-
@ Laeserin
2025-05-22 04:34:04
Yeah, I got to thinking about this, when I built the gitcitadel.com login, with Npub, browser extension, Amber, and Bunker methods in it.
There are higher and lower-levels of permissions, dependent upon use case:
lurking: no permissions, just build a non-crappy client and default to a good relay
customized settings: npubread-only
casual interactions: anon logins
publishing notes under your own npub or using a write-protected relay: signer
Before performing any action, we should only ever be checking that they have the minimum level of permissions required for that action.
Make sure that someone who is lurking can zap or send emoji. Make sure someone logged in with npub can use their favorite relays and filter according to their own lists. Etc.
Until now, everyone has been doing this backward, sometimes even requiring "logging in with nsec" to see ANYTHING. So, the debate has all been about frontloading settings and sending invites, but this is actually a Nostr antipattern. You don't need to send someone an invite, for them to see what you see. Just send them your npub and tell them to login with that. Then we could have a button, "Create a new npub, with settings just like this one or define new settings." and they could click it and be done.
Or just send them a link to the website because it's a motherfucking website and you can just go there and do stuff, off the bat.