dikaios1517 on Nostr: It is a big risk. However, it is not one that is impossible to mitigate with tools ...
It is a big risk. However, it is not one that is impossible to mitigate with tools that already exist, for the most part.
I am not aware of any videos discussing this subject in particular, and Nostr doesn't really have a "dev team" because there is no central organization overseeing the project. There's just a bunch of independent developers building stuff on a permissionless protocol.
Now... How to protect your nsec:
On a web browser, you can get a signer extension, such as Nos2x or Alby. I think there is another one released recently that starts with a G, but I haven't had a chance to look into it.
In any case, these signer extensions will store your nsec and allow you to log into any Nostr web apps that support sign-in using an extension. Thankfully, the vast majority of Nostr web apps do. Avoid the ones that don't.
On Android there is a signer application called Amber that allows logging into native Android applications, and any web app that allows for "bunker" login. Amber holds your private key, and does not give it to any of the applications you log into with it.
On iOS there is not anything similar yet, but tyiu (nprofile…xvrd) is working on one.
There is also a web app called nsec.app that can store your nsec and sign you into any app that supports "bunker" login.
As you can see, it is an issue that has been thought through, and there are many solutions for already. Not all nostr apps support those solutions, and there are still more ideas yet to be built.
I am not aware of any videos discussing this subject in particular, and Nostr doesn't really have a "dev team" because there is no central organization overseeing the project. There's just a bunch of independent developers building stuff on a permissionless protocol.
Now... How to protect your nsec:
On a web browser, you can get a signer extension, such as Nos2x or Alby. I think there is another one released recently that starts with a G, but I haven't had a chance to look into it.
In any case, these signer extensions will store your nsec and allow you to log into any Nostr web apps that support sign-in using an extension. Thankfully, the vast majority of Nostr web apps do. Avoid the ones that don't.
On Android there is a signer application called Amber that allows logging into native Android applications, and any web app that allows for "bunker" login. Amber holds your private key, and does not give it to any of the applications you log into with it.
On iOS there is not anything similar yet, but tyiu (nprofile…xvrd) is working on one.
There is also a web app called nsec.app that can store your nsec and sign you into any app that supports "bunker" login.
As you can see, it is an issue that has been thought through, and there are many solutions for already. Not all nostr apps support those solutions, and there are still more ideas yet to be built.