greg
@gregfromstl
Common argument for "export private key", but it's actually an argument against. If an app can show you your private key, it means they can show themselves too. So... yeah... they've got your keys and there's nothing you can do about it
1 reply
1 recast
3 reactions
Steve
@stevedylandev.eth
just shitposting but good points lol
1 reply
0 recast
0 reaction
greg
@gregfromstl
I know but you gave me bait to rant with. I can't resist
1 reply
0 recast
1 reaction
Steve
@stevedylandev.eth
This was indeed my plan all along lol Devils advocate: What if the exporting of a private key is simply using the user's hashed password to unlock a local encrypted file? Similar to Foundry's cast keystores? Afaik the warpcast export is a sharded key taking a similar approach that's unlocked using the user's custody keypair
1 reply
0 recast
1 reaction
greg
@gregfromstl
Unfortunately its not how the sharded key thing works. The private key can be reassembled remotely and captured by Privy (the wallet provider here). It is safe from the app developer (Warpcast in this case), assuming Privy doesn't give them some sort of backdoor access. You could design a system that works this way using IPFS but you move the ability for recovery unless you use ZK and/or TEEs
1 reply
0 recast
1 reaction
Steve
@stevedylandev.eth
very interesting... 👀 cc @kyletut @polluterofminds
1 reply
0 recast
2 reactions
greg
@gregfromstl
If you do want to jam on a truly non-custodial in-app wallet lmk, we've made prototypes and with 7702 the UX goes 10X. I've actually made an entire library around it that I'll finish and release once Pectra goes live
0 reply
0 recast
1 reaction
