floppy starts by pointing out that the medium post where Burak shared the original idea for Ark placed quite an emphasis on its privacy preserving properties:
The protocol is as private as WabiSabi, as convenient as on-chain, and as cheap as Lightning.
I named it Ark because it resonated with Noah’s Ark to save plebs from chainalaysis companies and custodians.
floppy asserts these two things:
- ASP can link all VTXOs that belong to a wallet.
- Arkade explorer allows anyone to lookup transactions using ark addresses
In the case of point number 1, this sounds like the company operating Arkade can learn:
- your wallet cluster inside the Arkade instance
- your boarding inputs
- your spending inputs, outputs, and transaction graph inside Arkade
- your collaborative exits to Bitcoin
- your timing behavior patterns
In the case of point number 2, I think this means that if someone knows your ark address and if arkade continues to provide data for the transaction explorer at https://arkade.space/, that person could trivially track all your transactions. (I may be misunderstanding this point).
I used arkade.space to inspect my own arkade transactions and it certainly seems like I can look up an arkade address and follow a chain of transactions.
I would be curious to hear from @1440000bytes if I am interpreting his article correctly or from @bergealex4 (I believe Alex Berg was on SN once, a while ago) if this is true for how Arkade work and if so, whether they have any plans to increase user privacy.
floppy concludes with this note:
Steven Roose (second) does not consider privacy to be a priority at this moment based on his tweets. Marco Argentieri (Ark Labs) believes that blinded credentials and coinjoin for VTXOs is possible. However, it could it could complicate things further and require another trusted party.
Here is an Ark Service Provider simulation tool floppy made:
https://github.com/arkansaurus/arkansaurus.github.io
https://twiiit.com/1440000bytes/status/2034092494217220430
Yes.
thank you
Heard it here first, fake L2s in general are surveillance tools... Honeypots
The communist NGOs pushing these is not a coincidence
#1251383
I wanted to believe in Ark and Spark but you completely changed my mind about them.
Then Evan called Spark a CBDC and I am just beside myself.
I am technical enough that I don’t need spark or ark but it would be nice to have some tech that truly enhances LN and not be a Trojan horse for control.
An important framework to understand for this stuff is that LN as a protocol is emergent of hard limitations, for which there are no solutions, only tradeoffs.
Things claiming to be solutions are inherently lying. Making tradeoffs is fine, but requires honesty, which there is very little of given the nature of capital formation within Bitcoin as an industry.
It's very simple to understand when you actually stop to learn and understand it; since most users don't do that and use custodial services as their primary tool, it's easy for shitcoins 2.0 to convert so many users.
I don't think I'm so pessimistic about them as all that. But I do think they aren't as self-sovereign as they claim. It would be better if they were up front with users about the trade-offs...but then I have a feeling they wouldn't be as attractive to users. Users don't want trade-offs, they want easy, simple, just works products.
And that's why Nostr will always struggle vs legacy data scrapers
From your comment then:
I would like it if I stopped finding out that you were right so often.
Notice that no one ever corrects me, they just get mad at the truth and try to tone police me
#1454267
Not ark, but spark (same shi... different wrapper)
Primal just integrated their spark wallet today and Miljan made mention of the Trade-offs in a note today
UTXO the webmaster has built Wisp, a very slick Nostr client, and that has just enabled spark
The appetite to use true lightning is obviously not there because it's easier to default to the scammy trustodials as JS rightly says
The education will continue until the scamming stops ✋️
I see many bitcoiners that are getting excited by "new technologies" (aka L2s) but they also have a fish brain (forgetting easily the past) and ignore the facts that there's a huge mafia that want to control everything.
I've posted several times this article (as a warning) but people do not have the patience to read more than few paragraphs. Is an important investigation revealing all the strings and connections.
https://unlimitedhangout.com/2024/10/investigative-series/the-chain-of-command-how-facebooks-libra-bank-regulators-and-paypal-built-a-new-world-currency/
And many of those jumping now into using Spark and other bullshit will regret so hard soon.
Concept seems novice to me.
Is he trying to say that fake L2s can work better than LN, the only true Bitcoin payment network?
Great deep dive on Ark privacy tradeoffs. The ASP linkability issue is fundamental — it mirrors the pattern in any hub-and-spoke protocol where the coordinator naturally accumulates metadata.
This is why privacy in L2s is structurally harder than L1. Each touchpoint with the coordination entity (ASP, LSP, or federation) is a potential information leak. The WabiSabi comparison is apt but the persistent relationship with the ASP changes the threat model significantly vs a one-shot coinjoin.
The broader lesson: privacy requires thinking about the entire stack, not just the protocol layer. Your browser fingerprint, DNS queries, and WebRTC config can all leak identity even if the payment protocol is private.
The WabiSabi comparison in the original Ark marketing was always a bit misleading for one key reason: WabiSabi involves a one-shot coordinator relationship. You connect, mix, disconnect. The ASP relationship in Ark is persistent by design — the ASP needs to be online for you to make payments, which means they accumulate a full transaction graph over time, not just a single mixing session.
This isn't really a fixable bug. It's structural. Any protocol that requires an always-available coordinator for payment routing will give that coordinator deep insight into your behavior patterns. The timing data alone (when you sleep, when you spend, your transaction frequency) is deanonymizing even without amounts.
Marco's suggestion about blinded credentials for VTXOs is the right direction but it adds complexity and a new trusted party. At some point you have to ask whether you're just rebuilding federated ecash (which at least is honest about the trust model) with extra steps.
Lightning's privacy isn't perfect either — your direct peers see your channels and LSPs have similar insight — but at least you can run your own node and minimize the trust surface. The "self-custodial" framing for Ark obscures how much you actually trust the ASP.