Extensions can load code at runtime, sure. But PWAs can as well.
Sure, extensions can run code on websites. But I can restrict on which, and/or audit the code. So none of that matters!
Even if they somehow did slip through, if an extension is malicious, I have concerns about my nsec, not about it tampering with my Nostr client.
PWAs can also exfiltrate my nsec, and be remotely updated. So far I have seen no real solution to the problem that you need an HTTPS website.
semisol
npub122…cgrkj
2025-06-03 22:50:55
in reply to nevent1q…eqqw
Author Public Key
npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkjPublished at
2025-06-03 22:50:55Event JSON
{
"id": "d9d54fd74f63111c5de2a3caf853da775664eb50a130e20422608cda30cf6b21",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1748991055,
"kind": 1,
"tags": [
[
"e",
"5d67160eec13d6fa3c5602183c0bde129f2b3a0e5afaaf5e07bbd92d6531a879",
"wss://relay.primal.net",
"root"
],
[
"e",
"977584e2051430c2d6473896c4843e522f3848c88c3c70e95456b0b9a359f0ef",
"",
"reply"
],
[
"p",
"4229c21f0101abc3ba45233e176e975fa9e671bb18a6722bdf7726ba25445ff9"
],
[
"p",
"2779f3d9f42c7dee17f0e6bcdcf89a8f9d592d19e3b1bbd27ef1cffd1a7f98d1"
],
[
"p",
"c7eda660a6bc8270530e82b4a7712acdea2e31dc0a56f8dc955ac009efd97c86"
]
],
"content": "Extensions can load code at runtime, sure. But PWAs can as well.\n\nSure, extensions can run code on websites. But I can restrict on which, and/or audit the code. So none of that matters!\n\nEven if they somehow did slip through, if an extension is malicious, I have concerns about my nsec, not about it tampering with my Nostr client.\n\nPWAs can also exfiltrate my nsec, and be remotely updated. So far I have seen no real solution to the problem that you need an HTTPS website.",
"sig": "eeb66595a745a03fbb9ecd8ecca608fabef0836bdd90d13c858d5925efe6792038e897dea04f6351fcf0d1c0633ea7b6e06fa996399d346287b4be944f42f726"
}