Niel Liesmons
· 5w
Especially now, where it's the agents handling the keys half of the time 🫣
Yeah I mean the UX issue of, hey guard this key with your life kind of thing. I mean I didn't "join" nostr until I wrote and maintained my own signer (and still do). With multiple layers of indirection to my key.
One my few podcasts back in '23 I talked about the issue of a life long key people are expected to just keep on their clipbard...
Which is a problem, because in bitcoin you can (as fast as you cant) try to move your utxos to another wallet. You can have completely offline wallets, the concept of a "hot wallet" is somewhat commonly discussed.
Nostr keys are always hot. In networking code and stored in managed runtimes, browsers, javascript objects environment variables etc.
I wouldn't be surprised if a supply chain attack on nostr devs was just to export their machine's environment variables.