pull down to refresh
0 sats \ 7 replies \ @patrick1 20 Oct 2023 \ parent \ on: Large lightning vulnerability concern bitcoin
I do too, but I may just use mutiny and then get my sats out of lightning immediately with a swap whenever it's a significant amount.
Kinda sad.
Yeah my issue is with spending privately though, I want to pay LN invoices in a self custodial and private manner. Mutiny (the hosted version) can't give me that unfortunately.
reply
What gives you the view that you can't use mutiny to spend self custodially and privately?
reply
Hey Tony an honor to answer a question from you.
Pretty much the main things giving me this view are
- accidentally leaking my IP to Mutiny's web servers. My daily driver is (gasp) iOS and I can't enforce kill switch VPN, so there is a possibility of leaking my IP. Using Zeus and Tor-only mode I can eliminate operator (me) errors
- 2 hop scenario listed here https://abytesjourney.com/lightning-privacy/ (I just re-read the solution about opening additional public channels, and not entirely sure how that mitigated this)
reply
Thanks for that answer. We don't know anything about individual users or lightning payments since we don't run an LSP and thus don't process payments.
But we came out with a self hosting guide here so you can limit the IP concerns.
We could also probably add something for people to enforce that payments sent are at least 2 public hops before the destination. You wouldn't be able to pay other mutiny users with this setting if they share the same LSP but it would protect you from that edge case. Alternatively you can open your own channels too and go without an LSP in mutiny.
Having at least 2 public channels means that the source of funds might not have originated from you, but from someone beyond the other public channel. Only having unannounced channels aren't routeable by others so when you make a payment, it's clear it's from you. So a direct unannounced channel to unannounced channel payment with one up in the middle makes it clear who the sender and final destination was.
reply
I sat down now to test out your self hosting instructions, but I'm staring at this $12/month Digital Ocean cost and thinking about ROI and now my head is spinning.
I saw a "should be OK with 1GB/1CPU" so giving that a whirl on Linode. Found 1 or 2 issues in the setup instructions but made notes and will write it up.
Just a quick Q: if I don't want any old random to use my server, I was thinking of locating the site at https://mysite.net/uuid instead of just https://mysite.net
However seems the Mutiny stack is expecting a lot stuff at /
Any suggestions for locking it down a bit? basic auth UX sucks ass on mobile so anything but that
Thanks for clearing up the 2 hop thing, I'll definitely open another public channel in that case.
reply
Update : I have a channel open 😅
The Bitcoin wallet seems to work for the most part, but on the lightning side I can't pay invoices to things that should be highly connected such as wallet of Satoshi - payment failed unable to find route. Which logs should I check out on my server? Might hop onto Matrix if that's easier.
reply
Yeah either matrix or our GitHub. Could be a problem with the remote storage part actually.
reply