Cody's avatar
Cody cody@jumble.social 1 week ago
Jumble now lets you sign up or log in with Google. It is not custodial, no server ever holds your key. Your private key is split into shards and signing uses FROST threshold signatures. Two roles cooperate: - Central server: the coordinator that verifies your Google sign-in and relays NIP-46 signing requests to the operators. It never holds a shard or your key. - Operators: independent servers that each hold one shard of your key. No single operator can sign on its own, signing needs a threshold of them. Google is only used to prove it is you, it never touches your key. If you already log in with an nsec, you can link a Google account under Settings → Account. Powered by Pomegranate:
viewsource.win

Replies (27)

Cody's avatar
Cody cody@jumble.social 1 week ago
To split your key into shares and distribute them across operators, Jumble needs the key itself, so linking Google is only available for nsec users. With Amber, your key stays external and Jumble never sees it.
2 replies ↓
utxo the webmaster 🧑‍💻's avatar
utxo the webmaster 🧑‍💻 _@utxo.one 1 week ago
I do it by just encrypting the nsec with a pin and saving it to Google drive. This way with Fiatjaf's package has the issue that if the signers or offline, or abandon the responsibility of being a signer, users won't be able to login. Of course everyone on nostr hates how I do it
2 replies ↓
Cody's avatar
Cody cody@jumble.social 1 week ago
I couldn't think of a good reason to say no. The only thing I'm not entirely happy with is that the central server still isn't mature enough. Users can't manage permissions very granularly yet. But I'm confident fiatjaf will keep improving it.
inkan's avatar
inkan dv@www.inkan.cc 6 days ago
This is interesting and it's good to have a reference implementation. It's not clear why one would want to use it.