Do people here really paste their private keys into new apps to try them out?
This seems incredibly naive and risky, exposing your entire nostr identity to unknown parties / endpoints…
Login to reply
Replies (6)
Ya, you def need to Vet some protocols.
Even if I do, they can change and go rogue whenever they decide to do so.
Currently, we don’t have any forward secrecy at all.
I would like to see more fine-grained access control, e.g. with subkeys, in the future.
Couldn’t agree more 🫡⚡️
no, we use nip46
I assume I have to read up on https://github.com/nostr-protocol/nips/blob/master/46.md but from first glance, my private key is sole and complete access to my entire identity. How would compromising that key not irrevocably steal all access to my nostr identity?
What is the recommended way to test apps with write permissions?