I don't think that clients upload user keys to their servers. This would be really bad. Imo they live within the app on your device. That's why I wonder if the remote signer device is really more secure. Because at least hardware wise I guess modern phones are more secure than the remote signer device. But maybe I'm wrong, just really curious. Would immediately buy one if I knew that it really improves overall security.
Replies (4)
@BlackCoffee can you help?
In a perfect world, they won't but just use a hash of them or something, but I didn't check client code (I wouldn't be able to read it anyway) so I don't know for sure. Of course this is overly paranoid thinking. But then again, we live in the era of vibecoding, lol.
I strongly disagree with modern phones being more secure, lol. In fact, the opposite is true, Graphene being a refreshing exception.
The real risk is losing your phone or it being compromised by being a multiuse device. The signer keeps your nsec safe and sound from an internet connection you trust, and only does one thing so attack vector is 100x limited.
