You still have to trust 44billion.net which hosts it (and DNS + CAs) — it could change the app that it serves
Login to reply
Replies (2)
If Github is to be used as a trusted source, it's best to host the whole UI from there. The other domains could always make it not use Github and re-prompt your nsec, or use it in a manner you did not authorize etc.
That said, it's a cool project — nostr apps would benefit from OS / browser level integration that takes care of key management, event storage and relay connections without every app having to do it.
Yes. Open-source code is meaningless in context of web apps, be it loading in iframes or anywhere else. It's never anything more than "I promise that this is the code that is loading there at this time".