pull down to refresh
in what ways am I giving SN the ability to spend my money: when you have SN's website loaded, your wallet is decrypted, and your browser is connected to the internet, SN's clientside code has the ability to spend your money from your browser.
in what ways am I NOT giving SN the ability to spend my money: when SN's website is NOT loaded in your browser or your wallet is NOT decrypted or your browser is NOT connected to the internet, SN cannot spend your money.
in what ways WOULD I be giving SN the ability to spend my money IF SN did this differently: SN, or anyone who gained access to SN's database, would be able to spend your money at will, at anytime.
It may seem like we're punishing ourselves by being paranoid and doing something that may only sound marginally safer, but we think it's more than marginally safer and worth the pain -- assuming we can smooth out the UX.
Further, establishing the precedent and expertise around not storing any sensitive customer data on the servers will afford us great agility when doing things like end-to-end encrypted DMs (which we see as critical to providing marketplace and private chat/community features worthy of bitcoiners).
Also, no nostr client is using NWC to receive, they all use lightning addresses afaik
Ask yourself why
I... don't know why. The UX is more steps?
If they would use NWC to receive:
They only store credentials to receive on your device, so you can only receive when your device is online (additionally to the requirement that whichever lightning node you use needs to be online).They store credentials to receive on their server so your device does not have to be online to receive, but now they need to make sure these credentials do NOT allow spending else they or anyone with access to them can spend from your wallet.
Since most nostr clients do not run a server, they can only use option 1 and that is a very bad user experience.
edit: Wait, I said something wrong. They could add NWC for receiving to nostr profiles, and clients could then fetch it and use it to request invoices from your node, but the permissions need to be checked before adding it to your profile for everyone to see.
Sorry, I just woke up lol
Is this why you guys require separate receive / spend NWC strings?
Yes, credentials to receive must be shared so people can send you money.
Credentials to spend must be kept private so people cannot steal your money.
NWC does make this distinction very hard, because all NWC strings look the same, so the user is understandably very confused. And some apps (like Coinos) do not even allow to remove permissions from them.
Where exactly on the browser is the decrypted wallet stored? And does this mean our NWC is encrypted and living on your database?
In memory
Got it. But then where's it come from / get hydrated? Does that mean it's living encrypted on your DB?
Yes, that’s how you have access to it on all devices and have to enter the same passphrase on all of them (we have plans to make this not necessary) and how we (or an attacker) don’t have access to it because we can’t decrypt it.
Ahhh, the passphrase decrypts it. THANK YOU!
And I guess last question because I have a severe misunderstanding:
in what ways am I NOT giving SN the ability to spend my money: when SN's website is NOT loaded in your browser or your wallet is NOT decrypted or your browser is NOT connected to the internet, SN cannot spend your money.
The encryption key must live somewhere so can't SN decrypt said NWC and spend money that way? Or do I severely misunderstand NWC
That key is generated on your device and never leaves it. It is stored in IndexedDB as non-extractable.
Super cool. stuff. I learned a lot through this exchange. Thanks a lot!
Hey, I didn't know this. I recently started using Coinos, is one of the wallets I used as a beginner to start my journey with Bitcoin.
It's a great place to start!
Can you clarify what this means?
If I input a NWC string on SN for a sending wallet, in what ways am I or am I not giving SN the ability to spend my money?