Normie-friendly onboarding and secure key handling aren't mutually exclusive. Amber can be surfaced in the onboarding flow with a guided setup.
Most users will follow a clear prompt.
The risk with local nsec is that by the time someone understands why it matters, their key has already been in app storage for months.
Login to reply
Replies (6)
Amber isn't even available on Google Play.
You gotta offer users options. 99% of newbies won't even click on log in with Amber.
Fair point, but that's an argument for NIP-46, not local nsec storage.
If Amber isn't accessible to Google Play users, it seems to me the solution is a signing flow that doesn't require itβbut still retains the option for users who can sideload, at least for now.
Not putting the key directly in the client.
A user who can't install Amber probably shouldn't be managing a raw nsec either.
@greenart7c3 any plans to bring Amber to Google Play?
No plans for Google play for now, I tried for almost a month to get the sms verification to work and after that they fucked up the LLC name and I could not finish the KYC process.
That sounds incredibly frustrating. I sincerely hope it changes before Google locks down sideloading on certified Android devices entirely.
A lot of people run GrapheneOS as a secondary privacy device, not a primary deviceβI'm one of them. The overwhelming majority of people don't have a GrapheneOS device at all.
Not having Amber would seriously affect many people's relationship with Nostr altogether. As you know as well as anyone, you can't rotate a compromised nsec.
Thank you for the important work you do.
I fear there will be only a negligible difference between the state now and then. What motivation would Google have to do otherwise? I want to introduce Linux on Mobile to the family as a daily driver, but I'm afraid that my sadomasochism is not strong enough to enjoy the amount of pain this will cause... We are approaching dark times, I'm afraid.