Yeah I mean the UX issue of, hey guard this key with your li...

ChipTuner

npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7

hex

8efe1c21436f38081a46ad22c2bb3154aec81bfbcabfd9db1bb49106584f745a

nevent

nevent1qqsgalsuy9pk7wqgrfr26gkzhvc4ftkgr0au407emvdmfygxtp8hgksprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsqxefne258ydmfgm2wfl02fsdqgs0d5wx29kweg9amxcqxew4t7kq3fa494

Kind-1 (TextNote)

2026-06-08T13:28:08Z

↳ Reply to Event not found

77e5079acb77efb6afa8448c7f2866c5ac7f45e0604eeb76a17a566138904778...

Yeah I mean the UX issue of, hey guard this key with your life kind of thing. I mean I didn't "join" nostr until I wrote and maintained my own signer (and still do). With multiple layers of indirection to my key.

One my few podcasts back in '23 I talked about the issue of a life long key people are expected to just keep on their clipbard...

Which is a problem, because in bitcoin you can (as fast as you cant) try to move your utxos to another wallet. You can have completely offline wallets, the concept of a "hot wallet" is somewhat commonly discussed.

Nostr keys are always hot. In networking code and stored in managed runtimes, browsers, javascript objects environment variables etc.

I wouldn't be surprised if a supply chain attack on nostr devs was just to export their machine's environment variables.

Raw JSON

{
  "kind": 1,
  "id": "8efe1c21436f38081a46ad22c2bb3154aec81bfbcabfd9db1bb49106584f745a",
  "pubkey": "036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
  "created_at": 1780925288,
  "tags": [
    [
      "e",
      "f9901260bc194e772513aa63bc4c5e4696eaaad9168d08f4d547c18e46eae264",
      "wss://cyberspace.nostr1.com/",
      "root",
      "577de06dce160a0379163a4bb7b680be3e0a0e1c68de6e6ba8c01134b44064dd"
    ],
    [
      "e",
      "77e5079acb77efb6afa8448c7f2866c5ac7f45e0604eeb76a17a566138904778",
      "wss://theforest.nostr1.com/",
      "reply",
      "a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be"
    ],
    [
      "p",
      "577de06dce160a0379163a4bb7b680be3e0a0e1c68de6e6ba8c01134b44064dd"
    ],
    [
      "p",
      "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
    ],
    [
      "p",
      "576d23dc3db2056d208849462fee358cf9f0f3310a2c63cb6c267a4b9f5848f9"
    ],
    [
      "p",
      "930ccef12372dd2f16057cfc54f0dbd94335d8b51b4e2737236b00cab718fcd9"
    ],
    [
      "p",
      "a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be"
    ]
  ],
  "content": "Yeah I mean the UX issue of, hey guard this key with your life kind of thing. I mean I didn't \"join\" nostr until I wrote and maintained my own signer (and still do). With multiple layers of indirection to my key. \n\nOne my few podcasts back in '23 I talked about the issue of a life long key people are expected to just keep on their clipbard... \n\nWhich is a problem, because in bitcoin you can (as fast as you cant) try to move your utxos to another wallet. You can have completely offline wallets, the concept of a \"hot wallet\" is somewhat commonly discussed. \n\nNostr keys are always hot. In networking code and stored in managed runtimes, browsers, javascript objects environment variables etc. \n\nI wouldn't be surprised if a supply chain attack on nostr devs was just to export their machine's environment variables. ",
  "sig": "fbdc9f05df5d83ddf865c52c92b1a8cf8463ada9b1b3f604c38fb165789e759f43bbb387e617e7b1aa033d7593dd73ca4134ac915455b83d350908bd7033712c"
}