Vitor Pamplona's avatar
Vitor Pamplona _@vitorpamplona.com 1 year ago
It's possible to build a trustless nsecbunker: a bunker where your private key is not held by the online service provider, but by you in your phone. Just make an app that receives signing requests via Push Notifications. The bunker server then simply reads new NIP-46 request events from the user's relay and Pushes it to the app. The app wakes up, gets the event and presents an approval screen to the user. After approval, the app sends the NIP-46 response to the client. The entire permission system would run on your phone. It would be like a 2-step-auth for every signature. Every like would hit the phone for approval. Maybe @greenart7c3 can turn Amber into that.

Replies (33)

Default avatar
anonymous 1 year ago
The push notifications are read/intercepted unless you provide a custom push notification service locally on your phone. Can't you do sharing through a specific identifier between apps?
1 replies ↓
Default avatar
anonymous 1 year ago
Sure. I'm glad it's considered; that's why I commented. 👍
frphank's avatar
frphank 1 year ago
You, sir, are doing the work of the Lord.
jared's avatar
jared 1 year ago
Nostr identity is broken and insecure. Kludgy identity solutions bolted on top of nostr will not fix the problems. ATProtocol has done a far better job with identity. Key recovery without having to burn down and rebuild your network is the most important one for typical users. Sorry, nostriches. Nostr identity just sucks.
PABLOF7z's avatar
PABLOF7z _@f7z.io 1 year ago
I talked about this with will last summer; I would *love* to have something like this, and I think onboarding clients are in a great position to do this. Ultimately I think the goal should be easy onboarding without locking-in the user into any specific client (would lose the magic of nostr's interoperability!) and without asking the user to jump through a bunch of unknown hoops they are blindly following (if the don't churn) (is "install this app, copy this secret, put this other secret in this other thing" really non-custodial when the user is basically just executing a bunch of things they don't understand?)
1 replies ↓