Wallet of Satoshi is available in the US but balances & transactions are public \ stacker news ~lightning

pull down to refresh

Wallet of Satoshi is available in the US but balances & transactions are public

1845 sats \ 10k boost \ 19 comments \ @k00b 5h lightning

They released early today (they are based in Australia):

They are using Spark to provide customers with a lightning wallet. Spark is trustodial (h/t @justin_shocknet) but they've also made the weird choice of making all customer balances and transactions visible via a public explorer as pointed out by @theinstagibbs.

This might not be a big deal if it were hard to determine a receiver's Spark address, but any bolt11 paid to a Spark customer reveals the Spark address. @benthecarman has cooked up a utility to doxx the Spark address from any bolt11 invoice paying a Spark customer.

What this means: if you use WoS (or any other wallet using Spark), anyone you give a bolt11 to (which you do when you want to receive money) will be able to view all of your transactions and your account balance.

view all related items

242 sats \ 1 reply \ @anon 4h

1 sat \ 0 replies \ @DarthCoin 3h

Buahaha exactly this

50 sats \ 0 replies \ @Bell_curve 4h

This is awful, yikes

I tested out blitz wallet which uses spark and I was not impressed

I could never deposit or buy credits on SN using blitz

Edit: I should clarify. I tried to send money from blitz to SN via lightning. After 3 failed attempts I gave up

200 sats \ 0 replies \ @justin_shocknet 4h

they've also made the weird choice of making all customer balances and transactions visible via a public explorer

Since it's a fake L2, and not really Lightning, there's inherently a centralized server with telemetry. Can't make any privacy assumptions with this that you wouldn't make with an traditional custodian...

... but this seems even worse since the LARP effect of acting as a Bitcoin layer implies some publicly traversable records in a tree/shadow-chain.

I imagine they only made the explorer to front-run someone else making one.

100 sats \ 3 replies \ @02d769cb73 4h

are older versions of WOS affected by this in any way, or is it just this new release ?

(i have some stray sats on an older WOS, dunno if i should move them and ditch it )

21 sats \ 2 replies \ @optimism 4h

just take them out, pref to some other LN wallet. Isolate the utxo if you're forced to use boltz to swap to on-chain and then either mix it or if it's enough (500k+), use it to open a new lightning channel and go from there.

0 sats \ 1 reply \ @02d769cb73 4h

i should add, i didn't ever sign in or anything to it, it's way less than even 100k sats, and i've only ever used it over LN, never on chain

21 sats \ 0 replies \ @optimism 4h

If you have another LN wallet, just send it there. Worst case send it to SN and spend it on zaps.

0 sats \ 2 replies \ @Scoresby 4h

if you use WoS (or any other wallet using Spark)

Meaning that this is not necessarily a WoS design choice, so much as a Spark design choice?

So this would also apply to wallets using Spark via Breez? If so, I'm even more surprised that I hadn't heard about this before.

133 sats \ 0 replies \ @Scoresby 58m

source

21 sats \ 0 replies \ @DarthCoin 3h

0 sats \ 4 replies \ @SimpleStacker 4h

I don't understand the technology behind it. Is this a choice or is it an unavoidable feature of the protocol, much like how bitcoin block transactions are public?

100 sats \ 0 replies \ @justin_shocknet 4h

an unavoidable feature of the protocol,

It's not a protocol, it's a centralized exchange.

The server inherently needs telemetry to operate, this would be exposed by someone else had they not front-run it.

100 sats \ 1 reply \ @k00b OP 4h

It's either a choice or an oversight afaict. They are encoding the spark address into the invoice when they could, if they wanted, obscure it.

0 sats \ 0 replies \ @optimism 4h

Spooks be spookin.

0 sats \ 0 replies \ @Scoresby 3h

I was watching @moneyball's talk at bitcoin++ (05:25:04) and he talks about this a little (apparently it only recently became public knowledge).

When I inquired, it's not a technology limitation but actually an intentional policy decision by their NC...uh...I can't steelman the argument. They feel like it's disingenuous to users to not publish it because of the risk of a Spark Operator potentially publishing it

Also, I did a quick scan of @BTCsessions recent WoS tutorial and he doesn't mention this privacy trade-off.

Seems like Spark maybe might have wanted to make this design decision a little more clear to users.

21 sats \ 0 replies \ @DarthCoin 2h

Maybe now people will pay more attention to my warnings. I was always warn you about spark, to stay away.

0 sats \ 0 replies \ @SilentHash 1h

Before I was affiliated with THNDR games and now they have switched to another wallet that is not available in my country. 😭 I miss Wallet of Satoshi when it could be used in THNDR

0 sats \ 0 replies \ @Solomonsatoshi 2h

Might stick with Coinos.