Thread

Zapped you with it just now 😀 I like Phoenix wallet as well but it’s a little more complex to manage.

Looking forward to it! Is the self custody wallet already active?

I've been using wallet of Satoshi from the start and it's such a simple wallet so I like it, looking forward to the video.

Looking forward for it 🤩

Thank you Looking forward!

The only thing missing is the ability to use your own node. I wonder why they won't allow it. Any idea?

I would like to see a review of nostr:npub1cm3rpgj7457yjuqnvdalxaauakqu0ndkpkyp5cldkyutpz4xszpsmk96wt, they use Spark too. Thanks.

Thanks!

It's not private at all though nostr:nprofile1qqspue77xa2pwyr3608ek39ku4rtm98apgk2876dhwcmq4rgtjg3deqppemhxue69uhkummn9ekx7mp0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgkwaehxw309aex2mrp0yhx6mmnw3ezuur4vghswjyejp showed that exposing your WoS LN address leak your balance and utxos. He even created a website that allows you to show the balance associated with any WOS LN address in 2 seconds Spark seams terrible fornorivacy

Nice! Looking forward to watching it!

This is a temporary hosted PoC: https://n8n.primedomain.fr/form/cbb4afa9-1e2e-4705-adb1-e09f37d7811c Have fun or fright! 😉 cc nostr:nprofile1qyvhwue69uhkyat8d4skutndva6hjtnwv46r5dpcxsuqz9nhwden5te0vfjhgcfwdehhxarjd9kzucmpd5qzqxvfqd89dw8kqmrjfaz6zt8gfggcg93p4tm3s2slv4jrszuugfmt74rjkj

In a nutshell, from the victim LN address, we can easily find its Spark on-chain address throught LNURL "well-known" URL, for example: https://walletofsatoshi.com/.well-known/lnurlp/warmestfuture710 From here, we can browse all the address details on a blockchain explorer like: https://www.sparkscan.io/address/spark1pgss9gqjlk5emnuwg9dvxdh76r70ny2nmumhnzlth6q4zr0hych72gerqux6vp?network=mainnet Conclusion: Everything is public... 🤬 cc nostr:nprofile1qyvhwue69uhkyat8d4skutndva6hjtnwv46r5dpcxsuqz9nhwden5te0vfjhgcfwdehhxarjd9kzucmpd5qzqxvfqd89dw8kqmrjfaz6zt8gfggcg93p4tm3s2slv4jrszuugfmt74rjkj nostr:nprofile1qythwumn8ghj7ct5d3shxtnwdaehgu3wd3skuep0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcqyqxzfcer2g508mjnd8223frw4yhj3udg8ymducdvddqq84qrgn2zyd6ur5w

Wild! Thanks for sharing this.

😍

Privacy nightmare. All of your transactions, IP address, user-agent everything, totally tracked by LightSpark, a "compliance" company for Lightning. I can't believe BTC influencers are marketing this. More details: https://github.com/buildonspark/spark/issues/64

‪You are invaluable to the Bitcoin community. Tyfys. ‬

LFG! 💪🏽

Not only public -- but Lightspark has the IP address and user-agent of this user, which they can granularly associate with each transaction. Crazy.

😎 Cool. Just applied to Post Video Editing position. Let’s talk.

Check my stuff on Insta @anabolicdocclips

Is it safe to say that all Spark-enabled wallets have this issue? What are the others?

nostr:nprofile1qqsfzszrtw60ut24h28k0qy3cdyxhvpp2zx4lwyqzdfm7xwjsaxsj2qpr9mhxue69uhhyetvv9ujuumpw3kxzmn5d9eju6t09unk2033 is this the spark protocol you consider using for lightning on cake? iirc nostr:nprofile1qqs936kc97s4k4gqjnmltljgqns0uadh08d77t5mypg3anxkneks37gpzamhxue69uhhsmtj9e6hxetwdaehgu3wdaexwtcpzemhxue69uhkummnw3ezu7rdwgh8ymmrddej7qguwaehxw309ahx7um5wgh8qmmjw3jk6mmwv4ex7tnrdakj7sews96 mentioned something about it on the latest citadel dispatch

I listened to nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g and nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx on the latest Citadel Dispatch, and I thought overall the discussion of Spark was fairly good, but I wish they had mentioned the really terrifying surveillance of network activity that Lightspark can do. nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx briefly mentioned that Spark "strips out the privacy" but I think it's important that users really know that, right now, ALL of their transactions go through Lightspark-controlled endpoints, and it will be trivial for Lightspark to associate their IP addresses and user-agents with their transactions. The fact that nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 is pushing this, along with so many other influencers like nostr:npub1rxysxnjkhrmqd3ey73dp9n5y5yvyzcs64acc9g0k2epcpwwyya4spvhnp8 , really raises questions in my mind about what is going on here. Wasn't the goal here somehow "freedom tech"? And isn't the antithesis of Freedom Tech just allowing some big, well-funded company, with highly publicized ties to a country with a track record of human rights abuses, to literally capture ALL the network traffic associated with users of a wide range of apps? What happens if political dissidents, for example, are using Wallet Of Satoshi, and "that" government asks LightSpark for a list of all the transactions associated with a range of IP addresses? How many Wallet of Satoshi users or nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 users actually are going to realize what is going on???

Thanks for your response and speaking about it. Agree that it's a privacy nightmare if lightspark can link the transaction with the users IP. But I have to say I'm not capable to verify it for myself on the technical side. I think there are many users like me who don't have the deep technical knowledge to see what's possible if they use a wallet with spark in the background.

The biggest issue is in bitcoin our terms are to obtuse. Wallets is the first that comes to mind. When WoS went 'self custody' many people spoke up about it not being 'real' self custody. Nothing beats running your own node, managing your own channels and liquidity, it may be a pain in the ass. rarely is anything that's worth it, if it doesn't take some time.

I remember spark has some shady article in their therms of service, somebody mentioned it weeks ago already. But didn't pay much attention since I'm not directly affected. Years ago I had a lightning node, but as you said, it's such a pain in the ass and I lost a lot of sats through force closed channels and bad backups (clearly my fault). Maybe these days it's more convenient to do it.

Terms of service -- doesn't really matter much here. What we are talking about is NETWORK ACTIVITY -- the only way to use this version of Spark is for your device to communicate with LightSpark's servers. There's no other way. When you communicate with their servers, they get your IP address and user-agent. Sure, you could use a VPN. But, like, how many nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 users or Wallet Of Satoshi users know that they need to ALWAYS use a VPN when using these apps, otherwise they are completely exposed??

Lots of more automatiom tools to handle liquidity etc. Even marketplaces to sell your liquidity. Force closes suck, that's why I try, to the best of my ability, be in contact with my channel partners. Easier said then done of course!

fair point, the tech haze blinds us all sometimes, even in this wild bitcoin frontier. i stick to simple sats for my pixel survival, no ip shadows lurking. if spark's clean, it'll shine; till then, whispers of tor and mixers keep the paranoia at bay.

Even worse when it's about the network activity and not "only" the terms of service which is bad enough and already a no go. Does this also affect both breez wallets, the original breez and their new misty breez, do you know that?

You should inquire with nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 and probably specifically ask who is intercepting your network requests.

How does it compare to Aqua?

If a user is currently on custodial wallet of Satoshi, privacy sucks as is. The move to the self custody mode in the same app doesn't improve it, but will give more control of the funds. I'm not making an argument for people to ditch better options in favor of this. I'm simply showing how it works and the flow to switch if you're already using the app. I've got plenty of videos on how to be self sovereign with your own setup, or make trade-offs with private options like Cashu.

i like irl local circle econ that i can verify & hold accountable*/*ya JUST meE, fam&friends-biz associates/integrityIZintegral lFgO*****

mATH*****

Looking forward to this

We used Wallet of Satoshi to orange pill 🟠 💊 a restaurant here in Thailand 🇹🇭 What has your experience been with the Lightning Network?⚡️ https://primal.net/e/nevent1qqsfxkgwednmt02g695qc4mv2juml74e7tz2ntxu7czq6em324nemeqj0zrvc

Looking forward to watching!... and glad to see no flames in the thumbnail

Thanks for your response. I have some issues: "If a user is currently on custodial wallet of Satoshi, privacy sucks as is." I'm not sure about this. Currently, yes, WOS can see their client's transactions, but they don't publicly publish the transactions, which they will now start doing (who thinks this is OK !!?!?), now that they are switching to LigthSpark's API. Furthermore -- given that LightSpark is literally a company focused on "compliance" for lightning, and is publicly associated with a country with a terrible human rights record -- is there any reasonable person who would rather share their network data (IP address, etc) with LightSpark instead of WOS? "The move to the self custody mode in the same app doesn't improve it, but will give more control of the funds. " I think you are being taken in by marketing that LightSpark and nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 are doing. Their marketing is misleading. Spark, as currently provided by LightSpark, is an API. It's controlled by one company. Nobody else offers the API and nobody else can offer the API until the point that LightSpark might decide to let other entities offer the API -- see the GitHub issue here: https://github.com/buildonspark/spark/issues/64 In order to touch your funds, you have to use LightSpark's API -- there is no other way. When LightSpark say that it is "self custody", what they mean is "we are prepared to make an argument to our regulator that the user actually has custody, not us"... it has almost NOTHING in common with real self-custody, like you would have with Alby Hub, or a hardware wallet, or running your own node. It's just not self-custody. If LightSpark's API goes down, everyone's funds are gone.... actually, this happened with nostr:npub1cm3rpgj7457yjuqnvdalxaauakqu0ndkpkyp5cldkyutpz4xszpsmk96wt just a couple weeks ago -- LightSpark's API went offline, and nostr:npub1cm3rpgj7457yjuqnvdalxaauakqu0ndkpkyp5cldkyutpz4xszpsmk96wt completely shut down until LightSpark brought it back up again. Check X posts about this. I think responsible influencers should explain to their audience that the term self-custody as used by LigthtSpark and nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 -- is a MARKETING term. It has almost no relation to real "self-custody."

nostr:npub1renaud65zug8r570ndztde2xhk206z3v50a5mwa3kp2xshy3zmjqkqaw97 I emailed nostr:npub1hcwcj72tlyk7thtyc8nq763vwrq5p2avnyeyrrlwxrzuvdl7j3usj4h9rq yesterday about this and here’s the response I got back: “We were testing a beta feature with the Spark address/LNURL, but it is no longer required. We've removed the Spark address from that location now.” Sounds like this privacy leak is getting patched in the next update. Let me know if you find anything else and I’ll forward it on.

Removing the Spark address from the "well-known" LNURL address doesn't solve anything. Monitoring sparkscan.io for a given amount (for example sending 1 sat to a LN address) is enough to uncover the Spark address from the LN address... It's security by obscurity, nothing more! 🤡

Anyway, thanks for reporting them the issue, but it cannot be solved while they stay on a plaintext blockchain...

Damn it man, don’t make me into a Monero maxi.

Solution is easy: stay on Lightning, not on a side-chain...

Interested by their answer if you forward them my remark about their "fix"... 😉

It’s not technically a sidechain, it’s kind of a different concept than something like Liquid but it still serves the same functional purpose of a public ledger that can handle micropayments. Lightning is the connection layer but most people will never run it due to the complexity, so they will end up sacrificing privacy for convenience and ease of use.

I don’t know how that can be solved if each wallet has a static public key that can’t be abstracted away by design.

ty to make it clear when there are many of others too excited about this spreading lies and selling it as a L2 or a solution for ln. this is a Trojan horse and is a shame those bitcoin influencers sponsor this

nostr:nprofile1qqspnzgrfett3asxcuj0gksje6z2zxzpvgd27uvz58m9vsuqh8zzw6cpr9mhxue69uhhqun9d45h2mfwwpexjmtpdshxuet59uq3vamnwvaz7tmzv46xztnwdaehgunfdshxxctdezrnuc Is the WoS video out now? Can’t find it, can you share a link 🙏