You can’t verify what backend code is running, you can compile and verify what code is running on damus ios and damus notedeck. No backend to trust. This is 101 stuff man.
Thread
Login to reply
Replies ()
Even if you looked at backend source code it could still get hacked and swapped out. This is a real concern. If the caching relay started serving zap addresses that didn’t match profiles… you could be sending sats to hackers on all profiles. This can’t really happen on iOS due to how code signing works, ios verifies binary signature chains from apple and the developer.
1. Client code *can* forge posts and swap zap addresses.
2. Server code can augment the #Nostr experience in ways UI-only clients can't. This is why #Primal is winning.
3. Attestation for live server code is a real issue, but with primitives like runc/containerization, something like this is getting closer to being possible.
4. #Primal could rug their users using a rogue build on the server just like Damus could on the client. The reason these things don't happen is that the risk is destroying the project's reputation and the return is a paltry sum.
This is 101 stuff man.
Primal still does t have amber login when the feature was requested a year ago and many smaller clients have that feature.... It's improper when key rotation doesn't exist to have users pasting their nsec all over town #nsex
Primal is the macOS of nostr clients 🤮