Thread

Zero-JS Hypermedia Browser

Relays: 5
Replies: 12
Generated: 17:22:09
avatar
arthurfranca npub1l3cg...6vs2
Could it be possible to improve user retention by making Nostr web apps work **without** a browser extension? Help me test this vision by uploading your static (nostr) websites at https://44billion.net. Sign in/up then click on the (n)app icon with a big "N" (a Napp store) where you can upload them. Hint: Before uploading, you could add some code to your napps to support auto-login. You just need to get the logged-in user's pubkey on load by calling `const userPk = await window.nostr.peekPublicKey()`, which returns the pubkey without prompting the user.
2025-11-12 19:28:32 from 1 relay(s) 4 replies ↓
Login to reply

Replies (12)

avatar
arthurfranca npub1l3cg...6vs2
This platform is different. 1) The web app is loaded client side, doesn't touch the server 2) The nsec is handled by this github page https://github.com/44Billion/44b-vault, loaded on an iframe, that runs exactly the same open-source code on the repo. 44billion.net has no direct access to the nsec. It lives as a passkey on the device's secure element. Soon uses will be able to switch to their own 44b-vault fork.
2025-11-13 14:36:00 from 1 relay(s) ↑ Parent 1 replies ↓ Reply
avatar
Martti Malmi sirius@iris.to npub1g53m...drvk
If Github is to be used as a trusted source, it's best to host the whole UI from there. The other domains could always make it not use Github and re-prompt your nsec, or use it in a manner you did not authorize etc. That said, it's a cool project — nostr apps would benefit from OS / browser level integration that takes care of key management, event storage and relay connections without every app having to do it.
2025-11-13 14:42:16 from 1 relay(s) ↑ Parent 1 replies ↓ Reply
avatar
arthurfranca npub1l3cg...6vs2
> [...] The other domains could always make it not use Github and re-prompt your nsec [...] I'm sure you know it but just to make it clear for future readers, the browser automatically isolates passkey storage (and storage in general) by domain. If 44billion.net changes the login iframe to a malicious url, the nsecs won't be there. Nothing bad happens per se.
2025-11-13 20:55:25 from 1 relay(s) ↑ Parent Reply
Ben f npub1g7a3...wlnj
I got on nostr after a year and apparently you can't just put your nsec into websites anymore. Has to be a browser extension. Not everyone really cares about nsecs
2025-11-25 16:36:46 from 1 relay(s) ↑ Parent Reply