🫥 on Nostr: What about extension or desktop/phone apps, software. It would be way harder to push ...
What about extension or desktop/phone apps, software. It would be way harder to push any malicious code out as you can have update being restricted to only signed updates that means the doesn't need to trust the server where they get the update from, which is not true for web apps, everytime using webapp they could be served with malicious code. I am not sure about what kind of update security extensions have but with desktop apps and on android this could be achived. The thing with other providers like facebook, twitter and etc is that they do not store an encryption key, if the password gets leaked they can always change it in their db( after they verified the user), which is not possible here as the only verification (and the "source of truth") is the private key.
Published at
2023-07-04 14:23:20Event JSON
{
"id": "422a0643055763f64826a4ca140bf7168d8a70bd175e41f122e7a1a5b7e3397f",
"pubkey": "f5c60627da0f155e7b494b7722b3c2cd17aff7b8cc9f9a5344ebdb056c53d50b",
"created_at": 1688480600,
"kind": 1,
"tags": [
[
"e",
"30e63655b2ae92896b5575cf676f2e8b54e6addbfc69c193e27a124aea4851c3",
"",
"root"
],
[
"e",
"263ff88b9f0b169642fff67191cfa551135edf184fbfb0b2ce32f5f29257b643"
],
[
"e",
"763931ff9179bbf1392233ccedbfb917e2b5cd9c654d17ac47985762a146585c",
"",
"reply"
],
[
"p",
"7d8c03ac267355ab2c6d11ef91a5ab0de99f5fb5cf0cd2daafedc4615b037fd6"
],
[
"p",
"f5c60627da0f155e7b494b7722b3c2cd17aff7b8cc9f9a5344ebdb056c53d50b"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
]
],
"content": "What about extension or desktop/phone apps, software. It would be way harder to push any malicious code out as you can have update being restricted to only signed updates that means the doesn't need to trust the server where they get the update from, which is not true for web apps, everytime using webapp they could be served with malicious code. I am not sure about what kind of update security extensions have but with desktop apps and on android this could be achived. The thing with other providers like facebook, twitter and etc is that they do not store an encryption key, if the password gets leaked they can always change it in their db( after they verified the user), which is not possible here as the only verification (and the \"source of truth\") is the private key.",
"sig": "fafc8ef20289ecaec8cd2adc4a6b9e25708a55e149808662a785ecc9501efbb12c14e912763697db9825d124c6e7b60c8706b1858c040b217f9e4c53bfbe7f85"
}
