Seeing new Nostr app launches where the app asks for your NSEC as an option in order to login. Does this not compromise your nsec? Why are these VERY PUBLIC FACING dev groups doing this. Please help me make this make sense?
Discussion
From what I understand, you gotta check the code for each app, or use the “trust me bro” model
Were still at the trust me bro stage? Don't trust verify should be the standard after three years.no idea why anyone would launch something on here that did not already have that baked in somehow.
Because those have problems too https://crypto-sec-n.github.io/
The best option is ALWAYS; don’t trust verify
Don't put you nsec everywhere .
I don't but other new peeps that come in here will blindly enter their NSEC into these apps. Something stinks about that IMO.
I'm implementing it for ease of onboarding.
Nsec is processed locally in the browser only, never sent to any servers.
No average Joe is getting setup with a browser extension from the get go. I've also implemented 2of3 sharding because people will lose their keys.
Because not very nsec is equal?
Because many Nostr devs or Bitcoin don’t care for privacy 💜
Most of them do.. 😒 it’s stored locally, but there’s no real way to check that. Someone could easily make a malicious client and secretly harvest nsecs and store them for later use.. 🥸
I'm not very smart but I am guessing that is not the optimum tack for developing a nostr app.
When I joined nostr, trying to make me install a browser extension seemed suspicious. It was a hurdle on the way to trusting nostr enough to try.
Users should have the freedom to pick convenience over security when it fits a use case