Ok hodlbod has been COOKING on his frost signer thing with email login. I just got a demo from him and it has me more excited about Nostr than I have been in a long time.
- users can sign into Nostr apps via email (or someday any other identity system they like. Phone? Facebook? snail mail? Āhau?) but behind the scenes they still have a private key
- no server or company ever needs a full copy of their private key
- at any point they can extract their Nostr key from the system to use another one (like a bunker, hardware signer, or just a different group of signing servers, etc.)
The big problem with Nostr onboarding is that people need to put in a significant amount of work to understand and manage keys before they even get a chance to get any value out of the software. But pomade enables someone to join without thinking about keys, *and later* start caring and still be able to take full custody of their key. It is the second part that nobody has really done before, on Nostr or anywhere else that I know of. It's not bulletproof, but it combines all the best tech we have to balance ease-of-use, security, and user control.
@hodlbod I think at some point I heard you say you get a summary of recent Nostr events every day. Is that from a DVM? Have you written about this somewhere? I would like to try something similar.
I wrote up some instructions for running a promenade signer, if that's something that interests you. Promenade creates a cluster of servers that cooperatively sign of Nostr events without any of them knowing your Nostr secret key. Bleeding edge identity tech. Join us! View Event →
I just posted a project update video for Keydex that shows the current features and future plans. Plus an announcement that I'm renaming the project from Keydex to Horcrux! Check it out:
I've been quiet lately but I've just been very heads down trying to get Keydex ready for it's first alpha usability test, which I'm about to head to right now! I'll try to post a project update this week, as I passed the halfway point on my (relatively tight) 4 month timeline recently.
I just did a weird thing with gift wraps in Keydex and I want to make sure it's not dumb. I'm having a bug where lockboxes are showing back up on the devices of key holders after they have been removed. Like this:
1. Alice invites Bob to be a key holder for their lockbox
2. Bob accepts
3. Alice publishes a shard of the lockbox data for Bob to download, gift wrapped and addressed to Bob.
4. Bob changes their mind and deletes the lockbox from their device.
5. Later when Bob reopens the app it downloads the shard event again and recreates the lockbox.
Of course I could maintain some local state about what has been deleted, but it would be better to just nuke the shard from the relay. We could ask the original publisher to do it, but we can't guarantee they are online. So what if we just include the ephemeral key used to gift wrap the shard in the seal? Now Bob can publish a NIP-09 deletion request to delete the shard.
I could see this being useful in other places too. For instance you could have a type of direct message that gets deleted from relays as soon as it is downloaded by the recipient.
