7 sats \ 1 reply \ @DarthCoin 26 Oct \ parent \ on: Coracle accidentally shared private keys with error tracking tool nostr
Read again the note. Is about those users that didn't used an external keys extension signer and directly used nsec to login.
Always use Alby, nos2x or hardware signer to login on nostr clients.
Do not use directly plain text nsec.
more nostr signers:
- https://github.com/yukibtc/keechain
- https://github.com/lnbits/nostr-signing-device
- https://github.com/nostr-connect/nostrum
- https://github.com/greenart7c3/amber
- https://shop.lnbits.com/product/nsec-remote-signer
- https://shop.lnbits.com/product/nostr-signing-device
Putting your nsec in plain text is like pasting your BTC wallet seed in plain text on a random webpage...
People always say that but it also seems reasonable to expect an app not to send the nsec anywhere. It's not like it was hacked. A signer app may separate concerns but it's still more code to audit.
reply