Conversation

Notices

1. lunarised (lunarised@whinge.town)'s status on Wednesday, 08-Mar-2023 07:13:54 JST lunarised
   https://iris.to/lunarised
   
   I am on nostr, prob wont really use it, but hey... What are ye gonna do
   • Moon (moon@shitposter.club)'s status on Wednesday, 08-Mar-2023 07:13:51 JST Moon

     in reply to

     • Hyolobrika
     @Hyolobrika @lunarised you should be suspicious, a web-based nostr client isn't super safe and i can't prove to you right now it isn't stealing your key. just the way they said they built it, it should not ever get a copy of your key. if they are lying, or there is a bug, iris could steal your key.
     
     i am running my own copy of iris that is substantially more locked down than their own, but i still cannot say it doesn't have a backdoor. i am modifying my own fork to rip out all their backend integration because i don't want it or need it.
     cool_boy_mew likes this.
   • hyolobrika@berserker.town's status on Wednesday, 08-Mar-2023 07:13:52 JST Hyolobrika

     in reply to

     • Moon

     @Moon @lunarised OK. But I'm suspicious of things like that since it's very easy to update the app quickly to steal keys. I think.
     At any rate, using a URL like that trusts iris to tell you the truth about the key. But like I said, that's no different to a NIP-05 ID. But still not ideal.

   • Moon (moon@shitposter.club)'s status on Wednesday, 08-Mar-2023 07:13:53 JST Moon

     in reply to

     • Hyolobrika
     @Hyolobrika @lunarised iris is not custodial, your key never goes to their server, it's a static app for the most part with a few little bits that link up your public key with their server for a friendly name. you do still paste your key into their site though, it just never leaves your browser
   • hyolobrika@berserker.town's status on Wednesday, 08-Mar-2023 07:13:54 JST Hyolobrika

     in reply to

     @lunarised you're supposed to share the public key lol. but I suppose it doesn't really matter if iris is custodial. or isn't it?