Can the NWC strings not be kept on the user devices hashed and transmitted to relays?
Discussion
That’s not how it’s done at the moment. When you generate a string it contains all the information needed to send commands to your node. Maybe someone should write a spec for that!
I smell a new NIP brewing ☕️
I’m not sure what hashing it would do since that’s a one way function.
As I understand it all Zapple pay does it listen out in relays for a pubkey to send a certain react event referencing a note. When it sees that it uses the nwc string to initiate a zap on behalf of that wallet.
Those strings can be encrypted but the key to decrypt it would need to constantly be available making it a moot point.
The people using Zapple pay aren’t sending any other data for Zapple pay to handle (such as a key to decrypt the nwc string or anything).
Safest thing to do if worried is to run your own or if on Damus run that Nostr script to re-enable zap functionality.
Yeah ok how do I run either of those?
Nostr script: https://main--comfy-gnome-e2067d.netlify.app/
Hey nostr:npub13azv2cf3kd3xdzcwqxlgcudjg7r9nzak37usnn7h374lkpvd6rcq4k8m54 you’re using #zapple get in here what do you think of this?
To click or not to click? That is the question nostr:npub13azv2cf3kd3xdzcwqxlgcudjg7r9nzak37usnn7h374lkpvd6rcq4k8m54
Lol if you need some credibility here rather than running a script because a stranger on the Internet said so:
nostr:note1gjd2str0tfqvrcwdttskxkd52vmsagc477gsr858k0ug86nuj60qzn6uas
TBH I don’t know nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s either 😆 it’s all good though at some point there has to be trust I would never get anything done if I always had to check everyone’s work.
True and I’m just a nym. He’s a well known dev. I’d trust him over me! 😂
Zapple pay backend.
Nice TY 🙏🏻