If you are using Android, the only place you should paste you nsec is on Amber. No other app cares about your key security as Amber does. No one.
Login to reply
Replies (64)
key cares one. If is Amber. No as paste about place you you using Amber only the other on app your security you does. nsec are No should Android,
What's amber?
A signer app for Android. You can find it on zap store
OFFLINE-version of Amber*
At the risk of sounding retarded, what's zapstore?
#tno
trust no one.
If you are using Android, the only place you should paste you nsec is on Amber. No other app cares about your key security as Amber does. No one.
View quoted note →
Even better
Our own app store:
Zapstore
Some AppStore alternative for Nostr/Bitcoin apps, i think. I've never used it, and i don't know what are the pros of using it over Obtanium(with Github repo links).
Dis is hooje mah bruddah
🙏
La tienda app más descentralizada
Tried keychat?
Yep, not a big fan. They do a bunch of things without creating any NIPs that we can integrate with. I prefer 0xchat.
I meant as a browser for mini web apps? They support nip07 which makes it extremely easy to test out a lot of web apps without the inconvenience of bunkers. They have gone a long way from just a messaging app
I would never insert my nsec in any app that has a browser inside of it. Ever.
This is why nostr isn't growing....
I need 4 apps just to use nostr. And even then on mobile "no extention found" for 85% of things built.
Extensions don't work on mobile browsers. They have to support nip55 to get Amber to sign.
You could test it out with a test nsec to actually see how it works. We all inserted our nsecs in amethyst before amber became the norm. They are actually moving in the right direction
They support amber as well. 
Cool, then you don't need the inner browser. You can just run it on a regular browser if they support nip55
What's best practice on iOS, do you know? Getting ready for @Shosho – Live Stream on Nostr iOS release but not sure what is best to support.
Try out #keychat. One app to test all the mini web apps with support for multiple accounts and different login methods.
Sounds cool
Let's hope they can do it. iOS is not the best place for app to app communication. :(
This is just to create an identity. The identity is what is used with the mini apps with nip07. Again it would be great if you tested it out to see what they have been cooking
Will do some tests.
Very cool.. too bad that it is multiplatform.
iOS must be cloud enclave based. Local is simply not possible in any way that scales.
So what tools do users use today?
Do they simply enter nsec into every native app?
Yes, close to 100% paste in I'd imagine. There are workarounds such as nsec.app, Aegis, Nosskey (piggybacking off passkeys), and some extensions, or apps like Damus/Nostr attempting to be your signer, but any solution that keeps it all local faces the same fundamental issues and can only half-overcome them. There can never be an Amber on iOS.
Cloud enclave based can potentially scale but needs a lot of work, Artur is the brains there, we're working on it too, but needs time.
Hello Rod, I have good experience with Nsec.app on the iOS 🫡
Nem o Amethyst? Que coisa não...
What does the Amber do/care that Amethyst or other apps do not?
Sim. We do too many things on Amethyst. Amber has a flavor that it can't even connect to the Internet.
Kiwi browser did it before it shut down. Lemur browser has extensions but never pops up to sign on. Hopefully they fix that.
Why isn’t amber on iOS? Does it have to do with #apple ecosystem?
Apple doesn't allow anything like that.
Sucks to be using the iPhone
Stop using it.
Can’t seem to access NFC via a browser in iOS either. Biggest case to stop using iOS.
Amber is not a Nostr client that you use to browse content. Amber helps secure your nsec so no one gets access to it.
Let's say you download several Nostr clients (one for browsing written content, one for video, one for voice chat, etc etc). Withoug Amber you would have to give each of those clients youe nsec so that the client can use it to sign the events (posts) that you post through it (that way people know it's from you).
What if one of more of those clients is malicious and shares your nsec with others? What if it's insecurily voded and hackers get access to your nsec through it. The more clients you give your nsec to, the larger the risk.
With Amber (and clients that support it) you DON'T give your nsec to any other client to sign into it. Instead you tell the client to use Amber to sign your posts/events with. So Amber is the ONLY app that knows your nsec. Other apps get hacked, they still can't give hackers your nsec because they don't have it.
Makes sense?
#nostr #grownostr #amber
I was always wandering about key security across apps…
Yes, most of it.
I want Login with Nostr and every app who stores the nsec could just provide what Amber is doing now.
If I got here with Amethyst, it makes sense just to do Login with Nostr using Amethyst in other nostr apps. It does NOT make sense that now I have to learn bunch of this stuff (this might be for power users).
Obtainium works like Twitter. You can access a lot of content - but it lives on a centralized platform and it's not cryptographically signed.
Zapstore brings the concept of nostr-signing software releases, so you can verify them just like your client verifies regular notes.
And... you can zap them.
I make accounts on every site. I'm not a fan of using one nsec everywhere. It's safer and less confusing.
I use amber sometimes but it's confusing. I'm just gonna keep a backups of my notes using citrine so if someday my nsec gets stolen I can import all my notes to my new nsec.
@Satlantis: Social Events wink wink nudge nudge
lol
Huh?! Obtainium doesn't work like Twitter. You mean the source code of Obtainium is on a centralized platform, like the source code of Zapstore? Obtainium is signed and you can verify it with AppVerifier (like Zapstore).
No, I did not mean that. I am talking about the content.
I missed the «it» — sorry for that!
That works as well.
I will be full time zapstore when I can (automatically) export my app list to a file like obtanium does. I have automation that backs up that file to my next cloud server and then mirrors the repo on my Gitea instance. But it's purely my personal opinion that mirroring is more important than signed apps at this exact moment in time with microsofts bs github policies.
Can you explain to non app developers why nostr clients can't do what Amber does. To play devil's advocate if I only use Amethyst on nostr can I not think of that as an Amber that also posts? Or is Amber somehow more secure?
Most devs don't have the knowledge and/or time and resources to protect your keys well. This is especially true if they are shipping apps to all operating systems.
Amber focuses only on that and doesn't do anything else. There is a version of Amber isn't even authorized by Android to use the Internet.
That will come with 
as private bookmarks with all user's installed apps. You could then use nak in your automation to pull the event, decrypt and grab the repositories
GitHub
Privately bookmarked apps · Issue #160 · zapstore/zapstore
button to favourite apps without installing them yet
Lit, tried to zap but I think the WiFi here is blocking it.
No worries! Thanks for the patience
Ok thanks! I will look into supporting this
@primal you support Amber yet?
I think you miss the point. The whole point of Amber is not having to give every nostr app your nsec, that's the service Amber privides now. You don't need to be a power-user to use it. We want to get away from people trusting every Nostr client with their nsec. What you are suggesting sounds like it would do the opposite.
If every app was like Amber and every app had "Login with Nostr App" (not with key) then I would create my nsec with the first app I interacted and use that app to access my content in all other apps. Amber should be a library as well.
Yeeeesss! We need this!