Most people like Amber because the app doesn't have permission to access the web. I happen to agree that nsecs should never be hosted by any app that connects to the web.
Login to reply
Replies (12)
Yeah but i’m pretty sure you can spawn a secure subprocess without networking on android?
Sure, but you cant do that on a minimal app like Amber. Everybody will see it.
Also, most people already have their keys there and have no desire to put it anywhere else.
I agree. Recepie for disaster. And you don't even get barrows gloves for completing this one.
How is the user supposed to tell Damus to have network for some things but not for that secure sub process? He cant. The entire point of a second app like Amber, is to give the user the ability to deny network permissions instead of having to trust the developer to have done it correctly.
You think you'll never make a mistake. You may be right, but I'd still rather not have to trust you.
* If you don't use built-in bunkers, and honestly this is a great feature to enable Amber for web and desktop apps.
Maybe we should have a separated bunker companion app that uses Amber without any network permission for plain offline signing.
@greenart7c3
To be honest I do regret putting the bunker stuff in amber
It so complicated trying to maintain the connection to relays open all the time
Is there an option to make Amber fully offline?
🫂
You can download the offline version from github if you don't use web apps
Version 4 also has a kill switch button in the notifications that disables connection to relays
You can also remove all relays from settings
So why not evaluate a split?
I wonder if you could let Pokey do the connection and listen to the requests via it's pull notification. Then Amber could stay fully offline and Pokey would manage the in and out of events.
Or maybe another app like pokey, but just to connect with the nip46 relay.
Thank you very much! 🫂