Solving the Nostr web clients attack vector
10 days ago
- #Nostr
- #Decentralization
- #Web Security
- Nostr web clients are vulnerable because they rely on domain names controlled by someone.
- Native apps have fewer issues as updates aren't mandatory or automatic like web apps.
- Proposal to treat web clients like Coracle as subjective, identified by a hash rather than a domain.
- Nostr web clients should be static (HTML, JS, CSS) and run entirely client-side.
- Challenge is encouraging users to use specific client versions (identified by hash) rather than direct domain access.