pull down to refresh
10 sats \ 8 replies \ @nullcount 13 Nov 2023 freebie \ parent \ on: Hello World, this is Cipherchat! 🐈⬛ bitcoin
My guy, sharing your node pubkey (identity) to people so they can message you is bad opsec. Its like sharing your xpub.
If I know your pubkey, I can watch your channel opens and closes and make assumptions about your usage patterns.
Worst case, I can follow your channel txns back to your stack and create a list of addresses owned by you.
But 'tis a small price to pay for the ability to message you /s
reply
Who's saying to share your pubkey with anyone you don't want to know it? Do you give your phone number to people you don't want to contact you... The fundamentals of privacy is sharing information with people you choose, that choice is up to you.
reply
Yea, but my phone number doesn't reveal anything about my finances.
There is no technical reason why you need to reveal ANYTHING about your money in order to chat with someone. We're chatting right now!
reply
Pubkeys are also publicly available so it gives a way for nodes to communicate with eachother without knowing any other information. It can be very useful if you need to coordinate channel closures or notify peers of upcoming downtime for example.
reply
Yes, pubkeys are public and used as identity within the LN protocol. But as soon as you start to use pubkeys in other protocols, you attach additional significance to them which can be used to deanonymize. Again, there is no technical reason to use LN pubkeys in a chat protocol.
reply
There is no other protocol, Cipherchat just uses lightning. :)
reply
Just because LN protocol allows users to doxx themselves, does not mean we should encourage it.
reply
What doxxing? This is the same as running
lncli sendpayment
directly from your node. Are you suggesting users should not have full control over their node to run whatever commands they choose?Keysend was introduced into lightning in the early days without issue because it turns out that it is very useful to be able to attach metadata when you are sending payments over the internet.
Most lightning apps support keysend in some way, if you have used a lightning wallet you have probably used keysend.
It sounds like you have an issue with the protocol itself. So your best course of action would be to open PRs in all of the major lightning implementations removing keysend support and try to get that merged. You will also want to reach out to as many lightning apps as possible to gather feedback about your proposed breaking changes.
I wish you the best of luck!