Made some changes to https://relay.pleb.one this morning.
What We Removed (The Bad Stuff):
- Private key login - This was like giving away your house keys to anyone who asked. Super dangerous!
- Hex key login - Same problem, just a different format of your private keys
What We Kept (The Good Stuff):
- Browser Extension Login (NIP-07) - Like using a secure password manager. Your private keys stay locked in the extension and never get exposed. This is now the recommended way.
- Public Key + Password - Only shares your public profile info, never your private keys. Good for automated tools.
Why This Matters:
- Before: Someone could steal your private keys and pretend to be you forever
- After: Your private keys stay safe in your browser extension or never get transmitted at all
The Trade-off:
- Some users will need to install a browser extension (like Alby) or set up a password
- But they'll be MUCH safer from hackers
Bottom Line:
We prioritized security over convenience - better to make users take one extra step than risk their accounts getting hacked!
Tim
npub13h…90nt7
2026-01-23 15:56:10 UTC
Author Public Key
npub13hyx3qsqk3r7ctjqrr49uskut4yqjsxt8uvu4rekr55p08wyhf0qq90nt7Published at
2026-01-23 15:56:10 UTCEvent JSON
{
"id": "9b3d18a53b87a31deb097b81b88784bc42052946e58722762fb2bdcb00238742",
"pubkey": "8dc8688200b447ec2e4018ea5e42dc5d480940cb3f19ca8f361d28179dc4ba5e",
"created_at": 1769183770,
"kind": 1,
"tags": [
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "Made some changes to https://relay.pleb.one this morning. \n\n What We Removed (The Bad Stuff):\n\n - Private key login - This was like giving away your house keys to anyone who asked. Super dangerous!\n - Hex key login - Same problem, just a different format of your private keys\n\n What We Kept (The Good Stuff):\n\n - Browser Extension Login (NIP-07) - Like using a secure password manager. Your private keys stay locked in the extension and never get exposed. This is now the recommended way.\n - Public Key + Password - Only shares your public profile info, never your private keys. Good for automated tools.\n\n Why This Matters:\n\n - Before: Someone could steal your private keys and pretend to be you forever\n - After: Your private keys stay safe in your browser extension or never get transmitted at all\n\n The Trade-off:\n\n - Some users will need to install a browser extension (like Alby) or set up a password\n - But they'll be MUCH safer from hackers\n\n Bottom Line:\n\n We prioritized security over convenience - better to make users take one extra step than risk their accounts getting hacked!",
"sig": "e8fe5a90a40febd6aba1e527785124bc8150d1381e4b851f8da18ad3041062acbb13dc8c37be5da730838ca6e16522595df93ebb609ee65f29ffa96d69980af3"
}