Thread

🛡️
1. Client code *can* forge posts and swap zap addresses. 2. Server code can augment the #Nostr experience in ways UI-only clients can't. This is why #Primal is winning. 3. Attestation for live server code is a real issue, but with primitives like runc/containerization, something like this is getting closer to being possible. 4. #Primal could rug their users using a rogue build on the server just like Damus could on the client. The reason these things don't happen is that the risk is destroying the project's reputation and the return is a paltry sum. This is 101 stuff man.

Replies (4)

🛡️
Theres nothing primal is doing right now that can’t be done with a no-backend client. The hack risk of your client trusting zap addresses from a trusted backend is too high, money could be sent to the wrong place, this would tank nostr’s credibility. A centralized server has complete control over what you view, they have censored users on the past on trending. They have complete control to manipulate follow counts to make people look more popular and others not, the counts don’t match up at all with other indexers. The server can go down leading to the app not working, leading to people viewing nostr as unreliable. The wallet is heavily kyc’d and doesn’t work in many places including where i live. The system is very brittle, and is set to implode the second they run out of money, and can easily lead to a very easy to censor experience without much effort from governments and ISPs… but hey, what do i know, im just a “butthurt dev”
Primal still does t have amber login when the feature was requested a year ago and many smaller clients have that feature.... It's improper when key rotation doesn't exist to have users pasting their nsec all over town #nsex