555 sats \ 10 replies \ @03365d6a53 19 Jun 2023 \ on: Progressive Web Apps - arguments against? nostr
No it is not safe to let a browser touch your private keys! Ever!
The good news is that they don't need to. They can simply send a message to be signed.
For Nostr this is defined in NIP-46 and a number of signing apps are in development. Your Nostr PWA just needs a 'sign in' button, you can then choose (using a trusted app) which acount to log in with, and what permissions to grant.
write
preview
0 sats \ 9 replies \ @south_korea_ln OP 19 Jun 2023
Is this what getalby does?
reply
0 sats \ 8 replies \ @south_korea_ln OP 19 Jun 2023
Or it would be more like an offline ledger type of device to sign messages for your pwa? Like something I saw Ben Arc do recently in a nostrica session?
reply
0 sats \ 7 replies \ @03365d6a53 19 Jun 2023
browser extensions don't really work on mobile
it could be offline, or a server such as nsecbunker, but it could also be a native app (such as damus or amethyst)
the developers just need to find time to add NIP-46 support!
reply
0 sats \ 6 replies \ @super_testnet 20 Jun 2023
browser extensions don't really work on mobile
they do though, check out kiwi browser for android
reply
0 sats \ 5 replies \ @03365d6a53 20 Jun 2023
did you try it?
getalby didn't work on kiwi for me
reply
10 sats \ 4 replies \ @super_testnet 21 Jun 2023
it works for me https://i.ibb.co/rG0VfWL/Screenshot-20230621-095341.png
reply
0 sats \ 3 replies \ @03365d6a53 21 Jun 2023
interesting, thanks for sharing
which phone / operating system was it?
i tried on pixel 7 with graphene
reply
0 sats \ 2 replies \ @super_testnet 21 Jun 2023
I have a cheap $40 motorola device (moto g pure) running stock android
view replies