Damus
Open in Damus
Blake · 135w
Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and it’s e...
 The Fishcake (nostr.build) profile picture
The Fishcake (nostr.build) @The Fishcake🐶🐾
Oh, if you are talking about big boys, you should have named them. Don’t expect any privacy there, that goes without saying. HSTS actually works if you are afraid of mitm. DNSSEC has to be used too and your resolver has to be someone you trus and over secure channel. 🐶🐾🫡
🤙2
Blake · 135w
My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector. External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to...