-
@ semisol
2025-06-03 22:50:55
Extensions can load code at runtime, sure. But PWAs can as well.
Sure, extensions can run code on websites. But I can restrict on which, and/or audit the code. So none of that matters!
Even if they somehow did slip through, if an extension is malicious, I have concerns about my nsec, not about it tampering with my Nostr client.
PWAs can also exfiltrate my nsec, and be remotely updated. So far I have seen no real solution to the problem that you need an HTTPS website.