Anthony Accioly's avatar
Anthony Accioly anthony@accioly.social 1 week ago
Nah, nsec is like the password for your Bitwarden or 1password, it is much more than just a password for an individual social media website. And if you have a lightining address it is like throwing your credit cards in the mix as well, you simply shouldn't use it on experimental clients (which is most of Nostr). Yes, reusing your Gmail password on vibecoded sites is bad, and this exactly why people shouldn't do it. The problem is the path not to do it in Nostr is broken. TL;DR on deVine is that press and some big timer YouTube channels like Linus Tdch ztips got wind of it and a gazillion folks tried to join at once. Basically too many users / too heavy of a worjload for existing relay software and available relays. There was a room with the usual folks trying to provision relays for it (Gleason et all) but if you don't have the infrastructure for the normies to flock in all of the hype is wasted.
↑ Parent

Replies (2)

Cykros's avatar
Cykros psyche_eros@iris.to 1 week ago
If you have a lightning address...with NWC. An nsec that you use with separate lightning wallet to pay invoices just controls your online identity, not your money. And NIP-05 is supposed to address that possibility, but admittedly it doesn't seem to do it the best.
1 replies ↓
Anthony Accioly's avatar
Anthony Accioly anthony@accioly.social 1 week ago
The main problem is that a lot of Lightning, ecash, etc. wallets allow you to associate an nsec to unlock the wallet. Not many people pasting their nsecs into random vibecoded apps are security-conscious enough to use a separate Nostr key, so if one of those vibecoded apps leaks nsecs, you can pretty much scan the respective lud16 for half a dozen popular wallet domains and, more likely than not, hit the BTC jackpot.
1 replies ↓