What is Nostr?
jb55 / Will
npub1xts…kk5s
2024-08-06 18:30:29

jb55 on Nostr: after working on Damoose (safari extension), it seems nostore is pretty insecure ...

after working on Damoose (safari extension), it seems nostore is pretty insecure because it exposes your private key to the javascript environment.

Since we store your key in the iOS keystore, we can just access this from the plugin background process instead of the browser's javascript runtime environment.

We can sandbox the plugin process to disable outgoing networking connection, so it can only send messages to and from the browser, so it should be way more secure than what nostore was doing.

Author Public Key
npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s