oh its #[1]
Discussion
Oh I didn’t know it wasn’t… what if they’re stealing my nsec??
what if every nostr client out there is stealing nsecs, im not nerdy enough to check their codes
i wanna know what client #[1] is using
Yeah but if it's open source someone else who does have those skills can check. Whether this helps depends on the size of the codebase and the size of the userbase.
true but what if people w/ those skills are in it to steal nsecs too 😂, is it safe to say whatever nostr client on apple app store is safe because apple people check their codes? maybe just for people that trust/use apple right?
I am not terribly familiar with apple store but some hilariously dodgy shit has made it onto google play at times.
That’s why they should use nos2x, I think that’s the entire point. I don’t trust my nsec anymore so I won’t be DMing private info with it.
nos2x only works with web services in your browser.
TBH the correct position is to just not associate private info with your anon accounts whether private or public.
AFAIK, no native client uses an extension for signing. They all have up enter your nsec.
I also agree, open source only provides a false sense of security for 99% of people. They’re not (even if they’re like me, and *can*) going to read all that code, especially for every update.
On iOS every app is essentially closed source anyways, as you cannot provide a reproducible build. Builds are done by the App Store account holder, signed, and uploaded.
With software, reputation is everything. In my personal opinion (which I am humble enough to acknowledge should hold no weight with anyone else on here) plebstr’s team has earned good will and trust. There has been no evidence of funny business thus far, and I’m someone who looks for that sort of thing, and uses it daily.
For FOSS options, there is always Damus, Nostur, and Kiwi. Their code is open, but again, the trust is on the devs that the code in the repo is what runs on your phone unless you install Xcode and build it yourself for your phone.
Just my two cents as an erstwhile dev.