fc.proto

Signers (rebranded as app keys) are extremely powerful, but I think they are becoming a disaster waiting to happen. Users are not aware how to manage them, and even if they were, there are no reliable tools to do so. 

Does anyone else share the same concerns? If so, what can we do to improve them?

Dad, geek, conversation liquidity provider. vrypan.net (home), /weatherxm (work), @l--o--l (fun). Also https://paragraph.xyz/@purplesubmarine

Is it any different from OAuth tokens to your X account?

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

Invalidation of content created by the key. I see a list of signers I have approved in WC, some of them are for apps that no longer exist, but I can't remove them, because I don't know what will be removed. And even if I did, what choice do I have?

It should be pretty easy to write a script that resigns your messages before removing your app key. 

We haven't prioritized this feature in Warpcast because it's not that important. Most users app keys don't have a lot of messages, and even if they do they are mostly old, so users dont care too much if they get revoekd.

It’s also not intuitive that all messages get invalidated once a signer is deleted. Like you mentioned as well, easily rebroadcasting messages from an invalidated signer will not be possible with the rate limits introduced by snapchain right?

Strong ordering could help with automatic signer expiry and invalidating signers (all messages after invalidation snap are invalid)

@stephancill has put together something like this. But I don't feel it's stable enough to trust it with my data, and it's definitely not a simple solution anyone can use.

Otoh, this is a cool solution, that would let me remove old signers without worrying what happens to my content.

cypherpunk wannabe, engineer working on @frames /open-frames /opencast
https://stephancill.co.za create stories at https://stories.steer.fun

@stephancill has put together something like this. But I don't feel it's stable enough to trust it with my data, and it's definitely not a simple solution anyone can use.

Otoh, this is a cool solution, that would let me remove old signers without worrying what happens to my content. https://warpcast.com/stephancill/0x71cf91d8