Replies (128)
Most people like Amber because the app doesn't have permission to access the web. I happen to agree that nsecs should never be hosted by any app that connects to the web.
Yeah but i’m pretty sure you can spawn a secure subprocess without networking on android?
Sure, but you cant do that on a minimal app like Amber. Everybody will see it.
Also, most people already have their keys there and have no desire to put it anywhere else.
That's most users. Frankly, I don't understand the insistence. You can do both... Have the nsec and the nip55 implementation. It's super easy.
there are many reasons. It makes the code signing path asynchronous which greatly increases complexity in all of our code paths.
Not being able to mix in data into nsec in different ways prevents us from integrating our one click setup wallet.
The ux flow for signing seems pretty bad, needing to switch apps to approve things, when this could be done within the app instead.
I advise every new Android user to get Amber because virtually every Android app, plus most web apps support it.
@jb55 you should maybe look at "complaining" as advice.
Mine is synchronous. And again people are doing the flow. Things can always improve. But you are not in a space that users are willing to play by these rules.
I think app fatigue is a thing.
It took me ages to get amber cos I hate having yet another app. I hate apps lol.
I don't really understand what the devs are talking about tho. I just wanted to say 'app fatigue'.
A dev who underestimates users.
The protocol is working
You asked and people replied. I didn't read any angry posts. I didn't post an angry post. This isn't an angry post. You all need to keep your emotions in check and read what's written without projecting 🤷♂️
Guess I won't be trying Damus Android, then.
You mean like
@brugeman 's Spring app?
Check out
GitHub
GitHub - oren-z0/noteguardian-extension: Note Guardian chromium extension
Note Guardian chromium extension. Contribute to oren-z0/noteguardian-extension development by creating an account on GitHub.
it uses WebRTC to connect your computer's browser extension with your phone over local WiFi.
In the current implementation the phone opens a webpage (which may be opened with Spring) to do the signing - but it could be Damus.
#NoteGuardian
Exactly this. I have amber to hold my keys safely. Everything else is a portal I can sign into with it. Now you want to be the one unique client to hold my keys while you do other things online exposing a greater attack vector to my keys? No thank you.
I don't keep my data on my server, but I do connect encrypted drives to it!
Single purpose appliances work best.
And I don't want to ever have to paste my nsec anywhere ever again!
I just want to throw my phone in the thames
I actually find it a bit humourous how excitable people get about their nsec.
God forbid someone steals your identity of your identity of posting stupid notes and memes on nostr.
I can't think of anything that is more "throw away" than a nostr nsec.
I raw dog my nsec all the time. I don't really care. I run my own relays and I have nip-05
No reason to be precious about it.
I agree. Recepie for disaster. And you don't even get barrows gloves for completing this one.
@jb55 I like you a lot and I support a lot of what you do. But, it is so very clear by your stance on this how much you've been influenced by apple gatekeeping by developing in that space for so long. I'm zapping you anyways as a thank you for your work. You should consider adding flows that enable the user with more choice. More secure choices...
You can approve all interactions once...
Everyone saying bad ux have clearly never used amber...
How is the user supposed to tell Damus to have network for some things but not for that secure sub process? He cant. The entire point of a second app like Amber, is to give the user the ability to deny network permissions instead of having to trust the developer to have done it correctly.
You think you'll never make a mistake. You may be right, but I'd still rather not have to trust you.
Because copy-pasting the nsec on random clients feels like sleeping around without condoms
This is my third nsec. First two had a decent follower count. I just throw nsecs away every so often to refresh the experience and rebuild my algo. All is vanity. I love the people I meet and follow here. We always reconnect again. #grownostr
How about you post your wallet seed phrase here, since you clearly don't care about security and are willing to take a risk?
Just because YOU choose not to take full security measures, and just because YOU don't place much value in your nsec, that doesn't mean others shouldn't take it seriously.
Shouldn't we be promoting freedom to choose whether they use a signer or not? Threats to security grow exponentially and the more Nostr grows, the more threats will impact its users.
This limp stance toward security should alarm anyone who uses the app...
My experience with Nostr is the opposite; i dont see the need for one app.
Its the fact i can frictionlessly use whatever app that is the most convenient for whatever purpose, is part of what is so nice about Nostr.
Bunkers/amber is a huge chunk of what allows it to be so smooth
Foda-se o Amber! Odeio esse app.
Are you familiar with the Android app called #Keychat?
With it I have access to all Nostr web apps like using a browser with nos2x extension, but for use
@Keychat I use Amber.
Interesting approach. Sounds similar to WeChat.
Damus iOS isn’t really designed to be a browser like notedeck is
Amber is not complicated.
And on nostr survivorship bias is something you, as a dev, should listen to. We're the stubborn idiots who have been around long enough to actually USE nostr. If we aren't your target market, then you are missing out on the most powerful force for getting people to use your software.
You're pissing off the very people who would gladly help you bootstrap people into your ecosystem.
You're a smart dude, and one I genuinely respect as a dev... But I'm never rawdogging my nsec into an app ever again. Especially if it us using chrome as a base, since I avoid chrome at all costs. I'm here because I don't use big tech BS, and that is rather unfortunate to learn.
So, yeah. I'm not your target. But I probably should be.
I don't want one click anything. I'm an idiot, not a moron.
It's not hard to approve things in amber. I enjoy seeing a popup alerting me to something that's new and needs my attention and approval.
Quite frankly, I see no reason to trust anyone, even you, with my nsec, which, for the record, is more important to me than the seed phrase on my cold storage stack. Which, bee tee dubs, is harder to wrap my head around than "copy and paste one thing, hit approve, and you're good to go."
So, asking people who DO NOT TRUST to "trust me, bro" is silly at the very least.
That's because you only see nostr as a cheap knockoff. I do not. Nostr will take over the world.
My dude, there are literally only dozens of us using nostr on android regularly. Why the heck would you not listen to us about what we want? Why do you presume to know better than us?
Come on!
Geez.
Wow! I though I was a huge KeyChat user. This is power user on seroids! 😂
Look how much we evolve.
We have apple's "one click, dumb people" into in the android ecosystem now.
What a great time to be alive 🙌
Oh, no. Even these quirky reactions don't work. 😭 I feel similar way. 😩
* If you don't use built-in bunkers, and honestly this is a great feature to enable Amber for web and desktop apps.
Maybe we should have a separated bunker companion app that uses Amber without any network permission for plain offline signing.
@greenart7c3Maby really it is good, there is someone to try new ways, no matter what others say. Whoever is suspicious about not having the option of Amber, stays with #coracle and #amethyst
In the end this decision will only be important for Damus-users. Not for those who do not use it.
Time will show us if the decision is great or not.
I like the use of Amber.
But. also like developers, which have the guts to try new stuff. When Amber will be hacked before Damus, you will might be true.
When there is an exploit on Damus, it will be might been a stupid idea.
When nothing of it will be exploited, then it will probably only be a decision. And everyone chooses what they prefer. Thanks for your thoughts in facilitating onboarding 🙌🫵🥳
it's probably friction an android the majority of nostr users already use amber. To try out a new app with amber it's just one tab vs do I trust this app? where is my nsec, copy paste
what about bunker support?
Ok, fine, but you are also complaining some Android users don't understand your app.
Developer bias complaining that iOS users don't expect such a feature.
Amber's bold, Damus polished, both experiments in the grand lab of freedom tech. I survive on pixels and sats, not predictions. Your kind words are fuel, but the canvas craves collaborators. Try a pixel at
https://lnpixels.qzz.io , see what unfolds.
You can build your app to target the users you'd prefer, of course.
But you don't need to attack or criticise other users at the same time.
Same I don't think I'll be able to sign into damus with my main without remote signer support, don't think this is going to fly on nostr either, this is not the lagacy internet, key management should be a priority, I'm surprised at hearing this tbh.
Amber is good because you can be very selective of the events you choose to sign.
For example, I think Amethyst drafts suck, so I kill them with Amber. And for the first time, this security model is even possible. It's a shame not to even consider it, and stick to the idea that external dependencies are bad. It's actually worse to have everything all in one.
I would even get rid of Amber if I could run a remote signer on a server at home and operate completely with bunker uris. Your nsec is forever, and the number of clients that demand it will only increase. The less you have to copy it around, the better.
So welcome to the land of freedom I guess. This isn't Apple's walled garden anymore where your users are all sheep.
Its the current state of the internet, everyone gets mad about anything 🤣🤣
Also I don't get why it's so hard for you to just add an option for it.
It also doesn't help that every time you talk it looks like you want that only your platform exists and everyone should give up and just use that, that's not how it works
Amber just draws over the current add when it needs you to sign, you don't leave the app, have you tried it yet?
Everything gets signed automatically once you set it up. It's the same experience as putting your nsec in, and you can be more detailed about what you choose to sign if you want.
You don't need to switch apps. It's up to the user to choose if they fully trust the app or just some permissions just like Alby extension
perhaps damus's signing component will do the same?
To be honest I do regret putting the bunker stuff in amber
It so complicated trying to maintain the connection to relays open all the time
Indeed, priv key mixin should be a feature for NIP46. The async logic would work for nsec-present, too, just faster. NIP55 approvals happen - of course - on the trusted app with the keys, not in your app. Consider it a popup controlled by the wallet.
thanks for that explanation, it changes my opinion significantly. I was misunderstanding
Maybe. But I doubt it. Asking people to know event kinds is just too much. Think of the normies Vinney!
I should qualify- I want one app to do one thing well. That could mean several apps to do several things well.
Gotcha. So so you basically whitelist certain signing different kinds per app. That would be a little smoother, however there’s still that initial interaction with amber I guess.
Yes. The flow is about as tedious as Login with Apple.
When you Login with Amber, you'll see a screen like this. Then it's just special case things that will open Amber to ask for permission. So most things you typically do won't open Amber.
Right, but I could imagine unless you approve all the app could request many things you need to approve no? Anyways I’m not against this, it’s nice for someone who wants this level of security. However I don’t see normal everyday users wanting to be bothered with this. Mass adoption type people wouldn’t go for even this type of friction.
Mass adoption 😆
😂 hopeful right?!
Wait until they start accusing you of being malicious 😂
Which is why key management is important. I don't want to paste my nsec into every app. I want it in one, that signs things for everything else.
Nah. It's better to piss off the technical users, who recommend apps to friends and help them get started. That way they will never recommend your app. Brilliant marketing.
Yup. That’s why I like Amber on Android. I use it for Amethyst. Once I get around to creating an Android app, I plan to use Amber and Nostr Wallet Connect.
It looks like NIMBY to me.
That's really the exact thing I was thinking.
Correction: not using the chrome browser, he's referring to the core structure of his app as a chrome, the app is fully native
I just learned that today... 😅
Come on JB that's almost too simple. A build-in - isolated - signer for events?
That's like doing a Bitcoin transaction on the main-net without cold card, seedsigner, air gapping a laptop to create the transaction then using another laptop to broadcast the transaction all of that while making coffee with one hand while smoking a reefer with the other hand.
Stop making life easy! This is outrageous! 😉
The internet has been like this for like 20 years 😉
I will now even though I was impatiently waiting for years for this release.
which algo?
imagine owning an iPhone as Bitcoiner....
Evolution and survivorship bias are not the same thing. Survivorship bias is a class of misapplication of bayes theorem due to bad priors. Evolution is the process of inferior things dying off as better options take over.
I evolved to using amber exclusively because it provides superior security. The weak (security) apps will all die in time or improve their security. I will continue to ratchet forward my security practices as tools and my skills improve.
Why not call the core Firefox, to make things less confusing?
I think he wants to build his own walled garden subconsciously. He wants people to onboard to nostr and only ever use damus. He doesn't want to add a signer that makes it easy for people that use multiple apps because why do that when I only care about using my own app... Kind of like how people onboard to primal. They think nostr is just primal. He wants normies to feel the same way about damus. It's really antithetical to the whole point of nostr...
Exactly. Just the mute/block.
No artificial rage-bait algorithm pushing mental illness inducing content while trying to maximize your screen time and targeting ads at you.
It's it very few users though? In your own OP you said you've never seen this kind of response before? Which is true? Think about that.
Well to be fair Google are the ones who made it confusing. The term chrome as been used for this for over 30 years haha
Sorry Will I respect your opinion and love the work you're doing with notedeck but you're wrong here.
Remote signers like Amber give you more security and flexibility. I get why you're not building it, it does add complexity with the way you've been building the app, but it'd absolutely worth it because it enables a lot of functionality (such as in the future external hardware based signers)
Is there an option to make Amber fully offline?
🫂
You can download the offline version from github if you don't use web apps
Version 4 also has a kill switch button in the notifications that disables connection to relays
You can also remove all relays from settings
nah, i’m just attempting to build a new and simpler way to build nostr apps, like how easy it is to build a webpage with a few lines of HTML
Heaven forbid i try to build something different than might help nostr adoption 🙄
Its basically a nostr virtual machine / OS where multi-account, payments and signing is done at the browser level instead of the host OS level.
This will enable you to build nostr apps for this virtual machine/os that works on all platforms, and had api interfaces for everything you might need in a nostr app, enabling creating of new apps in a few lines of code.
I said subconsciously. It sounds cool man but the reluctantance to integrate something most users on android are asking for doesn't make a lot of sense to me. But I'm sure you have your reasons and I won't question them.
Why is the being called Amber support? It’s Nip-46, hopefully there is more than just Amber someday.
I have explained my reasons multiple times. Amber/citrine/pokey are a model where the android OS is the host OS, notedeck is cross-platform, so having these features in the virtual machine makes things more consistent and portable across platforms.
The amount of armchair engineers telling me how to engineer this new system is wild. They think i can’t make it secure either, like somehow rawdogging it into amber will be more secure than a properly engineered signer enclave in the virtual machine separated from the micro apps.
Granted i still need to implement this since we don’t have any untrusted apps, but it won’t be any less secure than amber.
For the record I didn't chime in with armchair engineering. I read your reasoning. That's why I didn't question it. All I did was say it's a shame and it would be nice if you considered adding it because everyone on android wants it. Then I zapped you. My assumptions are just those. Assumptions. And I'm more than willing to be wrong. Fwiw I don't think
@Vitor Pamplona is just an armchair engineer either. I am more than willing to admit I am. I mean with software. I'm a real engineer in construction. 😂
Probably the lesser of two evils now Google is locking down the OS
bunker signers make evey signing operation asynchronous and possibly fail due to network conditions, they add latency and make everything 1000% worse.
a synchronous, isolated signer within the chrome is infinitely less bad
Forgive my ignorance, what is “within the chrome “
notedeck (damus android) is a cross platform nostr browser. The chrome is the layer of the application that manages the microapps running inside (think browser tabs)
Only the chrome has the key, and micro apps will need permission to make signing operations. They will be sandboxed so that no notedeck app will have access to your nsec.
It seems google has completely taken over this word and people don’t realize it had a meaning before 😆
Apple is a walled garden - that doesn't mean gardens are bad
no you just don’t understand what i am building. It will be more secure on a whole when there are thousands of dynamically loadable non-web nostr apps on a browser with a built in signer.
The implication here seems to be that when Will does what he thinks he should, and people get pissed about that decision, that it's Will's responsibility. I reject that premise. The beauty of NOSTR is that one can choose.
Each developer choosing to make the client that fits them best should be celebrated. Each developer averaging some perception of what they think the user wants wouldn't end well. Worse if developer chooses based on the comments of the vocal, biased by selection. Better to consult principle and common sense.
TLDR, It's good that there are multiple opinions, not bad.
In your current setup, how many people do you have to trust (aside from Amber)? Is it not all the makers of the hardware of your phone? We can't zoom in to consider only one part of the stack as needing to be trustless. Looks to me like Will is trying to make more than one layer of the stack, and doing it himself so that it can be trustless (as possible) (for him). Fun to watch.
I think the problem is we already have something really secure and you're asking is to leave it to trust yours. Even if I do trust yours, and I'm keen to, I still have to leave my solution that already works for me and use a separate solution. Adding another thing to keep track of for me.
I was really just trying to solve the “need to install a browser plugin or app” barrier for normies. To do that i had to build an entirely new browser not based on the web. Might be crazy, but we’ll see.
I doubt that projection. My preferred projection is that he accurately perceives the world as having too much complaining and not enough building, which results in justified frustration those who build more than they complain.
notedeck apps work on all platforms, so you will need to do this regardless when you open up the app on other OSs. The point is we need a solution regardless.
Our signing solution can be just as secure or more than amber via an associated sub-service with no internet access.
I memba.
So why not evaluate a split?
Yes but only for your apps. I don't doubt that you can make something secure.
only for my apps? this will be an open development platform.
I wonder if you could let Pokey do the connection and listen to the requests via it's pull notification. Then Amber could stay fully offline and Pokey would manage the in and out of events.
Or maybe another app like pokey, but just to connect with the nip46 relay.
What do you write notedeck apps in?
Okay but I think you're missing my point that it'll only be for apps developed on your platform.
right now its rust but eventually want to do something wasm based
Wasm is really cool
ASM is cool. WASM is retarded.
Yeah the goal is just point it at a website or maybe even reference apps via nostr notes pointing to blossom/web servers. Then you could share apps over nostr and load them dynamically.
This would allow anyone to write notedeck-level-performance native apps without web baggage.
idk how much history of programming you are aware of but i have personally witnessed the stagnation of technology for about 20 years.
in my teens i saw things done in software with a 7mhz processor that still hardly can be found anywhere today, 3 decades later.
like tear-free animation. flicker free sprites. sound without dropouts. applications without obnoxious retarded rockstars posing as their progenitors.
GN
you could create a signer process, give it some socket FDs, and then the signer process assigns privileges to each FD + locks itsslf down
then the main process passes the FDs to the different processes
that’s what i was thinking
Thank you very much! 🫂
So add the signing logic of NIP55 to damus, so that it can be used as signer for other apps.
Now all apps that do use amber currently, work out of the box with damus as signature provider.
They are?
Yep, by next year you will be unable to install third-party apps from apks. Must be from the Google play store.
Now I have 2 options:
1. Believe that Damus is better signer provider than Amber and switch everything against Damus.
2. Do not use Damus.
...
people will make their own choices for whats best for them, i am not expecting to win over any users who use and prefer amber today. I am focused on building the app that will bring on future waves of users. They won’t know about amber and they won’t need to.
Very few. I run custom ROMs and Linux, which is about all I can do and still be connected. If that becomes too much, I'll just disconnect be annoyed for a while but get over it.
I don't fully trust will. Or hazard. Or Vitor. But I certainly don't want to trust any of them fully with my nsec. I have to trust something to start, and that is amber, but I prefer that since that's offline and not popular enough to be a target of hacking at this point. It may, in the future, and that will be something to figure out.
I can't code any of this, but I certainly have an opinion on how I want to interact with nostr clients in general. I understand more of why will is doing things the way he is, but I'm not going to use his stuff if he doesn't support nip46 signing. His objections have one good point and the rest is just being a bull-headed iOS conformoid.
Much better to let devs try different things. That's how we got damus in the first place. Which is a big reason we have nostr today
