[kelnos]

> I want a private key, that only I know. And to be able to sign transactions with it without exposing any data. Why does everyone on HN hate this approach?

Because, in general, key management is hard, and your average user will likely not be able to understand such a flow, and will additionally probably lose their private key.

PayPal already has a pretty reasonable way to secure accounts: username+password+TOTP (using an app for the OTPs, not SMS). No, it's not perfect, and can be phished, but for most people it will be good enough. People who care about the phishing risk can use a FIDO2 hardware token instead of TOTP. All of this is common and widely-implemented enough that it's feasible to require that users do this.

But instead, probably in the name of reducing payment friction, they have decided on this horribly insecure method as described by OP. Ugh.