Garbage nsec's avatar
Garbage nsec garbagensec@NostrAddress.com 5 months ago
When you paste your nsec into an iOS app you're putting your trust in the operator of that app, no matter what code has been open-sourced. Most operators here I'm sure are worthy of that trust. But it is important to realise that this is a human trust situation.

Replies (4)

Garbage nsec's avatar
Garbage nsec garbagensec@NostrAddress.com 5 months ago
Even for a signer app you are putting trust in the owner of that signer app. Though you can take the code and publish it to your own app store account if you have one. And there are some albeit super complex ways to attempt reproducible builds on iOS.
Reproducible Builds for iOS and Android
This page contains instructions for verifying that Telegram's open source code is exactly the same as the code that is used…
 Remote signing can solve some of this, we're working on that via the cloud route but it still requires some trust in AWS or Intel. (Though I'd argue it's close enough to being trustless.)