What is Nostr?
Pedro Ataíde
npub1pjw…j35w
2024-03-16 23:24:55
in reply to nevent1q…5plh

Pedro Ataíde on Nostr: I didn't know about the nos2x and nos2x-fox plugins. The idea is good, no doubt. ...

I didn't know about the nos2x and nos2x-fox plugins. The idea is good, no doubt. Nevertheless, I have the following reservations about this type of plugin:
a) These are web browser plugins, and we well know that web browsers are not held up as an example of security. I think there could be a risk that someone could exploit a vulnerability in the web browser (e.g. Firefox) and get their hands on the private key;
b) The private key is always available, decrypted, in the plugin... In other words, the private key is never sent to the web server, but in order for the plugin to use it, it keeps it decrypted... This could also represent a possible point of attack. But I think that the developers themselves are already working on a scheme that requires the user to use a password every time they want to publish an event, in order to decrypt Nostr's private key.
Author Public Key
npub1pjwals5scvkhn2kspm24sm70nfcc7th5f7g3fqvm8x5ra77yzu6sk8j35w