§Moving from platform feudalism to cryptographic ownership using Amber and Primal

by Alien Investor

────────────────
We live in an era of digital feudalism. On platforms like X, Instagram, or LinkedIn, you are merely a tenant. Your account, your reach, and your reputation are a “rental agreement” that can be terminated at any time by a simple database command.

A true owner accepts no uncovered liabilities. That is why we are moving from platforms (centralized) to protocols (decentralized).

In Nostr, your identity is not an entry on a Silicon Valley server, but a mathematical proof. Your private key (nsec) is the equivalent of a gold bar in a vault. Whoever holds the key is the identity.

This guide describes the pragmatic path that is the only sensible one for most security-conscious users:

The key is generated in the signer and stays there. The client only gets the public key (npub) — and signatures.

Rule #1: Never type your nsec into Primal, Amethyst, or any browser login. The nsec belongs in the signer. Period.

────────────────

§Part I: The Preparation (The Clean Room)

Do not create your identity in an environment you do not trust. If you use GrapheneOS: perfect. If not: secure it as best as possible.

§The Tools

Smartphone: Android (ideally GrapheneOS). Airplane mode must be possible.

Signer: Amber. This application generates and stores the key. Note: There is also an “offline” variant of Amber available in the releases if you want to keep the signer as “mute” as possible.

Client: Primal (or Amethyst) — but only via External Signer.

§The Mindset

We assume that every online environment is hostile. Clipboard sniffers and malware are waiting to grab a string starting with nsec1.

────────────────

§Part II: The Genesis (Key Generation)

We do not let the key be generated by a random website. We generate it where it belongs: inside the signer.

1. Turn on Airplane Mode. Optional: Turn off Wi-Fi/Bluetooth additionally.

2. Open Amber and select “Create new”.

3. Amber generates a new keypair (Private Key + Public Key).

4. Secure Amber immediately: PIN/Biometrics, System Lock active.

⚠️Important: The Private Key stays in Amber. You treat Amber like a hardware wallet for Nostr. No experiments, no “Always sign without prompting” convenience without a reason.

Never have an nsec generated for you or sent to you. Anyone who sees the nsec can theoretically take over your identity. Generate the key directly in Amber and use “External Signer” exclusively thereafter.

GrapheneOS Extra: Revoke Network Permissions

If you use GrapheneOS, you can harden Amber further: Revoke the Network permission for Amber.

Settings → Apps → Amber → Permissions → Network → OFF.

Amber now has no network access and remains a pure signer. If you ever want to use Amber for network-based functions, you must re-enable it. For pure signing in conjunction with a client, “Network OFF” is a very clean setup.

────────────────

§Part III: The Interface (Primal)

Now we install the client, the window to the world. We use Primal for its speed and user experience.

§The Critical Moment

At the first start, Primal asks for a login. Millions of users type their nsec here. You do not do that.

1. Select “Log in with External Signer” (or the key symbol).

2. Primal calls Amber as the External Signer.

3. Amber asks: “Primal requests your public key. Allow?”

4. Confirm this.

What happened? Primal only received your public key (npub). Primal does not know the secret.

When you post:

1. Primal creates the text.

2. Primal sends the signature request to Amber.

3. You confirm in Amber.

4. Amber signs and returns only the signature.

5. Primal sends the signed post to the network.

✅Reality Check: This protects you from a client stealing your nsec. It does not protect you if your smartphone is completely compromised or if you grant Amber permissions too generously. Sovereignty means: minimal rights, maximum skepticism.

────────────────

§Part IV: The Backup (Steel over Paper)

Digital data corrupts. Paper burns. A true Alien Investor secures for eternity.

The Code: Your Private Key (nsec) is your backup.

The Medium: Punch it into stainless steel or store it securely offline.

The Storage: One copy in a safe, another in a geographically separated location.

Rule #2: No cloud backup, no screenshots, no messenger, no notes app, no copy & paste marathon. Secure it properly once. Then the nsec stays in Amber.

────────────────

§Verdict: Welcome to Sovereignty

You have just created a digital identity that:

Was born in the signer (not in a random client).

Is stored in segregation (the client does not know the secret).

Can be physically secured (steel outlasts fire).

This is the difference between “having an account” and “owning an identity.” You are no longer a user. You are a sovereign node in the network.

“Trust no one. Verify everything.”

────────────────

§The Nostr Sovereignty Series

1. The Defense: Why you need an external signer. Your Private Key Is Not A Password: The Case for External Signers https://primal.net/Alien-Investor/your-private-key-is-not-a-password-the-case-for-external-signers

2. The Proof: How to get verified without permission. The Silver Badge: Immortalize Your Nostr Identity https://primal.net/Alien-Investor/the-silver-badge-immortalize-your-nostr-identity

3. The Economy: Escaping the walled gardens. Nostr Zap Store: Attacking the App Store Monopoly https://primal.net/Alien-Investor/nostr-zap-store-attacking-the-app-store-monopoly

────────────────

*Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at *alien-investor.org**

(German only) 👽