How is ZBD different from any other client where you input your private key instead of on-demand air-gapped signing from offline device?
For example, how can you be sure that Damus does not send your private keys directly to its own servers? Yes, you see source code on github (which you won’t audit ever) but you have no way to check that app on your iphone was buily using this source
viktorvsk / Viktor Vsk
npub13f…fgvmt
2023-09-18 10:57:39
in reply to nevent1q…ck4g
Author Public Key
npub13f5edp5przy3sm0nnrrj205vgstuuul7s98datn7ekqahh54x6kqufgvmtPublished at
2023-09-18 10:57:39Event JSON
{
"id": "e3c280e6951dcdecb0fbccd423486caed72becba5e3eb01c42f5cef1e898adcb",
"pubkey": "8a699686811889186df398c7253e8c4417ce73fe814edeae7ecd81dbde9536ac",
"created_at": 1695034659,
"kind": 1,
"tags": [
[
"e",
"3b9f3a8e877d1ee3fe3fb928b3b1199fc9af23e6ec87c5d1db69a98afa7fc212"
],
[
"e",
"7c0ce63bd430bca3f97395238509a7b15cea1a1ecdaea6e7c260d23ba14fac12"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd"
],
[
"p",
"c6f7077f1699d50cf92a9652bfebffac05fc6842b9ee391089d959b8ad5d48fd"
]
],
"content": "How is ZBD different from any other client where you input your private key instead of on-demand air-gapped signing from offline device?\n\nFor example, how can you be sure that Damus does not send your private keys directly to its own servers? Yes, you see source code on github (which you won’t audit ever) but you have no way to check that app on your iphone was buily using this source",
"sig": "5bc6163b7da3bf27958c71bdd0297e8946712b62e8d7e6fa2a76e31fa6852fc21ab4f1c5babc9de4097157eb6c82cd28f0613469c74fa604f69ecfb10bc91f05"
}