and in order to do that they will need to develop a mental model for what they are and why they matter. If they don't understand what makes keys important, they won't understand why traditional custodial account management is a problem.

To that end, this blog post is my best attempt (so far) at explaining Why Keys Matter.

nostr:nevent1qvzqqqr4gupzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqy88wumn8ghj7mn0wvhxcmmv9uq3jamnwvaz7tmgvfezucm0wfskxmr99eek7cmfv9kz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uqzpqzk5jslrkvuhrthh6l7p36fr95mv4p0p00eseq8q7vlsx5t53cv20f3er

Reply to this note

Please Login to reply.

Discussion

Five 10mo ago

We built hospitals, trained doctors and established all kinds of institutions.

"Unfortunately" these don't remove the need to learn what kids are and how to do proper parenting.

Many people still keep their children in the state's custody. And some will still do so 50 years later.

We'll just let them learn from their mistakes while offering the best alternatives we got. Building sovereign communities. And keep focusing on attracting the open minded.

If I concentrate on the right people and all the small improvements, I can realize that the future is now.

The glass is half full.

Niel Liesmons 10mo ago

Yup. That's why UI/UX that hides Keys away "for the normies", won't have any "normies" using it.

And why I focus so much time on integrating those basic Nostr concept in a playful and relatable way.

DrRickUK 10mo ago

How do I access the long form article - my primal app refuses to open it?! And it cuts off the address, so I can’t even manually copy it.

hodlbod 10mo ago

That's kind of weird, maybe try coracle.social

DrRickUK 10mo ago

Thanks - I’ll give it a spin.

The reason I was interested in your post was because I’m concerned about pumping my nostr priv key into every new app I try - I wonder whether this could become a security hole if someone produces a dodgy nostr app. Do you know if you can use your private key to sign something offline that then proves you own the public key and allows you to access your posts on another app without potential priv key exposure?

hodlbod 10mo ago

Yes, it absolutely is, you should be using a signer to keep your key safe, here are some options: https://nostrapps.com/#signers

DrRickUK 10mo ago

Cool - I knew there must be something, but only because I have a basic understanding of private key security. I worry about other folks who might pump their nsec into any old app they come across - we need to make this clearer to newbies, I reckon.

DrRickUK 10mo ago

This is the first coherent answer I have received about nsec security - all other people I’ve interacted with on here and 0xChat have been treating it like just another social app and shrugged their collective shoulders when I asked about it.

It looks like, yes, we still need to debate this or at least make it clear to newbies.

hodlbod 10mo ago

Yeah, onboarding is still not really great across the board. https://start.njump.me is a great place to point newbies. It explains things clearly, prompts users to back up their key, and offers a multi-signature bunker out of the box.

DrRickUK 10mo ago

Is coracle.social available on iOS?

hodlbod 10mo ago

No, for iOS you might try https://nostur.com/

idsera 10mo ago

You can try https://jumble.social/ on mobile as PWA. Works great.

DrRickUK 10mo ago

Great article btw - I managed to read it on Nostur, but because I didn’t want to expose my nsec, I’m only read only on there until I’ve done my due diligence on a signer app. Strange I couldn’t open it on primal.

Once I’m across it all, I may generate a new identity and log into all apps from a trusted signer - like I say, this all needs to be streamlined if I’m going to start promoting this to my normie mates.