quotingafter working on Damoose (safari extension), it seems nostore is pretty insecure because it exposes your private key to the javascript environment.
note1t5h…pgjn
Since we store your key in the iOS keystore, we can just access this from the plugin background process instead of the browser's javascript runtime environment.
We can sandbox the plugin process to disable outgoing networking connection, so it can only send messages to and from the browser, so it should be way more secure than what nostore was doing.
nobody on Nostr: Most likely our private keys are compromised and we can’t do anything about it but ...
Most likely our private keys are compromised and we can’t do anything about it but hey let’s right ecash to NSEC 🤣🤣