you enter your private key in nostr client to start using it, and then their database gets leaked
Discussion
We definitely need other ways to sign in. Like hardware wallets got developed we need some kind of airgapped device which lets you sign in for a set amount of time or something like that.
We’re still early.
The db data can be hashed though
you don't even need to save nsec in database, it's supposed to stay on the client side.
unfortunately I know for a fact one client transmitted nsec to server and was saving it unencrypted for all their users in central db.
man w'd go from like 1000 to like 15 users if a larger client had been storing nsecs and the data leaked. Sure the die hards might start over but would destroy the nascent ecosystem.
Nobody should ever be using a Nostr client that stores your nsec server-side.
I’ve been hoping this would happen for ages. I just need to get hacked then I’ll be doing big numbers here.