It is really cool. This goes into it and mentions Flow 2.0 https://blog.mutinywallet.com/mutiny-wallet-open-beta/#just-in-time-channels.
Flow 2.0 appears to be the service Mutiny is using in order to provide liquidity to the wallet users. It is called an LSP and it is created by opening up zero-conf channels. This link goes into it: https://voltage.cloud/blog/voltage-announcements/introducing-flow-v2/?ref=blog.mutinywallet.com
So the wallet is a node and can hold on-chain Bitcoin. To move into and through the Lightning network you need liquidity from the Lightning network to open a channel. This is a problem.
So Mutiny solves this by creating a wrapped Bolt 11 invoice to create a just in time channel for your node (the wallet). Usage of the LSP does not violate privacy or introduce compromise in security. The Bolt 11 invoices are wrapped and include your preimage hash which an LSP node is not aware of.
Once funds are in your wallet on the Lightning network you can go to your settings and you will see how many channels you have open. It shows you a very easy to understand split graph of your inbound and outbound liquidity from all your channels.
This is a big step because now you can self host all the backend stuff for privacy while not having to worry about the nightmare of managing a live node and balancing channels just so you can have liquidity and privacy.
Here is the cool part. Mutiny lets you configure and set up your own LSP anyways. So you still have as much control as you could possibly want. They literally just took multiple user experiences and compressed it down to one pipeline. Incredible work.
Thanks for the very helpful response! I appreciate it. My questions were an attempt to understand it. As, I just set up a wallet and sent on chain to lighting very quickly through the interface. It was smooth. I am used to managing my own node with lighting loop and I was wondering a bit more how they were doing it.
reply
Yeah I was suspicious of the LSP stuff but it appears they do some wrapping with Bolt 11 invoices that make it secure. Really crazy stuff. I wonder how close we are to Lightning based cold storage since all you really need to back up with Mutiny is the seed phrase. Wallet don't need to be always online which should make cold storage options for lightning more feasible.
reply
Appreciate the thoughtful answer!
We have an article going out next week that explains how voltage helps give some privacy to mutiny users when it comes to the invoice.
reply
Nice! The most common feedback I have seen so far is people claiming that Mutiny is not "really self custody" since the liquidity is not managed by the user. I don't think people understand liquidity and personal funds should be separate anyway and Lightning is confusing in this way since they can often be the same source.
Mainly I don't think people understand how the Bolt 11 wrapping works and why it is secure. I will admit that through the research I did to answer the question I found this info but it was a little spread out across a couple different pages. It was a little difficult for me to understand too. Still don't fully but just enough.
I think that article will help out a lot in giving people a better understanding. This is 100% self custody and even if people disagree that you shouldn't need to custody the liquidity in the first place Mutiny still allows you to set up your own LSP and manage it by whatever way you desire which may need to be emphasized for the extra paranoid.
reply
Mutiny is awesome and probably the best thing in bitcoin for the past three years, BUT it is not quite 100% self custody. It's more like 96% self custody. When you receive a payment, they open a just-in-time channel to you and push an amount to you that is equivalent to whatever the sender originally sent, minus a fee. In return, your browser immediately gives the preimage to the payment hash of your original invoice, allowing Mutiny to settle the payment from the sender.
By giving them the preimage, however, you're giving them custody of that money, at least until the just-in-time channel confirms. The reason is because the money in the channel contains your payment, and Mutiny can easily take that money back, while still keeping the money the sender meant to go to you. All they need to do is double-spend the utxo that went into the channel and return it to themselves. Which is very easy because unconfirmed payments are cancelable.
As a result, whenever you receive a payment that causes Mutiny to open a channel to you, they have custody of that money. Typically this is only for a brief period of time, i.e. until the channel confirms, but that means (1) it's not 100% self custody and (2) it's not necessarily "for a brief period of time." How long they have custody of your money for is completely up to them. You do not have control over that and there's nothing you can do to stop them from keeping your money indefinitely -- forever, even.
So yeah -- mutiny is awesome, and it's even 96% self custody. But it's not 100% -- not yet -- and I think that's important to point out. Appreciation for these guys and what they are doing is great but their product is only nearly perfect. (I estimate about 96% perfect. Which is awesome! Like, jump-off-the-walls awesome! It's so cool and mesmerizing I am flabbergasted by the implications! But it's not quite perfect. Not yet.)
reply
The LSP can be turned off in settings, but yeah having a non-JIT channel option could be introduced in the future.
And it's the LSP that this could happen with, not us. The Mutiny team is never in control of funds and never handles payments. When we add multi-lsp support, that'll still be true and you can distribute who you decide to trust for this, if at all.
But yeah appreciate the support and explanation!
reply