I am no expert on lightning software so I am not aware of a tool but it probably exist. Something like letting you choose your first few hops and then the automatic routing takes over from there would be good.

Trust would have to be established traditionally through social relationships. Very trick currently because of how small bitcoin is.

A node you own to route your payments through would not help much because lightning currently uses HTLCs to secure it payments. HTLCs make it so every node your payment goes through has an identical token. Nodes colluding to attempt to de anonymize payments can identify a single payment flowing through the various nodes by this token. PTLCs is an alternative to HTLCs that is being worked on and should fix this.

This is a possible attack. Since the sender gets to select the path, the sender gets to choose who they trust to protect their privacy.

If you want better privacy on LN, I recommend use coinjoined coins to create your channels.

If its not multisig, then that defeats the whole purpose of a federation.

The client can broadcast their transactions to multiple guardians to mitigate transaction censorship from malicious guardian.

Federations are just another way to run custodial bitcoin. They have a different trust model than the traditional single custodian controls everything. They still require total trust that a group of the guardians won't go malicious.

Hello, I have built a module for fedimint and have some knowledge of the inner workings.

The examples you put forward are accounted for in the fedimint implementation. The invite code used to join a federation contains all the public keys of the guardians in that federation. The client ensures data received from the federation is signed by a threshold of the guardians.

Lightning gateways are implemented in fedimint in a way that gateways cannot steal users funds.

I would argue that fedimint is actually harder to justify to the regulators because of its great privacy guarantees. I agree that public federations could very likely be targets of rug pulls from the governments they operate under.

Though the fee is also relative to how long the ASP has to provide captial for your VTXO.

For example, if the ASP provided an ARK with a 1 year sweep time, a user planning to self custody their funds for at least a year would join the tree, wait till maybe two weeks till ASP can sweep, then redeem to a new tree. This way they would only pay interest for 2 weeks of time.

Its important to note that all the users participating in these ARKs would be doing so because they believe the net fees they would have to pay to be in the ARK would still be cheaper than standard self-custody through an onchain transaction fee. This would likely only be true for small-medium amounts so its unlikely any very large amounts would ever participate in these ARKs.

The ASP needs extra funds starting from the redemption of a VTXO till when the ASP is able to sweep the UTXO. The ASP could charge a VTXO redemption fee equal to VTXO amount * some ASP decided interest rate * time till ASP has ability to sweep UTXO.

Basically users of the ASP would have to pay interest on the capital that the ASP has to lock up because of the user.

Yes, the default parameters that have been announced wouldn't work well for self custody. When I say Ark, I really mean the concept of what Ark does. I imagine that the block height lock for the ASP to reclaim could be changed to a much longer time for a transaction tree that wants long term self custody. This could be offset by the ASP by requiring higher fees if a participant in the tree wants to leave earlier. (Disclaimer, I am not an expert)

In my opinion Ark like solutions are the most promising for scaling self custodial bitcoin. This video gives a good technical explanation of ark.

I see ark as promising for self-custody but less promising for use in payments.

Building fedimint modules for prediction markets ( or any other use case) has a some big advantages, mainly:

The UI is actually a fork of webimint which has this behavior currently. The only balance that matters is the number at top. For now the transaction list doesn't work properly. The federation is on mutinynet ( a testnet ). Use the mutinynet faucet.

Great article!

I thought that Fedimint's trust model breaks down when 1/3 or more of the guardians become malicious. What proportion of guardians have to coordinate to rug users?

They possibly could. If you are worried about this, you could use tor to hide your ip. If you use a Nostr website, use tor browser to hide your ip.

Location data could be embedded in the notes you upload to Nostr through image metadata so I would be careful of that as well.

I think Ark is still a long ways away also but it seems like it could be a possible avenue to scale self-custody if the bitcoin community were to come to consensus to soft fork in what it needs.

I don't have any experience with mining, though I would like to learn more about it. I just read through the fedipool discussion and it seems like there are quite a few considerations in making the module.

Yes that's right :) The way modules work in fedimint is awesome! I can't wait to see all the interesting ideas that people come up with!

Some possible modules that I am excited for are:

I threw together a little project in rust for fun: https://github.com/toyota-corolla0/proof_of_work_spam_protection_example

Separation of money and state is the goal! You are right on!

awesome work!!! How close is fedimint to a production release? I am super excited!

I am also super excited about fedimint because of the ability to also create custom modules that allow communities that deploy fedimints to customize to their needs. I have been working on a fedimint module for prediction markets over the past few months. I think fedimint will become a super powerful tool for onboarding new users to bitcoin.