reply on: Official Coinos Guide \ stacker news ~meta

pull down to refresh

30 sats \ 2 replies \ @ek OP 2h \ parent \ on: Official Coinos Guide meta

~~If they would use NWC to receive:~~

~~They only store credentials to receive on your device, so you can only receive when your device is online (additionally to the requirement that whichever lightning node you use needs to be online).~~
They store credentials to receive on their server so your device does not have to be online to receive, but now they need to make sure these credentials do NOT allow spending else they or anyone with access to them can spend from your wallet.

~~Since most nostr clients do not run a server, they can only use option 1 and that is a very bad user experience.~~

edit: Wait, I said something wrong. They could add NWC for receiving to nostr profiles, and clients could then fetch it and use it to request invoices from your node, but the permissions need to be checked before adding it to your profile for everyone to see.

Sorry, I just woke up lol

0 sats \ 1 reply \ @SimpleStacker 2h

Is this why you guys require separate receive / spend NWC strings?

0 sats \ 0 replies \ @ek OP 2h

Yes, credentials to receive must be shared so people can send you money.

Credentials to spend must be kept private so people cannot steal your money.

NWC does make this distinction very hard, because all NWC strings look the same, so the user is understandably very confused. And some apps (like Coinos) do not even allow to remove permissions from them.