pull down to refresh

Isn't most Nostr Clients browser-based? Every1 is using them. Can you expand why we should never put a pkey in a browser?
I heard we should use signing extensions instead, like Alby. There are mobile browsers that support extensions, that should fix the issue, or?
Basically, as with Bitcoin, you should exercise extreme caution when entering your private key into a third-party platform, whether it be a clipboard, browser, or web client.
To minimize potential hazards on the web, it is recommended to use an extension like ours - where the open-source software (not the client) signs nostr events and your private keys do not touch any server (even Alby's one, it stays secure in your machine)
On mobile, yes, you currently need to copy and paste... for now! We hope developers will soon come up with a better solution.
reply
Thank you.
reply
Many nostr clients are browser based, but that doesn't mean they are safe, if they are asking for private keys, you should assume that those keys are now compromised
The best ones use third party signers like getalby or nostr wallet connect.
As @Alby point out, there are no mobile browsers that support Nostr extensions, perhaps someone can correct me?
If you google you can find some that claim to support extensions, but when I've tried them, they don't work.
reply
Kiwi browser on mobile supports our extensions (but something stopped working on their side), and Firefox is about to introduce it soon.
However, they work within the browser - not to use in separate apps.
reply
hopefully kiwi will get that issue fixed, and FF will release soon!
Crazy that there are zero secure nostr web login options for mobile right now.
reply