Deeznuts on Nostr: The DOM is not a trustable environment. You are downloading and executing code from ...
The DOM is not a trustable environment. You are downloading and executing code from random servers all over the internet. Code constantly changes on these servers and you have no idea what security and privacy controls are implemented on these servers. It’s never safe to expose private keys to such code. The extensions are a small bit of code that is open source and runs inside a safer environment that the DOM does not have read access to. Also, browser vendors do a modicum of static analysis on extensions, which is also good.
Published at
2023-12-03 12:26:07Event JSON
{
"id": "7fd04a82804960b2c2ae78ad643ca5637fae4b0c176267075cc10f04198bccb8",
"pubkey": "8aedc87160819e490cb0162acbd8c9a26d79e63db74f5b1b65939012924a7f05",
"created_at": 1701606367,
"kind": 1,
"tags": [
[
"e",
"c21a15eceacb0dc4bf7ede452de42c8686a41efb4cc7f033bd05a142ab38baab"
],
[
"p",
"3165b80272b9bbc59d629641227a7cc897f6c367a5fa1729829eaba4a9f51d37"
]
],
"content": "The DOM is not a trustable environment. You are downloading and executing code from random servers all over the internet. Code constantly changes on these servers and you have no idea what security and privacy controls are implemented on these servers. It’s never safe to expose private keys to such code. The extensions are a small bit of code that is open source and runs inside a safer environment that the DOM does not have read access to. Also, browser vendors do a modicum of static analysis on extensions, which is also good.",
"sig": "552c991604af461b3535a9bfb315b650bcd78fd9d0c3e58042fc542fcdc018c5e4c4d071a4e135f9899b40ff53cda153a6c094e61c27aaf3dc9bc0ec0c91fa5f"
}
