Replies (134)
I'm still working on adding signer support. NIP-07 needs a window.nostr.signPsbt and NIP-46 needs a sign_psbt method. It works correctly with nsec login. Don't judge it yet unless you sign in with nsec.
I sent you a $1 onchain zap:
View quoted note →Absolutely. This is why I refuse to use Alby's window.nostr.signSchnorr method
Here's how the wallet UI looks:
signPsbt is the way. It only works for structured bitcoin transactions.
On-chain zaps?
That's pretty cool.
No. It uses your Nostr pubkey as a Taproot internal public key.
Unironically we should bring pigeon mail back.
Why is there so much fear for something so simple and obvious that is everybody's first thought when they read NIP-01 but in 5 years nobody tried once?
But,, #whatabouttransactionfees!?
Ding ding ding. Layers of shit have been built atop a 2017 "bull run" which people continue to cope about to this day.
The wealthiest people on this network think it's very important we can send $0.0001 to each other
Omg… Doesn't this go against every privacy best practice we have been trying to teach users for years? Address reuse is bad. Reusing an address that is at the same time your identity is even worse. It might still be useful if you want to be open about how much money your public key holds and you’re fine with exposing any movement of that money, but the trade‑offs are too much, imho. Another downside is that it makes targeted attacks on users more attractive, maybe your public key holds enough BTC for someone to justify an attack on you... No bueno
Bitcoin is a public network. Zaps are public. This is a pro not a con. Use Monero if you want privacy. Bitcoin is open, public, simple, permissionless, and not private.
Yep. “It just works” is great UX, but key reuse is where the bill arrives: a social identity, payment address, and future transaction graph should not collapse into one durable handle by default.
That's not the problem. If someone suddenly sends 10 BTC to your public key, you become a target. There was a reason this hasn't been promoted before. It's not new neither every public key has been a btc address since ever. If you think creating a beautiful UI/UX around this is fine, that's your choice, but I believe it's dangerous.
That sounds fun. We need some drama.
Cool 🤘, any links on where I can find any documentation leads
Mainly because the fees will bite the users if this gets traction. If this succeeds, it will fail 🙂
Does it support the zap protocol natively? e.g. when you send the onchain transaction, does it also blast nostr event? Will this fail for the users that currently already have lightning address set from a provider that doesn't have solution for onchain? What about using Silent Payments to make the onchain footprint private?
GitLab
WALLET.md · main · Soapbox / Ditto · GitLab
Nostr client with other stuff
If you understand Taproot, that's basically it. From Taproot's standpoint, your Nostr pubkey is the "internal pubkey", then everything else is just taproot. You can get a bc1 address from any Nostr pubkey to send, and if you've received you can spend. Also, I introduced a kind 8333 event for "on-chain zap", which is basically just an event with the target event ID and the Bitcoin transaction ID. That's it. Otherwise it's just a Bitcoin wallet.
Reckless. Wrench attacks are on the rise. It is not fun. Drama is unnecessary, there is already enough drama.
There is not nearly enough drama. 😂 Nostr is effectively dead. This is what it comes down to.
Reading. Trying to figure it out. Maybe I can even do this, reckon'
Embrace the paradox 🐣
Just curious, serious question because this is cool: is there a floor-limit for the size of the zaps or is it just for funsies and the zaps just go to miners? Either way it’s fun.
1) I don't like this for different reasons. 2) however, no one is going to send 10 bitcoin to a hot public wallet. And if someone does send me, hell, even 1 bitcoin, immediately I'll transfer it to a cold wallet. The point of this wallet is a spending wallet for tips/rewards/v4v. Think of it like your checking account. It's not your savings account. 3) because of this intent, I don't think it's a big deal as you laid out. 4) most clients already show zaps as public information and zaps can be faked. We have one user that's been zapped 22M bitcoin over Lightning.
Diabolical. Creating drama so Nostr is more lively.
Silent payments would make this better, though, I still dislike this for the fees and microtransactions arguments, but the counter argument there is don't be cheap.
And they could carry our notes, cryptographically signed of course.
Very cool!
I don't know.
Couldn't some third party just watch this wallet and then take notes on where you transfer the coins to?
It’s okay if you don’t like my criticism, no problem with that. But the thing is, your identity can accumulate BTC over time. Nostr identities are supposed to be long term, right? LN Zaps are different, they don’t have the same heuristics, and as you said they can be faked, on chain they cannot. I mean, you can fake the Nostr event you’re creating, but it is truly verifiable by anyone at any time.
You could also move the funds to a cold wallet, but that doesn’t change the fact that you are in possession of that BTC. We already know that on chain transactions are very traceable, and if you really want to break those heuristics you need to learn and apply certain techniques, which the majority of users aren’t going to bother with. Aside from all that, it’s just very bad practice...
Also, for your use case tips, rewards, v4v, the amounts are usually small, which makes on‑chain transfers unattractive because of the fees, and dust limits.
Just to be clear, I didn’t mean to start a discussion. I just wanted to express my concerns and hope other users can understand the implications that seems you guys are underestimating.
Yes
Any way to verify transaction? its possible to verify that receiving address but couldn't anyone claim this zap?
Probably still better verifiability than current LN zaps because you can at least see the transaction
Also why did you zap me.... now I have to go build a wallet to receive this
Oh I have fee concerns too. I don't really like on-chain zaps. I've told Alex this dozens of times. I just think that for a small spending wallet, accumulation or size is not an issue.
Maybe you think nostr is dead because everyone that hears you say nostr is dead unfollows you
Yes. But again tracking a few dollars back and forth across the network isn't worth much when there are people sending millions of dollars to track.
Don't worry, nobody is going to use it.
That exists?? 🫣
When NIP? I'm curious how the transaction and address is structured
I agree, I think it's neat to have as an option though.
You think normies have a cold wallet to move sats to?
yes but you should only use an address once or the same one with a person
For two dollars worth of zaps? No. If they get a thousand dollars? Yes.
How many coins do you think normies are gonna burn this way?
Hmm. Not so nice.
Eight
So if someone on Ditto sends bitcoin to another Nostr user using a different client that doesn't support this type of wallet and doesn't notify them of Kind 8333 events, you're effectively sending bitcoin to a black hole that is likely to not be redeemed, correct? That seems problematic.
Between this project and Nostria, y’all are finally able to show us what Nostr is truly capable of, well done.
absolutely, but again as a zap spending wallet, it's no different than what we have now publicly posting our transactions with lightning.
Not to mention issues with address reuse.
if someone keeps a whole coin in a zap wallet then they're very different than me. i have 3K sats in my npub.cash wallet at this time.
I mean there are some people that are completely oblivious to what bitcoin is and what it’s worth…
It would just be a small thing to support the event notification, no need for every client to support a full wallet, same was true for nutzaps. This at least also solves the no wallet set for new Nostr users so still a UX win 🏆.
absolutely. and we should just treat it as monetary rails for them. if they want to learn more, they can. we need normie mode for the normies.
Well they control the key. And it's public. People can tell them if they don't know.
this is what we already do with DMs lol
You mean like Nostr itself?
Maybe. But at the moment Ditto is the only client that does this, so I would caution against using this unless you are 100% sure the user you're sending to is a Ditto user (or at the very least you tell the user you sent them bitcoin this way and tell them how to retrieve it via DM).
It is. Will welcome every sat.
For wealthiest it's nothing but for some it's something. Few hundred sats lets you express support, few hundred thousands lets you buy food. It's crucial we have friction free payments and borderless communication.
Zapped this note with ecash!
That's great. I think the bigger concern is making sure the recipient is aware they've received something. So unless you know the person you're sending to is a Ditto user, people need to be aware that they should probably send a DM to the user so they know they received something.
zaps should never have been public, y u think rest of bitcoiners think nostr is chumps?
Yes, we were discussing this recently, remember? That, instead of saying, "Well, zaps are public, so who cares," we should be working to make zaps more private.
Nice 👍 I built a leaderboard that shows who has the most sats on their name.
Also acts as a signal if your keys are compromised
Onchain zaps tied to your npub
Garnet was a branch of Amethyst and added Monero zaps in addition to Bitcoin zaps. It was glorious for the few months that it lasted.
i memba 😂
> $0.0001
fiat pricing lol
Maybe. I don't know. I don't know enough about Lightning, but the guys I trust most don't seem to think it's a good idea. I'll defer to their judgement.
How can I opt out, so that nobody sends zaps there?
You cannot 🫂
Right. Wonderful. More stranded Bitcoin dust, for my collection.
Cool it worked! Sent myself $25 from CashApp, then sent you $5.
Onchain zap back at you!
View quoted note →I don't think it's a good idea either and I don't see myself using it, but I'm presenting a counterargument to see what others think because I'm always open to have my mind changed.
Not sure this is needed and privacy seems non existent. Like almost a way to dox yourself financially depending how you handle your funds.
nostr may come alive if there's drama elsewhere in social media land, as eventually there always is somewhere or other. Musk blowing up Twitter was the last such drama, but nostr wasn't ready for it then, but Mastodon was and BlueSky almost was. You will be ready for the next such explosion though.
For silent payments will you tweak the receiver pubkey and send the tweak in an encrypted message to them? I was thinking about it.
it's been a while since i thought about it, but basically the client would derive a key based on a random tweak for the sender to send money to. Regarding notifying the receiver (so he doesn't face the same headache of the standard Bitcoin SP), either an automatic operation happens where the client would listen for an incoming transaction and once it gets confirmed then a ephemeral key would giftwrap send (new kind) with the nip44 encryption to the receiver the mentioning the address they received money on with the used random tweak (and for what i mean, the chain used). For a manual operation the user would need to click something like 'yes i've sent the transaction' (because there'd be no chain listening) and then it does the same steps.
So in terms of privacy, the public knows (ish) that you're receiving money, but not from who or what or what amount.
Only downside is if that automatic operation or manual never happens (technical or UX failure), then it would be assumed as if the sender sent it to the void, however, i did think of a optional fallback recovery hint, adding some info in op_return (squizing it to 40 bytes) where it would then start behaving like Bitcoin SP but only for recovery purposes. There can probably be better ways to recover from notification failure that can be thought of.
They also say, I don't care. I'm using lightning and I'm not keeping track of any of my transactions.
Sounds about right. It would work and it would be private but you could lose funds if you're unable to find the event.
Yup, though that's why there should also be a check if "what's the recepient's relays?" and only present the qr/address after that has been determined (perhaps with 2-3 fetches from different sources to make sure), otherwise the address wouldn't be derived, or it would but perhaps with clear warnings.
Relay discovery is always an issue with nostr, so I'd go with the former.
Aside from that current flow that everyone would know, for DNN ID holders (the thing I made), user relay discovery is solved (do a call, you get the receiver's relays, done).
Though there's always a fail scenario, both normally and even through DNN, is if the user's relays, even if found, are dead, that's one edge-case, in which case there'd also needs to be a check 'are these relays alive?' along with the first question before anything is generated/presented.
With all of that said though, we'd also add more measures on the sender's side as well for recovery/reminding flows and more, but generally speaking, aside from doing the best we can to reduce failure rates, we'd also just be upfront about things and make the user aware of the risks involved in general and what steps they can take for 'just in case' scenarios.
You are right that Lightning is fundamentally broken and a horrible system to build on top of.
nobody is sending a bitcoin-oblivious person a whole ass coin over nostr, don't worry.
Would be hilarious if zaps became the reason the mempools were full again.
Sarcasm? Lol. I have no idea. Lightning is cool but frusturating as hell to learn and use.
🤫 keep the mempool fees low
😒🫣
We can't though. 1 sat is $0.0008 or so, eight TIMES that much.
We be high rollin' here.
Sats add up over time when they get burnt
I think Lightning is kind of trash and I absolutely think Bitcoin should be a medium of exchange, onchain. But the reality is that without privacy, someone is going to zap someone for a funny meme or a good post and they’re going to be on a list of people financial authorities don’t like because they interacted financially with another person financial authorities don’t like. Then they’re going to find out their exchange accounts are closed and they can’t buy crypto anymore. They might even find that their bank kills their bank account because the resulting SAR makes their retail bank nervous. This has already happened with on-chain Bitcoin transactions.
I onchain zapped you. Let's fuck around and find out.
👀👀👀👀👀👀
👀 Onchain zaps. Beware non monetary spammers, Ditto's coming for your lunch! 😂
View quoted note →How do I disable this feature? I don't want to be zapped. I want people who try to zap me to have to rethink their choices. Is this possible on Ditto?
Oh please don’t send me 10 BTC 😏
Yeah, that's why nobody has encouraged this, before. People will be zapping into the void. Wallet addresses should be intentional.
Obviously, 10 BTC was a hypothetical “high” amount, just to make my point. In reality, a much lower amount would be sufficient for someone to justify an attack on you, or have an authority behind them, and screw you up for tax or regulatory reasons. There is a reason why address reuse is discouraged, yet it seems we have now forgotten that and ended up with the worst version of it. Address reuse tied to your (in some cases) long‑term identity, like KYC exchange, but this time making it visible to everyone.
Yes, you can do anything with it, pass it along, spend it, etc. But that doesn’t invalidate the point. A side note: the proposed use case, using it for low amounts, tipping, and so on, is a bad design, because it will be very annoying and costly to move a large number of tiny UTXOs.
Monero
this is what you all need
@Alex Gleason
also:
View quoted note →
robos
Scanless Silent Payments
tl:dr: We built a complete silent payment notification system into Sparrow Wallet using Nostr encrypted DMs. When you send a silent payment to a Nostr identity, the recipient is automatically notified via NIP-17 with everything they need to claim the UTXO — no blockchain scanning required.
This is a proof of concept and almost certainly has security issues.
Exactly! That's the way 💯
We had some organic drama the other day
I have my silent payment address in my kind 0, can some try this zap feature?
Jumble
A user-friendly Nostr client for exploring relay feeds
Ecash still the goat for this 🤘
Fine. Nostr needs drama,
@jack.
For me, this is quick funzies/neat and other project and business usecases, is why i implemented this on my stuff, and I agree it's important to mention to the users the public-ness of this and its potential implications, however, this is also a 'step 1' of a two-stop goal, for me at least, where the other step is 'nostr silent payments (nsp)', so there'd be an option to send to a random address controlled by the receiver.
Why not just silent payments? Indeed you can already set a sp address in your profile in jumble
To have no setup at all
new user generates an npub > done
As many people say there might be an address reuse problem, added to the transaction fees and speed inherent in btc L1.
Plus, having a btc address tied to your nsec serves as an additional incentive for someone to try to steal your nostr keys.
This is an easy and effective implementation, but I really like the concept of having my social keys separated from my money keys. I can swap any of them separately.
Address reuse is the point
Hack me daddy
I feel like you’re playing 5D chess
That's how you end subscriptions and free the internet from corporate control
no freedom without privacy.
You people are brain damaged. Zaps are already public. Brain damage. Brain damaged.
I'm not saying it's not a cool feature of your client.
just that its obviously not true that publishing transactions publicly is "a pro, not a con."
🤡
GitLab
WALLET.md · main · Soapbox / Ditto · GitLab
Nostr client with other stuff
If you understand Taproot, that's basically it. From Taproot's standpoint, your Nostr pubkey is the "internal pubkey", then everything else is just taproot. You can get a bc1 address from any Nostr pubkey to send, and if you've received you can spend. Also, I introduced a kind 8333 event for "on-chain zap", which is basically just an event with the target event ID and the Bitcoin transaction ID. That's it. Otherwise it's just a Bitcoin wallet.
GitLab
WALLET.md · main · Soapbox / Ditto · GitLab
Nostr client with other stuff
If you understand Taproot, that's basically it. From Taproot's standpoint, your Nostr pubkey is the "internal pubkey", then everything else is just taproot. You can get a bc1 address from any Nostr pubkey to send, and if you've received you can spend. Also, I introduced a kind 8333 event for "on-chain zap", which is basically just an event with the target event ID and the Bitcoin transaction ID. That's it. Otherwise it's just a Bitcoin wallet.
GitLab
WALLET.md · main · Soapbox / Ditto · GitLab
Nostr client with other stuff
If you understand Taproot, that's basically it. From Taproot's standpoint, your Nostr pubkey is the "internal pubkey", then everything else is just taproot. You can get a bc1 address from any Nostr pubkey to send, and if you've received you can spend. Also, I introduced a kind 8333 event for "on-chain zap", which is basically just an event with the target event ID and the Bitcoin transaction ID. That's it. Otherwise it's just a Bitcoin wallet.
No sats?
#2
1. Divine is getting popular day by day 😍
View quoted note →
View quoted note →
2. Paul met an Iranian freedom fighter 👇🏻
View quoted note →
3. Ivy is on Divine now 😍
View quoted note →
4. Let’s enjoy some music 🎧
View quoted note →
View quoted note →
5. A lady nostrich makes an effort to promote her book 📗
View quoted note →
6. A physician onboards to Nostr 👨🏻⚕️
View quoted note →
7. A great opportunity for the vendors who accept Bitcoin 🤩
View quoted note →
8. As always, an incentive from Derek 💪🏻
View quoted note →
9. A YouTube kids alternative? 😱
View quoted note →
10. A very self-satisfied wine businessman 🍷
View quoted note →
11. This is a really good news from Ditto 🥳
View quoted note →
#community_nostr_recap
Woah. This is cool!
I still like it for various reasons … but in essence it can just exist for onboarding and teach users what to do with funds. Also I’m slowly becoming a little aware that you’ll have to rotate key anyway at some point. But I echo your privacy and security concerns 🤘
I think most users would have fought for public zaps anyway, even if they weren't an option. Zaps aren't money, they're a social signal.
Hey, the realities that
@weev just pointed out just now, are real. I get the satire, but don't mess around, even though you might find it funny. Take a breath, and come back and think about this straight. Be well.
