ChipTuner's avatar
ChipTuner ChipTuner@gitcitadel.com 1 year ago
MY NSEC WILL NEVER LEAVE THE VAULT
GitHub
GitHub - VnUgE/NVault: A self-hosted, multi-user, nostr credential vault, with cross-browser NIP-07 extension
A self-hosted, multi-user, nostr credential vault, with cross-browser NIP-07 extension - VnUgE/NVault
 Users using uBlock origin would likely have been protected by default, I know I am. You should always be using blocking tools such as script blocking extensions or DNS blocking to disallow apps from sending YOUR data to 3rd party servers. I encourage other developers to avoid even the slightest possibility that you could be responsible for compromising user's identities. For web applications I think it's time to deprecate nsec login. View quoted note →
↑ Parent

Replies (7)

ChipTuner's avatar
ChipTuner ChipTuner@gitcitadel.com 1 year ago
Thanks! It has a long way to go and it's blocked until I can complete and merge https://git.vaughnnugent.com/cgit/vnuge/noscrypt/.git/commit/?h=c-sharp If there wasn't 100 ways to extract nsecs from browser's I'd be okay, some people really argue for that convenience and just want options. It's just too easy IMO to snag nsecs from browsers and that's assuming someone doesn't find creative ways to exploit some XSS in notes and a compromised client.
1 replies ↓
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ's avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ me@mleku.dev 1 year ago
i think the ultimate solution for all this is bunkers, nip-46 right? it doesn't require any special features of the operating system, but does require a feature in the relays would be good to push to get relay operators and devs to implement it... it's now going on my list because it is the best isolation method there can be... it can even be on separate physical devices
1 replies ↓