Thread - Nostr Hypermedia

Garbage nsec garbagensec@NostrAddress.com 4 months ago

Course he could. He could push an update with a sophisticated backdoor, any nostr dev could. That update gets past app review, your app auto-updates, adeiu to your key. Just because there is a commit in github, doesn't mean that code is what's in the IPA. This is not F-droid.

↑ Parent

Replies (3)

Laeserin 🇻🇦 laeserin@theforest.nostr1.com 4 months ago

That is the same with any software.

1 replies ↓

the axiom 4 months ago

that's quite a lot of steps involving multiple people, likely to get caught and lead to real world consequences even if after the fact, at least it would destroy @jb55's reputation forever very different from one employee from the homeserver hosting provider being tricked into giving access to the account of an important person to some malicious entity like we have seen happen many times in every big platform

2 replies ↓

the axiom 4 months ago

worse even is that someone can say something then claim it wasn't them later lots of broken incentives you're missing