I've been saying since I got on here that the nsec model as it is will get people rekt at some point. We need a way to sign things without giving all these rando apps our one private key. I also don't buy the proposal for a different key for each app. That key could still be critical even for one app and we should therefore have a way of giving no service the key in my opinion. A bunker is a good idea, but I'd even like to see a hardware signing device like we use for Bitcoin.

It seems Coldcard can create Nostr keys as well. Maybe ask @DETERMINISTIC OPTIMISM 🌞

Nsec *is* a password and vice versa, so why not just store your proton password in a remote bitwarden if you want a bunker-like solution without nostr? But also, why wouldn't proton just allow nostr logins too?

Currently NSEC is acting as a one key to rule them all concept. People are plugging their one key into all kind of apps, some secure, many not. If any of those apps are compromised, your entire account and every thing you logged into is compromised. This is akin to using one password on all your accounts. It's bad OPSEC. What I mean is we need a way to create multiple keys based on that ONE key pair, similar to creating a unique password for every account. This way, if one Nostr based app is comoromised only that "baby" key is compromised and not the "master" key that it came from. An option to "freeze" these keys or delete would be even better.

We're talking about proton. The only difference between a password and an nsec is that proton has an exclusive monopoly on authenticating a password.

+100

I would love it if @final [GrapheneOS] 📱👁️‍🗨️ could create an nsecbunker/nostrsigner application baked right into the OS. That would be extremely convenient and wouldn't require trusting an unknown application with your nsec.

This is mostly why GrapheneOS mods have separate key pairs rather than a project account.

Yeah, Proton is shady enough as it is. We don’t tust them very much.

I disagree. It depends on one's threat model. They are awesome at what they do—not everyone is Snowden, on the lam with government secrets. They provide an important alternative to Google for most people.