I like it.

Full decentralisation is not feasible/profitable. A hybrid model works best, is attractive for businesses and is a good way to ensure a lot of quality of life additions as well.

It’s a useful UI to lure people in.

Did you bump your head?

This is what I mean when I say create ways that make it easier for folks used to traditional social to come over. Very into this!

The effort of this would be honorable, though I see at least two "pain points" :

- we should have to consider the surface attack of sending the PK onto the network

- It would keep the lambda user wouldn't have to take into consideration the paradigm change regarding accounts and might think it still works the same way with it's old habits.

But maybe I'm not awake enough yet 😅

https://flycat.club/post/45c41f21e1cf715fa6d9ca20b8e002a574db7bb49e96ee89834c66dac5446b7a/why-sign-in-from-eth-wallet ha, I wrote about this idea before

It has to be easy for the masses think path of least resistance just a natural property can’t even blame people for being lazy gotta conserve energy you know ⚡️

This would only work for a single client though right, somehow the client has to make the link between the email and the nsec. Or maybe this could be provided as a secondary authentication service using nip-46? I guess either way someone (besides the user) has to store that email and the nsec together somehow

I think nostr wins by being different and there isn’t a need to integrate it with legacy systems. I feel this just waters it down and makes it too similar and why would someone switch to something that is not that different?

I think the first thing I’d struggle with is the emailing of your key pair. Hard to keep that transmission secure as well as it just being difficult to explain that it (npub+nsec) is the real “key” when it feels like a secondary measure to using google login.

Flycat experiments some feature of meta mask log in

I’m actually curious of the data, how many people get into nostr by this feature

It's a good idea.

For Google users can store/backup encrypted to their Google drive.

For Apple users, I believe similar to apple cloud.

I don't know if either of these can cross apps (doubt) but it's a good start and can provide mechanism in app to export to use in another app

The email could even explain what they are and how they're used with links on how to secure.

No bad ideas, imo.

I’m a little confused. I have to double check and make a comment later.

Nope. We have to move on passed email logins and simple passwords.

Maybe passkeys?

https://developers.google.com/identity/passkeys

Was thinking about that some months agoo

at the end wallet of satoshi works by email, (of course you are not trusting with a lot of money) but it's only a simple email not the whole cloud stores thing..

nostr key are very simple to generate and store 🤔 actually making it super interesting as a first impact for someone new !

I mean the first impression of " I am the one owning what i post here" will go disappearing ( for that kind of users).

Nostr could grow by some clients using this ( that will also lock user in THAT client, since property log in connection).

But it will not spread the nostr protocol meaning.

New user simply won't get what is this about and will be set apart.

I'm late at work for writing this 🙃 🤣

I think it's a great Idea. People are lazy and non-technical that's why a lot of people like to use one click logins.

It would absolutely help onboarding new nostriches but as you said, the whole purpose will be lost in Google's servers somewhere.

I think this option should exist.

Give google your private key? No thanks.

Transitional tools are going to be critical to mass adoption at some point. Chances of a hardline switch in group mentality are low. Just like the frog in the boiling pot, but slowly cooling him back off so he doesn't go into shock. 😊

(If that makes no sense, it's because it's late here 😂)

Great, can we throw in our house & car keys, bank account access and private sex tapes?

I think it's an anti-pattern in decentralization

I've been thinking recently and I thought - do we really need and want mass adoption? Shouldn't we be more of a parallel platform?

I often see Nostr users writing "the local community is wonderful, full of love and enthusiasm" or "people on Nostr are so much nicer than on Twitter". If you consider these things (like a healthy community without hatred) as decisive advantages of nostr, don't forget that you will lose this advantage by mass adoption. The atmosphere here will then be as rotten as it is today on Twitter.

If we remained a parallel community with some organic entry selection (only people willing to think of their souvereignity will get here) wouldn't that be better in the end?

I do not know the answer, just thinking.

why send nsec tho? Just store it and sign messages on user's behalf. Pls don't give nsecs to people, who don't even know what nsec is and why it shouldn't be leaked.

Add a SAML or OIDC Authentication schema for enterprise/businesses as well, and you're golden!

I get where you're coming from. While I prefer not to, it would definitely help. Here's how I'd go about it if I'd implement such a system:

Create a nostr acc:

- Email

- Password

- That combo creates a keypair and logs u in (the site/app handles this)

- nsec/npub is encrypted with that same password, and the file is sent to the email provided (to prevent email host or others to get their hands on it).

- Alt: Sign in with Google or whatever. Same steps.

Side note: Still hoping for a wallet-like app for Nostr (HD nostr accounts) =3

Interesting idea, but would you send your bitcoin private key by email, especially on gmail where emails are analyzed by google?

Probably not, it’s exactly the same for a nostr private key

If I remember correctly, nostr:npub1k7cnst4fh4ajgg8w6ndcmqen4fnyc7ahhm3zpp255vdxqarrtekq5rrg96 was working on something like this during the #Nostrica hackathon

But Google would have all these people’s private keys!

Later today I’ll publish a draft of a protocol I worked on few months ago. It’s not nostr first, but nostr compatible with auto fetching metadata (name, img)

Send nsecs to Google servers? Hell nah. They scan every single byte in those emails before it reaches your inbox IIRC

Nah let's just build our on Google on nostr

Good idea.

The people that currently don’t know how nostr works (normies) probably don’t care if google has their info/data, so yes this is a good idea for easier onboarding. In fact, many of us already on nostr probably give google a ton of our data. If this is an optional feature that can help onboard a broader user base, I don’t see an issue with it.

I get the need for onboarding and adoption, but integrating with Google in any way, shape or form automatically triggers internal screaming in me.

There must be a better way.

Appreciate the recognition of the problem but do not agree with the solution.

Once we have revokable private keys, only then, maybe send an encrypted version. Sending around plain text nsec is a huge no (much less to Google).

I'm sure there's some middle ground

What about a lightning wallet QR log in? I like that. It's simple, easy, user friendly for the not so tech savvy people. I'm not really sure about how that would work but maybe it helps? 🤷‍♀️

Do it.