pull down to refresh
50 sats \ 3 replies \ @shyfire 16 Apr 2023 \ parent \ on: Plebstr - Beautiful nostr client for android, ios nostr
I'm not pasting my private key into a closed source client. Who knows what they are doing with it.
unless you compiled your open source client yourself you don't know what the "open source" client is doing with your key either. the compiled version from the app/play store can be different from the publicly released code and you would never know it.
reply
Yes, hence the need also to proxy.
With both you can keep an eye out for any unusual looking identifiers being passed around, tie that back to the code and if not, ask questions in public.
reply
Very true, although that is a more expensive attack to pull of successfully
reply