fsebugoutzone.org:9999

       Post ATImalGTvCwbHW1wX2 by 51ca0a3c01c2acee75610aa87dae63d46846c732c843587a1b4ef7333f09a0e0@mostr.pub
 (DIR) More posts by 51ca0a3c01c2acee75610aa87dae63d46846c732c843587a1b4ef7333f09a0e0@mostr.pub
 (DIR) Post #ATImWXEIA9W6aqzUkC by 6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93@mostr.pub
       2023-03-05T09:47:00.000Z
       
       1 likes, 0 repeats
       
       I don&#39;t know who needs to hear this, but: DO NOT NORMALIZE PASTING PRIVATE KEYS INTO WEBSITES 
       
 (DIR) Post #ATImZccKaVEcAihtEO by 199a8ef55ac0e4c80cd034caffe3702724255a3e4d1aaed12b245c5156e230a6@mostr.pub
       2023-03-05T09:49:45.000Z
       
       0 likes, 0 repeats
       
       And for Android apps like Amethyst? Same opinion?
       
 (DIR) Post #ATImZd8EfsktlfdMxc by 84739c4bca9f67d6e97b849e1579a843dff46a29e06c6c9c5aba5f2d02aee772@mostr.pub
       2023-03-05T10:02:46.000Z
       
       0 likes, 0 repeats
       
       Yes, though not sure there’s a good solution yet
       
 (DIR) Post #ATImalGTvCwbHW1wX2 by 51ca0a3c01c2acee75610aa87dae63d46846c732c843587a1b4ef7333f09a0e0@mostr.pub
       2023-03-05T09:54:26.000Z
       
       1 likes, 0 repeats
       
       It&#39;s fucking terrifying, man.I&#39;m seeing some absolutely shit security practices in play here, so just gonna sit back and offer commentary from the peanut gallery, and hopefully help mitigate some damage, or offer constructive suggestions for the platform moving forward.
       
 (DIR) Post #ATImi6cstoDXYl0l7Y by 1bc70a0148b3f316da33fe3c89f23e3e71ac4ff998027ec712b905cd24f6a411@mostr.pub
       2023-03-05T09:52:44.000Z
       
       0 likes, 0 repeats
       
       What’s the alternative? Installing alby? It’s a terrible UX for a new user who is used to entering password and being done
       
 (DIR) Post #ATImi7HITYXla5v26y by 84739c4bca9f67d6e97b849e1579a843dff46a29e06c6c9c5aba5f2d02aee772@mostr.pub
       2023-03-05T10:04:18.000Z
       
       0 likes, 0 repeats
       
       That’s the trade off for not being tied to a specific instance
       
 (DIR) Post #ATJVzCFjtKmj05uPJo by 1bc70a0148b3f316da33fe3c89f23e3e71ac4ff998027ec712b905cd24f6a411@mostr.pub
       2023-03-05T10:09:38.000Z
       
       0 likes, 0 repeats
       
       Not gonna scale whatsoever.
       
 (DIR) Post #ATJVzD3MuoU3U182fw by 7fa56f5d6962ab1e3cd424e758c3002b8665f7b0d8dcee9fe9e288d7751ac194@mostr.pub
       2023-03-05T10:23:49.000Z
       
       0 likes, 0 repeats
       
       An alternative would be to use npub to log in and only ask for nsec if the user wants to sign an event. I think is worse UX though. Can&#39;t make everyone happy.
       
 (DIR) Post #ATJVzDdAlh7jH3sdU0 by 84739c4bca9f67d6e97b849e1579a843dff46a29e06c6c9c5aba5f2d02aee772@mostr.pub
       2023-03-05T18:31:36.000Z
       
       0 likes, 0 repeats
       
       that still ultimately requires putting your nsec in an untrusted website which is a bad idea. I think the most &quot;normie&quot; friendly way to do things would be to ultimately be to have a way for people to delegate key management to &quot;identity providers&quot; that people register for with using a regular email that then handles their keys and signs messages over https (and does nip-05). This of course requires trusting the identity provider but provides account recovery and still provides the advantage of not being tied to a single relay.