If you are using Android, the only place you should paste you nsec is on Amber. No other app cares about your key security as Amber does. No one.
Thread
Login to reply
Replies ()
Tried keychat?
Yep, not a big fan. They do a bunch of things without creating any NIPs that we can integrate with. I prefer 0xchat.
I meant as a browser for mini web apps? They support nip07 which makes it extremely easy to test out a lot of web apps without the inconvenience of bunkers. They have gone a long way from just a messaging app
I would never insert my nsec in any app that has a browser inside of it. Ever.
You could test it out with a test nsec to actually see how it works. We all inserted our nsecs in amethyst before amber became the norm. They are actually moving in the right direction
They support amber as well. 
Cool, then you don't need the inner browser. You can just run it on a regular browser if they support nip55
This is just to create an identity. The identity is what is used with the mini apps with nip07. Again it would be great if you tested it out to see what they have been cooking
Will do some tests.
This is why nostr isn't growing....
I need 4 apps just to use nostr. And even then on mobile "no extention found" for 85% of things built.
Extensions don't work on mobile browsers. They have to support nip55 to get Amber to sign.
Try out #keychat. One app to test all the mini web apps with support for multiple accounts and different login methods.
Kiwi browser did it before it shut down. Lemur browser has extensions but never pops up to sign on. Hopefully they fix that.
What's best practice on iOS, do you know? Getting ready for @Shosho – Live Stream on Nostr iOS release but not sure what is best to support.
Let's hope they can do it. iOS is not the best place for app to app communication. :(
iOS must be cloud enclave based. Local is simply not possible in any way that scales.
So what tools do users use today?
Do they simply enter nsec into every native app?
Yes, close to 100% paste in I'd imagine. There are workarounds such as nsec.app, Aegis, Nosskey (piggybacking off passkeys), and some extensions, or apps like Damus/Nostr attempting to be your signer, but any solution that keeps it all local faces the same fundamental issues and can only half-overcome them. There can never be an Amber on iOS.
Cloud enclave based can potentially scale but needs a lot of work, Artur is the brains there, we're working on it too, but needs time.
Hello Rod, I have good experience with Nsec.app on the iOS 🫡
Ok thanks! I will look into supporting this
Very cool.. too bad that it is multiplatform.
Nem o Amethyst? Que coisa não...
Sim. We do too many things on Amethyst. Amber has a flavor that it can't even connect to the Internet.
What does the Amber do/care that Amethyst or other apps do not?
Amber is not a Nostr client that you use to browse content. Amber helps secure your nsec so no one gets access to it.
Let's say you download several Nostr clients (one for browsing written content, one for video, one for voice chat, etc etc). Withoug Amber you would have to give each of those clients youe nsec so that the client can use it to sign the events (posts) that you post through it (that way people know it's from you).
What if one of more of those clients is malicious and shares your nsec with others? What if it's insecurily voded and hackers get access to your nsec through it. The more clients you give your nsec to, the larger the risk.
With Amber (and clients that support it) you DON'T give your nsec to any other client to sign into it. Instead you tell the client to use Amber to sign your posts/events with. So Amber is the ONLY app that knows your nsec. Other apps get hacked, they still can't give hackers your nsec because they don't have it.
Makes sense?
#nostr #grownostr #amber
Yes, most of it.
I want Login with Nostr and every app who stores the nsec could just provide what Amber is doing now.
If I got here with Amethyst, it makes sense just to do Login with Nostr using Amethyst in other nostr apps. It does NOT make sense that now I have to learn bunch of this stuff (this might be for power users).
I think you miss the point. The whole point of Amber is not having to give every nostr app your nsec, that's the service Amber privides now. You don't need to be a power-user to use it. We want to get away from people trusting every Nostr client with their nsec. What you are suggesting sounds like it would do the opposite.
If every app was like Amber and every app had "Login with Nostr App" (not with key) then I would create my nsec with the first app I interacted and use that app to access my content in all other apps. Amber should be a library as well.
Yeeeesss! We need this!
Why isn’t amber on iOS? Does it have to do with #apple ecosystem?
Apple doesn't allow anything like that.
Sucks to be using the iPhone
Stop using it.
Can’t seem to access NFC via a browser in iOS either. Biggest case to stop using iOS.
I was always wandering about key security across apps…
I make accounts on every site. I'm not a fan of using one nsec everywhere. It's safer and less confusing.
I use amber sometimes but it's confusing. I'm just gonna keep a backups of my notes using citrine so if someday my nsec gets stolen I can import all my notes to my new nsec.
That works as well.
@Satlantis: Social Events wink wink nudge nudge
Can you explain to non app developers why nostr clients can't do what Amber does. To play devil's advocate if I only use Amethyst on nostr can I not think of that as an Amber that also posts? Or is Amber somehow more secure?
Most devs don't have the knowledge and/or time and resources to protect your keys well. This is especially true if they are shipping apps to all operating systems.
Amber focuses only on that and doesn't do anything else. There is a version of Amber isn't even authorized by Android to use the Internet.
@primal you support Amber yet?