Thread

Extensions don't work on mobile browsers. They have to support nip55 to get Amber to sign.

Try out #keychat. One app to test all the mini web apps with support for multiple accounts and different login methods.

Kiwi browser did it before it shut down. Lemur browser has extensions but never pops up to sign on. Hopefully they fix that.

Let's hope they can do it. iOS is not the best place for app to app communication. :(

iOS must be cloud enclave based. Local is simply not possible in any way that scales.

So what tools do users use today? Do they simply enter nsec into every native app?

Yes, close to 100% paste in I'd imagine. There are workarounds such as nsec.app, Aegis, Nosskey (piggybacking off passkeys), and some extensions, or apps like Damus/Nostr attempting to be your signer, but any solution that keeps it all local faces the same fundamental issues and can only half-overcome them. There can never be an Amber on iOS. Cloud enclave based can potentially scale but needs a lot of work, Artur is the brains there, we're working on it too, but needs time.

Hello Rod, I have good experience with Nsec.app on the iOS 🫡

Ok thanks! I will look into supporting this

Very cool.. too bad that it is multiplatform.

Sim. We do too many things on Amethyst. Amber has a flavor that it can't even connect to the Internet.

Amber is not a Nostr client that you use to browse content. Amber helps secure your nsec so no one gets access to it. Let's say you download several Nostr clients (one for browsing written content, one for video, one for voice chat, etc etc). Withoug Amber you would have to give each of those clients youe nsec so that the client can use it to sign the events (posts) that you post through it (that way people know it's from you). What if one of more of those clients is malicious and shares your nsec with others? What if it's insecurily voded and hackers get access to your nsec through it. The more clients you give your nsec to, the larger the risk. With Amber (and clients that support it) you DON'T give your nsec to any other client to sign into it. Instead you tell the client to use Amber to sign your posts/events with. So Amber is the ONLY app that knows your nsec. Other apps get hacked, they still can't give hackers your nsec because they don't have it. Makes sense? #nostr #grownostr #amber

Yes, most of it. I want Login with Nostr and every app who stores the nsec could just provide what Amber is doing now. If I got here with Amethyst, it makes sense just to do Login with Nostr using Amethyst in other nostr apps. It does NOT make sense that now I have to learn bunch of this stuff (this might be for power users).

I think you miss the point. The whole point of Amber is not having to give every nostr app your nsec, that's the service Amber privides now. You don't need to be a power-user to use it. We want to get away from people trusting every Nostr client with their nsec. What you are suggesting sounds like it would do the opposite.

If every app was like Amber and every app had "Login with Nostr App" (not with key) then I would create my nsec with the first app I interacted and use that app to access my content in all other apps. Amber should be a library as well.

Yeeeesss! We need this!

Apple doesn't allow anything like that.

Sucks to be using the iPhone

Stop using it.

Can’t seem to access NFC via a browser in iOS either. Biggest case to stop using iOS.

That works as well.

Most devs don't have the knowledge and/or time and resources to protect your keys well. This is especially true if they are shipping apps to all operating systems. Amber focuses only on that and doesn't do anything else. There is a version of Amber isn't even authorized by Android to use the Internet.