I’m not sure what hashing it would do since that’s a one way function.
As I understand it all Zapple pay does it listen out in relays for a pubkey to send a certain react event referencing a note. When it sees that it uses the nwc string to initiate a zap on behalf of that wallet.
Those strings can be encrypted but the key to decrypt it would need to constantly be available making it a moot point.
The people using Zapple pay aren’t sending any other data for Zapple pay to handle (such as a key to decrypt the nwc string or anything).
Safest thing to do if worried is to run your own or if on Damus run that Nostr script to re-enable zap functionality.
wolfbearclaw / Counter Narrative
npub1pw…8pf5t
2023-09-09 03:54:48
in reply to nevent1q…mrl8
Author Public Key
npub1pwtrrydty95q5ces0tkm2r7hkqfe9jwxhmmee5xwke6g4lz70l7sd8pf5tPublished at
2023-09-09 03:54:48Event JSON
{
"id": "39f3151795afccea8dddb9cf3b3fee6d4ef38c35a77ae98461b6473e09db2d10",
"pubkey": "0b963191ab21680a63307aedb50fd7b01392c9c6bef79cd0ceb6748afc5e7ffd",
"created_at": 1694231688,
"kind": 1,
"tags": [
[
"e",
"af14f7e0aa441911ced9d874b67eb9cb6f3521e06d4ffb8078d8a3b7ff9ab8b8"
],
[
"e",
"e2f9a062f337bbb17d1319ae9db9b045f3110ba7222962fc0cc9b60199c5b337"
],
[
"p",
"71bfa9cbf84110de617e959021b08c69524fcaa1033ffd062abd0ae2657ba24c"
],
[
"p",
"e1ff3bfdd4e40315959b08b4fcc8245eaa514637e1d4ec2ae166b743341be1af"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"ee6ea13ab9fe5c4a68eaf9b1a34fe014a66b40117c50ee2a614f4cda959b6e74"
],
[
"p",
"f804a2254b67163339699fccb6acac6f77efbac4b1696cdfac66ea84ee83379d"
]
],
"content": "I’m not sure what hashing it would do since that’s a one way function. \n\nAs I understand it all Zapple pay does it listen out in relays for a pubkey to send a certain react event referencing a note. When it sees that it uses the nwc string to initiate a zap on behalf of that wallet. \n\nThose strings can be encrypted but the key to decrypt it would need to constantly be available making it a moot point. \n\nThe people using Zapple pay aren’t sending any other data for Zapple pay to handle (such as a key to decrypt the nwc string or anything). \n\nSafest thing to do if worried is to run your own or if on Damus run that Nostr script to re-enable zap functionality.",
"sig": "4b7680b881749b4f7df2128e19583ad751d3143dac84a01ed665d4948966a8caa2df3f74a4cfd679c6607f78db38a7c38fef868df4fb83f3253deb472f58f904"
}