people are too busy fighting about whether zaps that cost more to send than their value are worth it while ignoring the biggest problem with Nostr right now “allow decrypting everything” must end just like inputting nsecs into every app View quoted note →

gm nostriches 🍍 NIP-44 and NIP-04 don’t protect you against malicious applications, and one “allow all” can lead to all your DMs, Nostr LN wallet seed and other private info being exfiltrated NIP-44 v3 fixes this: View quoted note →

90% of grants and bounties attract people that want to make a quick buck from slop. The higher the amounts, the sloppier it gets. Especially that grant orgs will now fund anything “Nostr” as long as they are willing to become a hype parrit Many of the revolutionary ideas and important software came out of unfunded people just doing their thing.

I am happy to announce NIP-44 v3: a new encryption standard for Nostr that fixes many of the shortcomings of NIP-44 v2. This fixes the main problem with encryption today, which is that you cannot allow an application to encrypt/decrypt only some kinds. This opens up users to risks where applications can exfiltrate private information like DMs, even if you just wanted to allow access to modify your encrypted lists. It also has some other improvements, such as allowing larger encrypted payloads. Read more: View article →

gm nostriches 🍍 the NIPs process is broken

ga nostriches 🍍 👀 View quoted note →

If you develop a Nostr SDK in any language or make a Go-based Nostr client, please drop a link below

Nostr clients have a responsibility to be honest to their users. Another one: App marketplaces shouldn’t show my identity as endorsing an app just because I follow the author. View quoted note →

I wouldn’t want web browsers to tell users visiting my website: “You can also donate to <person> with Google Pay” when I am not using it. I don’t want Nostr clients to lie to users about me “having” payment methods I don’t list in my kind 0 either.