Wouldn't Apple "own" those nSec's? Not discounting it would be an awesome onboarding tool.

When sign in with android? 😅

Ya I use Sign in with Apple for everything. It’s way easier than any other option.

I won’t even try an app on my iPhone if I can’t sign up / in with Apple. Besides nostr of course. I jump through hoops for this place 😆

Don't we want people free of Big Tech's control?

Am I understanding right that this is a method to bridge a "normal" log in user flow to a Nostr key?

Could be profound for onboarding new users. Some logistical questions of course; where would the nsec be livin’ in that equation?

Separate into 2 types of apps: "sign in with nostr", and "link nostr account". One type of app actually constructs notes on your behalf, the other only links to your identity. Ideally neither ever sees your nsec. Your nsec only exists in a single signer app. The link nostr types will only ever verify your identity. Things like a video game, just lets you dox yourself similar to how games get you to link your twitch account. These will request a signature from your signer app only to verify that you actually own the npub you entered. The other type of app is various nostr clients. Those will send requests to your signer app every time they wanna create a note. Your signer app will have basic permission settings for every app similar to your phone's. First time on an app it will ask if you want it to sign notes from that app, either "always", "ask every time" or "never". You will also be able to grant permissions for which kinds they can sign. For example, you wanna try a new shitposting meme app so you give it permission to sign kind 20 (picture-first) notes automatically, but that app will never be able to change your kind 0 (profile info).

I never use “sign in with Apple” for anything.

Yes. @npub1n0st...k6h0 @Fabian 👀

Interesting. But let's remember that iPhones are the most privacy-shattering phones, with AI-driven scans taking place on-device even before any end-to-end encryption can have been triggered (that's why, for instance, Apple is allowed to sell phones & computers in China...). Not sure if our keys and "private" Nostr chats could escape Apple's totalitarianism.

I’m not suggesting they can and don’t know enough about the privacy implications to say one way or the other. I’m suggesting that most people don’t care, and it’s the best option available while giving them the UX they want and possibly as close to the privacy and security as possible. What you suggest means that literally anyone with an iPhone (myself included) has compromised their keys and thus it doesn’t matter. So it makes no sense to not allow that option for people. If they get burned, they will suddenly learn a lot about keys and security.

Of course you don’t, you’re on Nostr at the stage where people are still using raw keys. But a huge number of people do.

If you think you do that by ignoring what those people use and how they use it, then I think you’ve made an error. Also you should look into how @OpenSecret works so you understand the trade offs and security.

Can’t you do the equivalent with “sign in with Google” that does a similar process? I don’t know unfortunately because I only use my android for random app testing and stuff

Check out how @OpenSecret works. But there would certainly be a degree of trust due to how Apple structures their “Secure Enclave”, but in my opinion it’s a far less trade off than asking normies to deal with raw keys safely. And honestly people learn stuff when they get burned. Let them get burned in a way that actually matters and where there is actually a sovereign alternative. Trade offs across the board are an order of magnitude better, imo, and it drops the barrier to entry by 99% for the overwhelming majority of users.

Correct

I’m going to repeat this incessantly until we realize this is one of the best set of trade offs we could possibly have for onboarding new people to Nostr. @OpenSecret @primal @Damus @Amethyst @npub1n0st...k6h0 @Openvibe @noStrudel @npub1wnww...95l8 View quoted note →

Yes, and I understand why they do and respect the possibility that Apple will get it “right.” Good to stay flexible if they don’t. 🙂

I fully agree. It's much better to clear the way to Nostr & other Bitcoin inspired apps for all iPhone users than not do it 🙃. What we most probably need then is to promote more through Nostr open source privacy phones (that should become the norm, instead of the exceptions) and above all a phone-freed life, where no company nor State will be tracking our every move, and we'll pay our groceries with sats or the coming self-custodied Cashu, through standalone Bolt cards (no phone required). Otherwise, the next step will be easy & instant fiat stablecoin payments through the Internet of Bodies, and each one of us carrying a Pop Mart designed chip in his preferred organ. ¡Muchas gra-sats! by the way, for your tireless educative and mind opening work!

Better to use a cryptographic key rather than something that can be pointed to you, such as a Apple account. Apple accounts have a lot of data about the user.