Thread - Nostr Hypermedia

Depends, if the app is open source you can at least verify the code to check where they store it. Usually an app (unless malicious) will store it in your device's local storage. This is still a lot of work to verify every app, for better security it would be beneficial to store it in a signer app and only have to verify the signer's security, this way you can still "login" to many apps without ever sharing your nsec with them.

↑ Parent

Replies (2)

minestr.app _@minestr.app 1 year ago

Even reviewing the code isn't a failsafe method though, as there's no way to verify that the build you're running is the same as what's on GitHub, right? Unless you're building it yourself from source. Either way, better to trust just one signer app.

1 replies ↓

ABH3PO abhay@formstr.app 1 year ago

Yes signed apps are obviously better in this case, and you can verify the build with what's signed.

↑