I feel like this is one of those things that is a terrible idea in theory but just fine in practice.

Yep. So true!

"Don't bother with Nostr, dude. I accidentally pasted my private key into what I thought was Some_App and got scammed. Now everything is controlled by someone else and I can't recover. We were told not to use the same password everywhere but I thought this new system was safer. I guess centralized legacy systems weren't so bad after all. At least I could recover lost accounts and attackers had to work to figure out where all my accounts were. Now they have everything I use on Nostr instantly." Thankfully, work is being done to address some of my concerns, but there are many who have a careless attitude toward security. Paste and pray should be discouraged by developers and certainly shouldn't be the default model. View quoted note →