You as the user have to literally authorize it.
But who gives the right to tap into the wallet in the first place? the authorisation has to come from the nsec owner allowing this handshake to happen between client and wallets, with an understanding that this data is not visible or consumed by the client, and it not for public visibility, unless the nsec owner choses it to be. Otherwise this is wrong. I dont know if this is a bug in zap NIP but this is a major breach of privacy (cc nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 - on zap NIP and information visibility)
Discussion
well i hope that is the case.
You can confirm it for yourself. Just go to wallet settings in Iris. You have to set up the connection for NWC to work, or for any other type of connection. If you do that, clients can display the data they are passed. The client doesn't see the data itself, this is between you and your wallet provider.
