bad-takes

salty af

in today's edition of stfu bro, don't you know that nobody cares?

when they said "these are your keys. we keep custody of them in order to enable a great account recovery experience and you may opt out"

they really meant to add, "and also to sign things when it's useful for the network"

but that's not as clean of a message

https://SassyHash.artlu.xyz/download

See pinned cast frame for more.

PFP is my Native.fun Print, genart unique hash of wallet txns -> Faces of Farcaster

Founder @payflow /payflow payflow.me /crimea 🇺🇦

I actually want to verify which key was used to sign the verification messages. Like, do they have a master signer they can use at the protocol level, or do they have to use the Warpcast signer for each user.

And if I delete the app off my phone, am pretty sure it can still sign on my behalf because of the web version

it's actually custodial wallet which signs verification, signer only for casts, reaction, bio, etc...

not exactly, it's used to add/remove signing keys + sign in with farcaster + signing the proof of address verification

it's stored in warpcast mobile app only, so I assume they don't store it anywhere on your behalf, however they programmatically operate with it within your app.

it's not stored in enclave (simply because the curve is not supported). but technically neither they encrypt it with a regular AES key stored in enclave, because they are able to programmatically sign with it, without any device auth (fingerprint, face id, pin, etc).

either they have some extra software based db encryption, but maybe it simply stored in plaintext and sandboxed

they plan to introduce more separation of concerns, because this identity access model doesn't scale well, but tbh I don't think they care at this point about other clients - not the main focus

I humbly accept there's a bunch I don't know.

I thought it was a custody account (an account used to hold things) or a custodial account (an account held on my behalf, without ownership but maybe with right-to-take-things-out).

And I assumed the recovery feature was limited to "kill switch" plus point-to-new-account. I didn't realize the issuer kept the private keys available for occasional programmatic use.

I fully assumed the point of the signer was to abstract away the need to use the private key for day-to-day cryptographic signing of messages. So there'd be no need to keep a database of private keys.

Am I mistaken? Am earnestly asking to understand how it's acceptable to do anything with "my" private keys, beyond sharing them securely with me.