William before making these assumptions and false accusations you couldβve easily asked.. this project is very legit and the way you said this could be gamed is very false, as well as using extensions that protect your priv key is very doable if you donβt trust the dev #[7]
Discussion
I welcome all the different points of viewβ¦thank you both for being here π« π«β¦itβs important for there to be a healthy amount of βdonβt trust, verifyβ
If you pay attention to what I wrote. I did not explicitly say the project was malicious. I said one should put there private key on any website. The devs behind this product did not even add any layers of security such as an SSL certificate. I am educating people to enter threw private key no where's except an nostr client. Http protocol is not safe, especially when not utilizing ssl. I do computer tech and security. This is not secure.
One should not put there private keys on a web browser * , I need more coffee
Easily couldβve just said use an extension to sign in instead of report the page it needs to get taken down lol
Extensions in web browsers are not fully safe, has been many articles on this in the past. And like I said they skipped such a basic step of security. An SSL certificate. Which you can easily with a basic understanding of web security
You really did tho βNot worth it. It's not going to accomplish anything. Anyone can make 5 realistic accounts, verify each other then verify as many bots ad they want. It's just a ploy to get your private key. β itβs just a ploy to get your priv keys.. sounds like youβre saying itβs malicious to me. And βNo worries. Report the page also of you have time. Things like this need to get shutdown. We don't even have any idea who's running it.β Trying to get it shutdown and saying βweβ donβt know whoβs running it as well when clearly a lot of people do bc theyβre involved in the community is strange to me.. like I said you couldβve just asked in a note and Iβm sure other community members wouldβve given you the info you lacked. All Iβm tryna do is give you clarity. Btw your scenario where you make alt accounts to verify yourself isnβt possible, try it out (:
It's not secure. Simple as that. I've been a manager on web hosting and security. They are not taking security priority. Maybe they have good intention to create a bot free relay. But this is not the approach. They did not even add an SSL certificate. I'm sorry if this is your friend. I am not saying they have malicious intentions, but this is teaching people unsafe practice of private keys. This is not the way!!
William everyone that touches it has used an extension my fren lol couldβve came out and said that instead of everything else you said.. I appreciate the insight but everything else you said wasnβt needed.. glad we came to this understanding! Btw if you look at the site itβs literally recommending that you use an extension to sign in. But yeah thank you for letting me know it was missing that security feature, I didnβt know till you said it now so thatβs appreciated! Now I can tell the dev of this issue #[7]
It's just not even necessary, most people don't know how to use extensions. Why complicate things more for the new people then it already is. And the method there using is very easily hackable. I could make 5 realistic accounts , have them verify each other. And if they try adding a method of unique IP, I just need to use a VPN. This will not stop bots. The idea is great, but too easy to manipulate and hack.
William, please my fren make the 5 accounts and try to do what you said youβre gonna do
Itβs impossible my shadowy hacker fren π«
I have much better things to do with my time. π§‘π
Thatβs bc youβre not knowledgeable on what youβre saying, youβre not gonna be able to game this. Specially with 5 alt accounts that belong to you, you need a web of trust amongst REAL frens. π«‘ have a nice day thinking itβs that easy! Lolllll
Yup , you must be correct. Have a great day fren. π§‘π
Also, not gonna lie, with how upset you are getting about it. Makes me even more sus about the website.
Blatant lies & misinformation due to ignorance has never been something that I smile about, my bad if thatβs what you think is the normal reaction lol
Anyone with a technical background knows SSL is encrypted, HTTP is not. And also with bit of research you will see browser extensions are not 100% secure. And anyone can see the plain logic that you wouldnt enter your bitcoin private key or Facebook password on a random website. So why would you do that with your Nostr private key. I am done with this discussion. As it appears you are just growing more irate and denying technical facts. Have a great day, I wish you all the blessings in life. I will continue daily to preach proper safety care of private keys. I will continue to run Contest, I will continue to spread positivity. ππ§‘
Alrightβ¦ No more attention to trolls. βοΈπ
this guy is something else ππ€£ follows for him and engagement means that heβs absolutely right! 
Maybe donβt add him to your chain of trust π
Smh I wish I could take it back but I gave him the verify before I saw him engagement farming thru the spread of misinformation lmaooo
Iβm sure heβll apologize for being wrong and misinforming his followers π
https://www.ssllabs.com/ssltest/analyze.html?d=notabot.net&latest
Here's another point. Would you enter your bitcoin private key in to a random website? Would you enter your Facebook password in a random website? No. So why do this with your Nostr Private Key.
Extensions like alby and nos2x are recommended by nostr client devs what are you saying..? we can never use any nostr mini app that comes out ever ??? I wouldβve missed out on badges if I thought like this
Alright guysβ¦ Iβve got this. I donβt usually give attention to obvious fudsters, but this has gone on long enough. π€ͺ
There might be some legitimate things to address though.
Nsec aside how does this prevent someone who got verified and is NOT a bot from being a bad actor and verifying 5 bots?
I do see that you can NIP-07 (I did it from browser) but maybe the UI made it non obvious.
Just my 2 sats on this. I donβt claim to speak for anyone so Iβll let the separate concerns be addressed by the people raising it too.
And yes I shitposted a funny van meme and also used your platform to have someone verify me.
Ngl I asked myself the same questions on my first 10 minutes of interacting with it! I tried to game it by sending the verify to #[13]β and then having him send it back to me π€£ which was trial & error bc thatβs not possible! He can send it back but it wonβt count! he needs to actually send it to another fren who will then verify me! And in your scenario where you give a bot 5 verifies itβs hard for that to happen bc you can only give that bot 1 verify from your npub, then youβd need 4 more people or npubs who have received the verify as well to then give to that bot, which isnβt gonna happen weβre being super selective of who we give verifies to, why is why I say again I encourage you to try!! π«ππ«‘ hope that cleared up the concerns you had my fren!