Replies (8)

Alan's avatar
Alan 3 months ago
I have a hardware signer. I never use it. I have Amber, yet my nsec somehow leaked. I blamed Amber, but who knows with these things.
Alan's avatar
Alan 3 months ago
I am not 100% sure if it leaked. All I know is something 'liked' a post in Amethyst that I did not recognize doing myself. And Amber was acting super buggy on my phone. It would pop up every time I try to use it. It was a huge pain just to post that my nsec got leaked. Then I wiped my phone for good measure. Amber is asynchronous so everything is a callback. I still use it, but I also swap out my nsec for fresh for privacy too. So at this point, I don't care if I loose my nsec. The PM messages would be nice to use but I don't use PMs for obvious reasons. I only use marmot or signal.
Alan's avatar
Alan 3 months ago
Why not use Amber to store my bitcoin? If it is so secure? Well, because maybe at some point the device itself isn't secure. I don't care because I use Signal with disappearing messages. If/When my device gets hacked, hopefully the hack left some trace or strange behavior that I pick up on. If it doesn't then it was probability very sophisticated. Most zero days leave traces.
If your device gets hacked, nothing can protect your messages... No matter how advanced their encryption is. If that is your thread model, you don't even need to encrypt anything because it is all irrelevant at that point.
Alan's avatar
Alan 3 months ago
Except the messages that are already deleted in Signal. I have a system. It works. Moving on.
Sure, but malwares are not detected right away, it takes a long time. So while you are running the malware can see your messages before you delete them.
Alan's avatar
Alan 3 months ago
Yes and hopefully it takes awhile before malware makes it onto my system too.