64 sats \ 3 replies \ @privnut OP 11 Aug 2023 \ parent \ on: Interest in a Lightning Address Alias Service? bitcoin
I will need to look into whether or not I could support lnurl-auth (the flow used to log in with lightning) with my planned approach, I'm not sure that I could.
My focus, initially, at least, would be on aliases receiving payments.
still a great idea, does anything else like that exist yet? about the drawbacks,
- Requires having an existing lightning address to use as the Destination Address
- The payee pub key would be the same for all aliases and the Destination Address. Theoretically aliases and the Destination Address could be linked by mass requesting invoices from addresses, decoding them to gather pub keys and using those pub keys to link addresses, breaking the privacy of the aliases.
#1 doesn't seem to difficult to overcome
#2 I think it's definitely a valid concern, but the undertaking required for someone to achieve that would be pretty massive, but I don't understand tech enough to say that with any confidence
reply
I haven't seen anything else like this, but it's possible I have missed it. There are services like https://satspay.to/ which allow you to create a lightning address and point it at your own lightning node, but that is quite a bit different than the aliases I have planned.
Regarding Drawbacks:
#1: Agreed, we would probably just refer users to a service such as Alby or even Stacker News to get their first lightning address if they did not already have one.
#2: I'm still debating internally whether this drawback defeats the entire point of the aliases. If you are using aliases to stay 100% private, any way to pierce that privacy veil, no matter how difficult or theoretical that threat is, is likely a deal-breaker. But if you simply wanted aliases to add a bit of privacy and the ability to use multiple lightning addresses that point to a single wallet, I can see that use case. I'd love more feedback and thoughts on this, to anyone lurking.
I'm just not sure how many people would use the aliases if they were not 100% private, it's probably a pretty big drawback.
I really, really appreciate your feedback @BBitcoinUSA
reply
Happy to help, I think the added convenience would definitely outweigh the risk for most people, but I wouldn't want to encourage that since most people just aren't aware of the risk in the first place. I'm probably missing something, I don't think I understand how onerous the process is for mass requesting invoices and then "decoding the invoices" would be - is it just a matter of running each invoice through a hash calculator type of thing or do I have it all backwards?
reply