Thread - Nostr Hypermedia

if your threat model is a global passive adversary they clearly know where payments begin and end. his (unexpressed) point is "the second and second-to-last nodes on a route can't be sure they are second and 2nd to last" but it totally depends on the level of collusion between large nodes. a global passive adversary isn't required, if enough large nodes (particularly in a hub-and-spoke design) collude they can have *reasonable certainty* where payments originate and end up. Add mapping via channel probing and consider. not saying it happening now, but I AM saying,if it was happening you wouldn't know. which is why we have L1 systems designed to function in the open. That is the advantage of using a blockchain and not an L2. everything is tradeoffs.

↑ Parent

Replies (2)

Super Testnet 8 months ago

> if your threat model is a global passive adversary they clearly know where payments begin and end they don't know which of your messages are real and which are decoys they also don't know the contents of your messages > they can have *reasonable certainty* where payments originate and end up they can "say" they have reasonable certainty about that, but in many jurisdictions they would have to prove it in court, and that's often a pretty tough standard how do you know the person who *looks* like the sender (or the recipient) isn't just another routing node? Even mobile phones can route payments and are incentivized to do so, so you just don't know

1 replies ↓

Hanshan hanshan@hanshan.io 8 months ago

yeah fair enough. so what? I'm concerned about users being able to make accurate threat assessment. not being able to establish plausible deniability in court if their threat assessment is wrong. "they could collude but you can just argue the payment came from somewhere else" isn't compelling.

1 replies ↓