Thread

🛡️
Article header

Why did we stop building signers?

Nostr signers are far from complete, we need to continue building them.

Published:

I'm writing this article because I don't have enough time to build every awesome Nostr idea myself (even with AI), and my hope is that some other talented developer will read this and get inspired.

Why did we stop building Nostr signers? It seems that we built browser extensions, got remote signing working, then added an "auto-approve" mode and stopped building...

I am aware that the majority of Nostr users simply copy and paste their private key into apps. There isn't much wrong with that. But I use signers for everything, and there is no reason users like me need to be constrained by the simplicity of the "average user". I want more information, and I'm sure there are plenty of average users who would like the same.

My signers are broken

All Nostr signers that I use right now simply show an Approve and a Reject button, maybe with an optional time period. Annoyingly they also have an "always approve" option front and center, as if I'm supposed to click that instead of approving the current request.

This isn't any one developer's fault; it's a product of how we have built apps so far—usually starting by asking the user to input their private key and hand over full control of their identity, and only later implementing support for signers and asking the user for permission for each action.

For almost all apps I've used, the transition from private keys to signers isn't smooth, since the difference between having full control of the user's identity and asking the user for permission is the same difference between the existing banking system and Bitcoin. What this results in is most apps being unaware they are asking the user for a signature. They still act like they have full control, and the user simply has an emergency brake to revoke the signing privileges.

What this looks like is apps asking me to sign 20+ events as soon as I open them; asking me to decrypt ALL of my direct messages when I accidentally click the wrong tab; or, worse, constantly interrupting my social browsing by asking for an authentication request so it can connect to a relay that I have no idea why it even needs to connect to. Or, worst of all (there's a lot I don't like), asking me to sign... every... single... HTTP request. Thanks NIP-98 for reminding me why session cookies were invented.

Show me what I'm doing

Enough with my complaining—realistically I can't fix all Nostr apps. I simply want to have more control over the apps I use. I want to be able to see at a glance what they are asking me to do. I want to know when they are misbehaving so I can go open an issue in the GitHub repo.

To do this, signers need to start showing more details about signing requests. What type of event is it? What will it look like? What effect will signing—and presumably publishing—this event have? Is this routine relay authentication or a NIP-09 deletion request? Or, worse, a NIP-62 – Request to Vanish, which presumably could nuke my Nostr account from orbit...

In short, I want a signer that will give me the full power of my private key, let me see everything, and control everything.

What the future should be

I haven't written a signer myself, but if I did—or if I have to in the future—this is a brain dump of ideas I would consider.

Visuals, visuals, visuals

If it's not clear at this point, I never use the "auto-approve" mode most Nostr signers have—mostly because I'm protective of my private key, but also because I'm curious what the app is doing.

Normally I just look at the event kind, but this doesn't tell the whole story—I need to know more. Why can't I see what a kind-1 note will look like? Why can't I see how many users are being added to or removed from my contact list? Why can't I see what changes are being made to my profile and what it will look like? Why can't I see who I'm encrypting this text to? Am I decrypting a direct message or my NIP-60 Cashu wallet?

There are endless possibilities here. Every kind of event has a specific way it can be visualized, and the kinds that are replaceable need to show me not just what the new version is, but what I'm replacing.

Dynamic permissions

Permissions shouldn't be a boring settings view with so many options that I feel like I'm reading a book, they need to be dynamic. if you've ever built a permission system, you know there are too many possibilities and preferences to ever model, and it quickly becomes more complex than just writing code... so why not just write code?

With the rise of AI—and how it has enabled us to create new apps every day—why do we still think of permissions as static? Why can't I vibe-code a Lua or JavaScript snippet that precisely controls what I want to allow, reject, or always ask me to confirm? Then I could take these scripts, save them as templates, apply them automatically when I log in to new apps, share them on Nostr for other users to benefit from, and, of course, zap.

Debugging and audit logs

When I'm debugging, I manually look at the JSON. But it only works for me because I know what the most common event kinds are and how they should be structured. It's also very tedious and boring.

Why can't I have a log of all requests? This would be pretty lightweight and would unlock so many cool debugging tools. For example: what kinds do I normally approve, and which do I normally reject? How many requests do I get per session? What relays have I authenticated to? How many times have I decrypted a specific string of text? What pubkeys have I encrypted text to?

If this is a remote signer, there is the element of time. Does the app only ask for signatures while I'm using it? Is the signer getting the request, or is it lost in the relays?

Talk is cheap, code is getting cheaper

All this complaining by myself is cheap. It's easy to complain and say what we should have in the future, but the hard part is actually building the future.

Luckily, we have AI to ease this a little—not all the way, but if used correctly, it is good at creating visuals using Tailwind and other browser technologies. In my experience, it is still bad at planning and building the more complex parts of apps, so we still have some work to do.

So I'm going to end this by repeating something Gigi said to me: You have one year to build it; otherwise, I'm going to build it worse.

Replies (2)

Better UX is a nice carrot … but sometimes a stick is what gets shit done. 👇🏼 As soon as big tech or government start recognizing Nostr, they will use the big legal hammer of data protection, ID verification, and other regulation enforcement to coerce compliance. DESPITE the fact that Nostr protocol is able to protect users BETTER than any other centralized social tech, they will come after individual companies running clients and relays … because Nostr is so different and possibly a threat to the status quo. The argument @hzrd149 makes in this article is nice, “please make better key signing UX”. But he (and most of Nostr) are completely missing the obvious. Apps that HOLD OR GENERATE private keys are low hanging fruit for the coming onslaught of regulatory enforcement. Apps WILL adopt and improve the tools for remote signing and key gen, NOT because it’s a nice to have but BECAUSE THEY WILL NEED TO. Time is on our side. #freedomtech
🛡️
I recently forked nsecbunkerd with similar ideas in mind. Still an early work in progress but I have an OK UI with a nice update expected next week. Great read, BTW, you do awesome work.