#asknostr tribe:
who is responsible of a breach (god forbid) in any nostr client?
Centralised platform, the org of the app is responsible.
I am not sure with nostr.
Has someone ever talked about it?
I understand users have to make sure they keep their private key.
But what about if the breach happen in relay or client level?
genuinely curious to know considering everything that is going on atm.
Whilst we seek freedom, it also means we are responsible to keep everyone secure and safe.
Perhaps this discussion already came up in the past?
tipping point
I reported several security vulnerabilities to LNbits and they took months to fix and ignored it.
Alby did not follow basic security practices.
many HWWs are weak as shit
Nostr apps keep leaking nsecs every few months.
The reference Cashu mint is poorly designed and had on one case when I operated it duplicated funds.
View quoted note →