reply on: Official Coinos Guide \ stacker news ~meta

pull down to refresh

121 sats \ 16 replies \ @k00b 4h \ parent \ on: Official Coinos Guide meta

No. Other companies might not care but SN does not store the ability to spend your money on our servers.

Just to be clear, because everyone seems to glaze over when we say it, and other companies say we are using NWC wrong: SN does not, and will not, store the ability to spend your money on our servers.

Coinos generates only one NWC string that grants both spending and receiving permissions in the same string. We cannot remove spending permissions from it, so we do not permit coinos' nwc string to be used for receiving. (It being an option was a mistake on our part. It will be removed in a future release.)

0 sats \ 15 replies \ @SimpleStacker 4h

Can you clarify what this means?

If I input a NWC string on SN for a sending wallet, in what ways am I or am I not giving SN the ability to spend my money?

130 sats \ 14 replies \ @k00b 4h

in what ways am I giving SN the ability to spend my money: when you have SN's website loaded, your wallet is decrypted, and your browser is connected to the internet, SN's clientside code has the ability to spend your money from your browser.

in what ways am I NOT giving SN the ability to spend my money: when SN's website is NOT loaded in your browser or your wallet is NOT decrypted or your browser is NOT connected to the internet, SN cannot spend your money.

in what ways WOULD I be giving SN the ability to spend my money IF SN did this differently: SN, or anyone who gained access to SN's database, would be able to spend your money at will, at anytime.

1888 sats \ 2 replies \ @k00b 3h

It may seem like we're punishing ourselves by being paranoid and doing something that may only sound marginally safer, but we think it's more than marginally safer and worth the pain -- assuming we can smooth out the UX.

Further, establishing the precedent and expertise around not storing any sensitive customer data on the servers will afford us great agility when doing things like end-to-end encrypted DMs (which we see as critical to providing marketplace and private chat/community features worthy of bitcoiners).

50 sats \ 1 reply \ @SimpleStacker 1h

0 sats \ 0 replies \ @ek OP 25m

Also, no nostr client is using NWC to receive, they all use lightning addresses afaik

Ask yourself why

10 sats \ 1 reply \ @DP0604 2h

Hey, I didn't know this. I recently started using Coinos, is one of the wallets I used as a beginner to start my journey with Bitcoin.

0 sats \ 0 replies \ @k00b 1h

It's a great place to start!

0 sats \ 8 replies \ @SatSquares 13m

Where exactly on the browser is the decrypted wallet stored? And does this mean our NWC is encrypted and living on your database?

21 sats \ 7 replies \ @ek OP 12m

In memory

0 sats \ 6 replies \ @SatSquares 11m

Got it. But then where's it come from / get hydrated? Does that mean it's living encrypted on your DB?

0 sats \ 5 replies \ @ek OP 11m

Yes, that’s how you have access to it on all devices and have to enter the same passphrase on all of them (we have plans to make this not necessary) and how we (or an attacker) don’t have access to it because we can’t decrypt it.

100 sats \ 0 replies \ @SatSquares 7m

Ahhh, the passphrase decrypts it. THANK YOU!

0 sats \ 3 replies \ @SatSquares 8m

And I guess last question because I have a severe misunderstanding:

in what ways am I NOT giving SN the ability to spend my money: when SN's website is NOT loaded in your browser or your wallet is NOT decrypted or your browser is NOT connected to the internet, SN cannot spend your money.

The encryption key must live somewhere so can't SN decrypt said NWC and spend money that way? Or do I severely misunderstand NWC

0 sats \ 2 replies \ @ek OP 6m

That key is generated on your device and never leaves it. It is stored in IndexedDB as non-extractable.

view all 2 replies