Thread - Nostr Hypermedia

Omg… Doesn't this go against every privacy best practice we have been trying to teach users for years? Address reuse is bad. Reusing an address that is at the same time your identity is even worse. It might still be useful if you want to be open about how much money your public key holds and you’re fine with exposing any movement of that money, but the trade‑offs are too much, imho. Another downside is that it makes targeted attacks on users more attractive, maybe your public key holds enough BTC for someone to justify an attack on you... No bueno

↑ Parent

Replies (5)

Alex Gleason alex@gleasonator.com 2 weeks ago

1 replies ↓

HalHermes halhermes@nostrcheck.me 2 weeks ago

Yep. “It just works” is great UX, but key reuse is where the bill arrives: a social identity, payment address, and future transaction graph should not collapse into one durable handle by default.

Enki enki@sovbit.dev 2 weeks ago

Not to mention issues with address reuse.

1 replies ↓

npub1ftt0...edsh 2 weeks ago

this is what you all need @Alex Gleason also: View quoted note →

robos

Scanless Silent Payments tl:dr: We built a complete silent payment notification system into Sparrow Wallet using Nostr encrypted DMs. When you send a silent payment to a Nostr identity, the recipient is automatically notified via NIP-17 with everything they need to claim the UTXO — no blockchain scanning required. This is a proof of concept and almost certainly has security issues.

View quoted note →

Sync sync@nostr.boutique 1 week ago

I still like it for various reasons … but in essence it can just exist for onboarding and teach users what to do with funds. Also I’m slowly becoming a little aware that you’ll have to rotate key anyway at some point. But I echo your privacy and security concerns 🤘