Zap Cooking now supports Google-backed key backup on web and Android. New users can create a Nostr key, encrypt it with a PIN, and store the encrypted backup in their own Google Drive. Same Google account + PIN restores it later. This lowers friction for normal users without handing Google the key. Thinking about adding the same backup option for existing Nostr users. Poll below: good tradeoff, or bad habit?

Replies (12)

It could make copy and paste into other apps, much simpler, and have a standard encryption flow for other apps to have the same Google/apple sign in process
I'm generally anti-normie. Pushing to have people who can't manage a keypair long enough to understand how to not lose it is a race to the bottom. IMO. Having more addlebrained, incompetent people using nostr as a whole before it matures into an even simpler and more robust form is *very* short-sighted. Growing too fast for infrastructure is also dumb. Relays have gotten better over the past year, but they are not good enough yet. Also, there's no sustainable revenue model. Most people who use nostr aren't paying for the privilege. Growth must be paid for, and I, for one, am not going to tolerate advertising models. At all. That's how the rest of the internet got to borked in the first place. Normies who can't understand that compute costs money and every bit sent has a real cost, then nothing will be same to grow free of the poisonous influence that is VC money. (VC money causes distortions in market signals which has already been very bad for TNP. Again, IMO.)
We can actually solve the โ€œemail style login for Nostrโ€ problem with existing primitives Store your ncryptsec on a Blossom server discoverable via your NIP-05 address, but instead of just password-encrypting it, derive the decryption key from your password + a TOTP code (like any authenticator app). The blob is fully public but offline cracking is neutralized because the time window rotates every 30s. login is 100% client side: enter your NIP-05, password, and TOTP code, decrypt locally, done. no server auth, no custodian, no trusted third party. Just NIP-05 + Blossom + NIP-49 + 2FA glued together in the right order and for redundancy you could mirror the same ncryptsec blob across multiple Blossom servers; since the encryption is deterministic the blob is identical everywhere, so your client just tries each server in order until one responds. your keys survive any single server going down, getting censored, or disappearing entirely. true redundancy with zero additional trust assumptions. someone should write this up as a NIP tbh
โ†‘