Zap Cooking now supports Google-backed key backup on web and Android.
New users can create a Nostr key, encrypt it with a PIN, and store the encrypted backup in their own Google Drive. Same Google account + PIN restores it later.
This lowers friction for normal users without handing Google the key.
Thinking about adding the same backup option for existing Nostr users.
Poll below: good tradeoff, or bad habit?
Login to reply
Replies (12)
Disregard my no vote, that was a fat finger when I went to open the reactions picker.
@npub1utx0...50e8 rejected my PR to add a confirmation step to poll submissions on Wisp.
Iโll be adding that one into @Zap Cooking.
Why not nip-49 encryption?
I'm not a fan of any of that.
If you think it makes sense for you business model, fine.
But trusting Google for backups is, IMO, retarded.
Hadnโt thought of it.
It could make copy and paste into other apps, much simpler, and have a standard encryption flow for other apps to have the same Google/apple sign in process
Lose some weight, fat boy!


Thatโs the body shaming I needed today. Gonna fire up @npub1vygz...vy4e now.
Nostr-native people are built different. Normies need easy password recovery. Spend any amount of time with anyone who doesnโt live in this space and it becomes painfully obvious.
I'm generally anti-normie. Pushing to have people who can't manage a keypair long enough to understand how to not lose it is a race to the bottom. IMO.
Having more addlebrained, incompetent people using nostr as a whole before it matures into an even simpler and more robust form is *very* short-sighted.
Growing too fast for infrastructure is also dumb. Relays have gotten better over the past year, but they are not good enough yet.
Also, there's no sustainable revenue model. Most people who use nostr aren't paying for the privilege. Growth must be paid for, and I, for one, am not going to tolerate advertising models. At all. That's how the rest of the internet got to borked in the first place. Normies who can't understand that compute costs money and every bit sent has a real cost, then nothing will be same to grow free of the poisonous influence that is VC money. (VC money causes distortions in market signals which has already been very bad for TNP. Again, IMO.)
We can actually solve the โemail style login for Nostrโ problem with existing primitives
Store your ncryptsec on a Blossom server discoverable via your NIP-05 address, but instead of just password-encrypting it, derive the decryption key from your password + a TOTP code (like any authenticator app).
The blob is fully public but offline cracking is neutralized because the time window rotates every 30s. login is 100% client side: enter your NIP-05, password, and TOTP code, decrypt locally, done. no server auth, no custodian, no trusted third party.
Just NIP-05 + Blossom + NIP-49 + 2FA glued together in the right order and for redundancy you could mirror the same ncryptsec blob across multiple Blossom servers; since the encryption is deterministic the blob is identical everywhere, so your client just tries each server in order until one responds. your keys survive any single server going down, getting censored, or disappearing entirely. true redundancy with zero additional trust assumptions.
someone should write this up as a NIP tbh
4-6 digit pin does not add any real encryption imo.
Who says we need max-normies, to begin with?