The specific attack is not being highlighted in this article. Are we worried about keypairs being stolen and used to push malicious messages to the network? Lightning wallets emptied? Direct messages being read?
Agreed it’s not a great article because it expects the reader to have context and a little imagination, but last I checked what the nostrilfolk were up to it was typical for a web app to ask for your private key (Nsec) and you’re just supposed to trust that app to take actions on your behalf (why nostr isn’t a browser extension that simply signs transactions clientside I don’t know)
So the attack vector is you change what you do once you get a nostridumbass to enter their nsec, Mossad is just mentioned as a catchall for potential attackers.
The article is about accessing a service (nostr) through a hosted web app. The domain or server that is hosting the app could be compromised and serve a bad app.
Posts on nostr use a key pair so when you see a post from foo you know it's the same foo you knew from last week. Also, posts are shared to and stored on multiple independent servers (called relays).
A compromised app could serve you fake posts or censor stuff.
Seems like the age old ease of using a website, vs running your own copy of open source software after reading and understanding it in its entirety (unsolvable mess)
[1]: https://en.wikipedia.org/wiki/Zooko%27s_triangle
What’s the point of the article?
How’s the author compromised by the Mossad?
What would the attack be?
So the attack vector is you change what you do once you get a nostridumbass to enter their nsec, Mossad is just mentioned as a catchall for potential attackers.
Posts on nostr use a key pair so when you see a post from foo you know it's the same foo you knew from last week. Also, posts are shared to and stored on multiple independent servers (called relays).
A compromised app could serve you fake posts or censor stuff.