You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: privacy policy, vault-current docs, and Actions-based Pages site
- PRIVACY.md: repo-hosted privacy policy (local signer; key encrypted at rest;
no servers/accounts/telemetry; per-permission rationale incl. <all_urls>).
Doubles as the Chrome Web Store privacy disclosure basis.
- README/USAGE/CHANGELOG: bring the security model up to date with the encrypted
vault (was "session-only"), document the passphrase + unlock/lock/forget flow,
bump version 0.0.7 -> 0.0.8, test count 133 -> 141, add vault.js to the file
map, and add a "Where Podkey fits" section positioning it against existing
NIP-07 signers, the did:nostr ecosystem (github.com/topics/did-nostr), and
Solid (solidproject.org) — extends + consolidates rather than reinvents.
- site/: a polished, self-contained docs landing (index.html) + hosted privacy
page (privacy.html) for a clean Web Store privacy URL.
- gh-pages.yml: complete the migration off the legacy gh-pages branch — assemble
the docs site + test page and deploy via actions/deploy-pages (the proper
GitHub Actions Pages workflow), triggered on site/test-page changes.
Co-Authored-By: jjohare <github@thedreamlab.uk>
Podkey is a browser extension that holds a Nostr/[did:nostr](https://nostrcg.github.io/did-nostr/)
6
+
key on your device and uses it to sign Nostr events ([NIP-07](https://github.com/nostr-protocol/nips/blob/master/07.md))
7
+
and to authenticate to [Solid](https://solidproject.org) pods over
8
+
[NIP-98](https://github.com/nostr-protocol/nips/blob/master/98.md). It is a
9
+
**local signer**: your key never leaves your device, and Podkey has no servers,
10
+
no accounts, and no analytics.
11
+
12
+
## What Podkey stores, and where
13
+
14
+
All data is stored **locally** in the browser's extension storage. Nothing is
15
+
sent to the Podkey developers or to any third party.
16
+
17
+
| Data | Where | Notes |
18
+
|------|-------|-------|
19
+
|**Private key**|`chrome.storage.local`, **encrypted**| Stored only as an AES-256-GCM ciphertext, wrapped by a key derived from your passphrase with scrypt. The plaintext key is never written to disk. |
20
+
|**Private key (unlocked)**|`chrome.storage.session`, in-memory | After you unlock with your passphrase, the decrypted key is held in memory for the browser session so signing is fast. It is cleared when the browser closes. |
21
+
|**Public key**|`chrome.storage.local`| Your `did:nostr` identity. Not secret. |
22
+
|**Trusted origins**|`chrome.storage.local`| The sites you have approved to sign without re-prompting, and an optional per-site auto-sign preference. You can revoke any of them from the popup. |
23
+
24
+
There is **no telemetry, no tracking, no advertising identifiers, and no
25
+
remote logging.** Podkey collects none of your browsing history or page content.
26
+
27
+
## How your key is used
28
+
29
+
-**Signing** (NIP-07 `signEvent`, `nip44.encrypt/decrypt`) and **Solid
30
+
authentication** (NIP-98) happen entirely inside the extension's background
31
+
service worker. The raw private key is never exposed to web pages — only the
32
+
resulting signature, ciphertext/plaintext, or `Authorization` header crosses
33
+
to the page.
34
+
- A site you have not approved triggers a consent prompt on its first request.
35
+
Closing the prompt, or a 60-second timeout, denies it.
36
+
- Podkey makes **no network requests of its own.** A NIP-98 `Authorization`
37
+
header is attached only to requests **you** initiate to a Solid/Nostr server
38
+
you have trusted; the data goes to that server, under your control, not to
39
+
Podkey.
40
+
41
+
## Permissions, and why they are needed
42
+
43
+
-**`storage`** — to keep the encrypted key, your public key, and your trusted
44
+
sites locally, as described above.
45
+
-**Host access (`<all_urls>`)** — Podkey is a NIP-07 signer, so it injects a
46
+
`window.nostr` provider into pages and, for sites you have trusted, attaches
47
+
NIP-98 auth to your own requests. This requires script access to the pages
48
+
where you use a Nostr/Solid app. Podkey **does not read, collect, or transmit
49
+
page content or browsing history**; host access is used solely to expose the
50
+
signer and to intercept auth for origins you have explicitly approved.
51
+
52
+
## Data sharing and retention
53
+
54
+
- Podkey **does not sell or share** any data. There is no data broker, no
55
+
third-party processor, and no off-device transfer of your key or activity.
56
+
- All data remains on your device until you delete it. **Removing the
57
+
extension, or using "Forget key" in the popup, erases the stored vault, public
58
+
key, and trusted sites.** Back up your private key before doing so — without a
59
+
backup it cannot be recovered.
60
+
61
+
## Your control
62
+
63
+
- Unlock / lock your key on demand from the popup.
64
+
- Review and revoke trusted sites at any time.
65
+
- Export your private key (after unlocking) to back it up.
66
+
- Forget the key entirely to start over.
67
+
68
+
## Contact
69
+
70
+
Podkey is open source under AGPL-3.0. Questions, issues, or security reports:
0 commit comments