pull down to refresh
20 sats \ 8 replies \ @siggy47 24 Dec 2022
The thread has valid criticism of nostr. I have already realized that if I plan on using nostr long term I will need to assume a number of identities. Right now there is no way to secure your private key without enduring the inconvenience of copy/pasting it to sign every interaction. Some people are using alby, but then you are trusting alby. I have experimented with my password manager, but it's still cumbersome and again, I need to trust my password manager. That's a scary proposition considering the Last Pass disaster.
I am still optimistic that the smart developers involved with nostr may come up with better solutions in time.
reply
30 sats \ 5 replies \ @gandlaf21 24 Dec 2022
I agree... in my opinion, signing has to be done outside of the clients. I imagine something like an API on the device, where you can store your keys in a secure enclave, send in the information or message that needs to be signed through said api, and the api returns the signature. this way clients could call the device's api to sign messages, and don't need to store private keys themselves.
reply
20 sats \ 1 reply \ @gandlaf21 24 Dec 2022
https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/protecting_keys_with_the_secure_enclave?language=objc
something like this.
reply
0 sats \ 0 replies \ @siggy47 24 Dec 2022
Yes, perhaps with a way of using an existing private key to avoid having to start over.
reply
10 sats \ 2 replies \ @siggy47 24 Dec 2022
Good point. That makes sense regarding the signing issue. The thread also discusses the real problem that security erodes as you use the same public key continuously.
reply
20 sats \ 1 reply \ @gandlaf21 24 Dec 2022
Yes, key rotation in general. Also, what happens if the Private Key DOES get compromised? There won't be a password reset button, that's for sure.
reply
0 sats \ 0 replies \ @siggy47 24 Dec 2022
I think mine has already been compromised. I don't really care, since I'm keeping no sats in my wallet and I'm just playing around with a throw away identity right now as I experiment. Things will be different when I am ready to set up a permanent presence. I'm still toying with different ideas on security.
reply
20 sats \ 1 reply \ @blockguard 25 Dec 2022
Maybe same kind of device like a hardware wallet? Or yubikey?
And of course user should always have a duplicate signing device.
It really is no different to your house or car Keys.
reply
0 sats \ 0 replies \ @siggy47 25 Dec 2022
I'm sure things will head in that direction. Of course,.when you're hodling bitcoin you need to use your wallet at most maybe inve a day. It will be impractical to access every time you like a post or respond to a dm.
Also, using the same public key over time will erode your privacy in the natural course of interacting with your followers. I guess that is the nature of social media and shouldn't be considered a problem.
reply
0 sats \ 0 replies \ @cameri 25 Dec 2022
Valid points from Pippellia's. Nostr is still in its infancy and so is the network of relays and clients.
Lots of work to be done in several aspects on both the backends and frontends: security, privacy, UX, scalability, performance, media storage (might even stay out of the protocol forever, who knows), resiliency, fault tolerance.
But I think it's a pretty damn good start, and the rate of new collaborators vs new users is keeping things afloat.
One thing to keep in mind is that the Nostr protocol is not trying to be perfect from the beginning, but to evolve through collaboration, consensus and more importantly usage and demand. Nostr is out in the wild, learning from its mistakes and becoming better and what people really need and want.
This is in stark contrast with the other options out there trying to become next big thing but with a laundry list so large we won't see any viable product in a long time.
reply
0 sats \ 0 replies \ @ama 24 Dec 2022
I'm not using the #BirdSite anymore, so I haven't read the thread, #FuckTheBird. But as Bitcoin is the tool to decentralise the monies, I believe Nostr might be the one to decentralise the infos, whether they are in the form of social networks, web sites, or many other forms we might not have even invented or imagined yet.
reply