What is Nostr?
ava
npub1f6u…zcka
2024-11-29 07:38:32
in reply to nevent1q…5e8w

ava on Nostr: #Nostr users understand the fact that their nsec is to be protected at all costs. If ...

#Nostr users understand the fact that their nsec is to be protected at all costs. If it is ever compromised, there is no "password reset"; their account and all the connected services/(NWC) wallets they have in relation to that nsec will also be compromised.

Support for #Amber would go a long way to mitigating this risk.
https://github.com/greenart7c3/Amber

Do you have any plans to implement Amber for mobile and/or other Nostr signer extensions like #nos2x etc.?

Also, there are many privacy concerns I see with your privacy policy.

Why do you ask for, and share so much user data?

For instance, #Openvibe:

- Collects device information automatically, including device ID, model, hardware details, and IP address and more...

"Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed."

- Shares information with Google Analytics to track the use of your services

- Tracks browsing history, search history, and online behavior on your services

- Collects precise and imprecise location data through GPS and IP address

"Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).

Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services."

- Disregards user's privacy settings by not honoring browser DO-NOT-TRACK (DNT) requests

- Explicitly states that you may share user data with affiliates (your parent company, and any subsidiaries, joint venture partners etc.)

And more...

Why did you not opt to make this app open source?

Are there any plans to go open source in the future?

Why do you collect so much user data and not honor user browser privacy settings?

I understand collecting site analytics and marketing metrics, but your data collection practices seem to go above and beyond what is necessary to deliver your services, not to mention your privacy policy explicitly states that user data may be shared with your affiliates.

I am looking for a service like this, and yours looks impressive, but these bullet points are concerning for user privacy.

Please help me understand why all this data collection is necessary, and how your services respect end user privacy.

Looking forward to your reply!
Author Public Key
npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka