calle 👁️⚡👁️ on Nostr: I see the risk in this and I think it also applies to other NIP07 applications that ...
I see the risk in this and I think it also applies to other NIP07 applications that can get signatures on notes from the extensions (they could publish fake notes signed by you).
There seems to be no other way than to show the user what they are signing. I wish
Alby (npub1get…0nfm) had a dedicated way of showing details of the ecash that is being signed. Maybe one day?
Definitely needs trust in the application that is requesting these signatures. What's true for signing messages is also true for signing transactions.
Published at
2024-02-12 11:58:32Event JSON
{
"id": "fc6d00ffcb7ea4a945fc175192d42d77c4bfba28fdbe294685a8fbadd7df97e5",
"pubkey": "50d94fc2d8580c682b071a542f8b1e31a200b0508bab95a33bef0855df281d63",
"created_at": 1707739112,
"kind": 1,
"tags": [
[
"e",
"27069d0d26bbaf41626e77542d4b8254d4b64a2d40c2f5f2dd3516ef9dc1562a",
"wss://nostrue.com/",
"root"
],
[
"e",
"18600b44cdb915d66fe1ae01b44c93402fdb3658fd15f10d09dced34049474fe",
"wss://nos.lol/",
"reply"
],
[
"p",
"1bbd7fdf68eaf5c19446c3aaf63b39dd4a8e33548bc96f6bd239a4124d8f229e"
],
[
"p",
"266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5"
],
[
"p",
"4657dfe8965be8980a93072bcfb5e59a65124406db0f819215ee78ba47934b3e"
]
],
"content": "I see the risk in this and I think it also applies to other NIP07 applications that can get signatures on notes from the extensions (they could publish fake notes signed by you). \n\nThere seems to be no other way than to show the user what they are signing. I wish nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm had a dedicated way of showing details of the ecash that is being signed. Maybe one day?\n\nDefinitely needs trust in the application that is requesting these signatures. What's true for signing messages is also true for signing transactions.",
"sig": "b78533a7fb37db0acdac784a0c14e36a0b9994656de3a34d018922125d4dab534b0825b62921124215889389413f743f14a0fd434b1022988efbe8fc9b40569d"
}
