Why would amber need to communicate via orobot? I installed the app and revoked network permissions, it doesn't need network access, it's the clients that use that.
Been testing out nostr:npub1am3ermkr250dywukzqnaug64cred3x5jht6f3kdhfp3h0rgtjlpqecxrv7: Nostr event signer for Android by nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5.
It's still early in development, but so far I'm impressed. It serves such an important need for dedicated key security/secure event signing + it can connect over Orbot/Tor.
"Amber is a nostr event signer for Android. It allows users to keep their nsec segregated in a single, dedicated app.
The goal of Amber is to have your smartphone act as a NIP-46 signing device without any need for servers or additional hardware.
"Private keys should be exposed to as few systems as possible as each system adds to the attack surface," as the rationale of said NIP states.
In addition to native apps, Amber aims to support all current nostr web applications without requiring any extensions or web servers."
#cybersecgirl #amber
Discussion
It's is needed for nip 46. If you don't plan to use nip 46 apps you can download the offline version of the apk that does not have internet permissions
I don't know what that means, I can still send notes just fine with my key in amber even though I revoked Amber's network permissions in graphene.
pretty sure it doesn't need network permissions to talk on localhost, that's not *internet* (LAN should also be exempt)
NIP-46, on teh other hand, is a relay thing and necessarily requires inbound network connection permission, and actually that's not even in the realm of what android permissions allow, because i'm pretty sure that it's assumed that all android devices are either behind NAT or not allowed to by the mobile provider
could be done with a network exposed VPS running a wireguard tunnel but that's about it