I agree, it's the same thing prone to similar issues/errors (copying the nsec and then accidentally pasting it somewhere, etc). We support import of encrypted nsec (nip49), but most apps don't export in that format. If you have any ideas here I'd be happy if you shared them.
One thing I will add to the mix: I think nip46 (Nostr Connect) is missing a standardized "import nsec" flow, i.e. app could generate a key for new user (to reduce onboarding friction) but then if/when user wants to reuse the key in other apps they could choose a provider and app should somehow pass the nsec to the provider, i.e. redirect to provider.com/import/#nsec or something like this. This would mean there is no copy/pasting, and we wouldn't be "training" the user to mess with their keys.
OTOH maybe this whole "let's hide keys from the user" thing is a mistake and we should instead educate them better etc. But my own experience looking at how non-tech users are trying nostr tells me that people won't read, they will only click big red buttons on the screen and hope for the best. Anything above that causes frustration and anxiety. What's your view here?
brugeman
npub1xdt…ntxy
2024-06-11 10:26:34
in reply to nevent1q…5gaq
Author Public Key
npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxyPublished at
2024-06-11 10:26:34Event JSON
{
"id": "9e68c8bdd7168c2d84ac1e4ab50d1273efa7edc54bd4937b7d0d119a8922aa0f",
"pubkey": "3356de61b39647931ce8b2140b2bab837e0810c0ef515bbe92de0248040b8bdd",
"created_at": 1718094394,
"kind": 1,
"tags": [
[
"t",
"nsec"
],
[
"e",
"f754a238947b7f32168f872650a8dd0b9376493e58005d7e0b8be52f6f229364",
"",
"root"
],
[
"e",
"1258e76e38d7ec6b9e1faa58a9f8ec538ecb573fd31dc9ef511040120ca8f537",
"wss://nos.lol/",
"reply"
],
[
"p",
"06639a386c9c1014217622ccbcf40908c4f1a0c33e23f8d6d68f4abf655f8f71",
"",
"mention"
],
[
"p",
"683211bd155c7b764e4b99ba263a151d81209be7a566a2bb1971dc1bbd3b715e",
"",
"mention"
]
],
"content": "I agree, it's the same thing prone to similar issues/errors (copying the nsec and then accidentally pasting it somewhere, etc). We support import of encrypted nsec (nip49), but most apps don't export in that format. If you have any ideas here I'd be happy if you shared them.\n\nOne thing I will add to the mix: I think nip46 (Nostr Connect) is missing a standardized \"import nsec\" flow, i.e. app could generate a key for new user (to reduce onboarding friction) but then if/when user wants to reuse the key in other apps they could choose a provider and app should somehow pass the nsec to the provider, i.e. redirect to provider.com/import/#nsec or something like this. This would mean there is no copy/pasting, and we wouldn't be \"training\" the user to mess with their keys. \n\nOTOH maybe this whole \"let's hide keys from the user\" thing is a mistake and we should instead educate them better etc. But my own experience looking at how non-tech users are trying nostr tells me that people won't read, they will only click big red buttons on the screen and hope for the best. Anything above that causes frustration and anxiety. What's your view here?",
"sig": "2f8c54581c9f1c71ab0c35a16c75fc4ee5a64ff1843ea6345c3032bcc72a992e0cd527e3aacc261afc288dedda91faf0136fda42301ea87c2c3343c3d5987353"
}