Techly NewsGet the app

Get the latest tech news

Solving the Nostr web clients attack vector


One problem Nostr still has to deal with is the fact that web clients are "owned" by someone, because they rely so much on the domain name they're served from. Everything is fine with, say, https://coracle.social/, until With native apps that problem isn't so big as updates aren't mandatory, automatic and invisible as in the case of web apps (although there is still a problem with malicious app stores such as Google Play, but we can't solve everything at once).

One problem Nostr still has to deal with is the fact that web clients are "owned" by someone, because they rely so much on the domain name they're served from. With native apps that problem isn't so big as updates aren't mandatory, automatic and invisible as in the case of web apps (although there is still a problem with malicious app stores such as Google Play, but we can't solve everything at once). Any decent Nostr web client must be capable of running entirely on the client side, as a "static" webpage made of just HTML, JS and CSS, so it should be possible to have these files hosted on Blossom and referenced by the hash of the "index.html".

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Nostr

Nostr

Photo of attack vector

attack vector

Photo of Nostr web clients

Nostr web clients

Related news:

News photo

Nostr is public key microblogging that works

News photo

Nostr

News photo

Ditto: Build Your Community on Nostr

Election workers fear threats and intimidation without feds' support in 2026 »