Keys, Signers and Human Trust
Private keys are not a vibe. They are the line between owning your account and handing it to the nearest shiny login box.
If a Nostr app asks a newcomer to paste a private key, the page should feel a little cold. Maybe the app is legitimate. Maybe it is not. The user cannot know by vibes. A private key is not a password in the normal platform sense. It is the object that signs your public life. Treating it casually is how open identity becomes an expensive lesson.
The most dangerous sentence is "just paste your key"
If a Nostr app asks a newcomer to paste a private key, the page should feel a little cold. Maybe the app is legitimate. Maybe it is not. The user cannot know by vibes. A private key is not a password in the normal platform sense. It is the object that signs your public life. Treating it casually is how open identity becomes an expensive lesson.
Good privacy writing has to be calm, not theatrical. The point is not to scare people away from Nostr. The point is to give them a better instinct: your nsec stays protected, your signer explains what is being signed and your client earns trust through clear behavior.
Signers turn danger into a prompt you can understand
Browser signers and remote signing patterns exist because raw key handling is too easy to mess up. A signer can hold the key and let apps request signatures. That gives the user a checkpoint. What app is asking? What action is being signed? Is this a login, a note, a deletion, a payment request or something stranger?
The prompt matters. A bad signer prompt is technically present and practically useless. If it says a wall of event data and expects a beginner to bless it, the design has failed. A good prompt translates risk into human consequence without hiding the expert details.
Privacy is not the same as secrecy
Nostr is built around public-key identity and signed events. Much of what people do is public by design. That is not a bug, but it does mean privacy needs sharper language. A public note is public. A profile is public. Relay choices leak hints. Social graphs reveal patterns. Even zaps can say more than the sender intended.
Encrypted messaging, gift wraps, mute lists, relays and signers all change the privacy picture, but none of them make careless behavior disappear. The reader needs to know what is public, what is encrypted, what is merely hard to find and what depends on client support.
Trust moves from platform policy to product behavior
On a closed network, trust often means believing the platform account system will protect you. On Nostr, trust is spread across keys, clients, signers, relays, storage services and social signals. That can be healthier, but it gives the user more surface area to understand.
This is why privacy belongs in product writing, not only security notes. The safest design is the one that makes the right action feel natural. Back up the key. Use a signer. Read prompts. Separate test identities from important ones. Understand which client is storing what. None of that is glamorous. It is how people keep control.
A privacy page should make you braver, not louder
The best privacy page does not leave you shouting about sovereignty with no idea what to click next. It leaves you more capable. You understand the danger of raw keys, the value of signers, the difference between public and encrypted events, and the reason relay choice affects more than speed.
For Crays, that is the standard. We can make Nostr feel premium and social without softening the truth: account ownership is real only when key handling is real. Everything else is decoration on a door you may not control.