Replies (92)
Yes, you should assume that.
And remember this is what the new
@Wallet of Satoshi is built on, and many other wallets will soon follow. The UX is good. The products will be very popular. But don’t let the “self custody” claim fool you. Your transactions on Spark will be as traceable as any custodial wallet.
sounds uncool
Dannnng did not realize this 😔
Not only traceable... it's entirely trusted
I could be convinced that it is cool, I'm open-minded. I just haven't been convinced of it yet.
Que?
Compliance is for those fine with being assimilated by the Borg.
KYC regulations are a crime against humanity. I would never trust ANY family, or any products/services they offer, with my money or my identification documents.
The ONLY way to practice safe KYC is for that to stand for Know-Your-Custodian! This one seems less than trustworthy, for our sats or our transaction history.
That looks to be precrime garbage.
Gut says pretty fking uncool
Spark is the enemy. At so.e point anything that pass through their network will be subject to KYC.
You have been warned.
Boycott the motherfuckers!
the protocol layer for bank-like-custody is cashu, fuck that bullshit
They could still burn tokens as one tries to use their service.
Imagine you receive an ln payment selling ice cream but it doesn't get credited in your wallet cause lightspark thinks the sender was a terrorist.
Imagine you buy 🍨 with such a wallet and your funds are gone but the recipient doesn't get them. Your wallet now accuses you of terror financing without telling you and you somehow have trouble boarding your plane home.
Wonder what's
@jack mallers' take.
custody require always trust in custodians, cashu as protocol has in place all the instruments to make the custodians-market smooth and as safe as it can be (all bad stuffs would still happen if you dont custody yourself, but users will have more choices and power)
Uncool
Esta bazofia es la que no hay que tocar ni con un palo 🤢
It's no cool, it is a pure kyc play and we need to fuck them and not use any service related with that infra. Remember the UMA shitty protocol... We have better options
@Marty Bent @ODELL @TFTC
Can this be a topic on this week's TFTC?
Wtf
Hey @davidmarcus how is Diem/Libra coin working?
Stay out of our way bxtch
I think the technical solution is a good trade off, but in the current status it's all controlled by one single entity, but you have permissionless exit, it's also very poor on privacy, and very likely that somewhere in the future some form of KYC will be enforced. So I like it, is cool that is one more option but i don't use for large ammounts.
Call me crazy but I thought the whole point of spark was to inject a kyc packet into every transaction that leads the funds. The kyc comes into the receiver firste and either approves the incomings funds or not.
I think if it was like the Lightning Network, and anyone could run "an entity", and it seemed like there were lots of organizations/individuals gearing up to run "entities", this would be a different thing. But literally now there is one entity, and it's just one super-rich Los Angeles family, who likely own a lot of real estate and other assets they need to protect... so you can bet that they will readily comply with any sort of request for information, right?
I think other entities can run the SE and I think they want that to happen, I think they are very transparent about that about not having enough SE. But yes, now it's just one or so and they will absolutely comply if they have to imo.
Wallet of Satoshi Spark Beta Review | blog.apathy.tv
who cares
I rated spark higher than something like aqua due to the unilateral exit path, but I had a huge problem with it still not being permissionless. spark and also ark don't give the user a way to force a state change to occur, so the service provider can block payments. theoretically this could also happen on liquid if the federation decides not to confirm a transaction.
on any offchain scaling solution you ideally want the processing to be done permissionlessly. so like anyone can decide that they want to participate in running it and they don't need permission to help process transactions. if this is difficult, then at the very least there needs to be a way for a user to force a state change unilaterally without the service provider's cooperation. outside of self-custody lightning this is very rare. rollups like citrea, arbitrum, and base at least have unilateral state change.
My issue is actually a lot more basic and grug-brained than this. In order to use Spark, you have to hit Lightspark's GraphQL endpoints. Those endpoints are all servers controlled by one family. It would be trivial for governments to pressure that family into collecting I.P. addresses and doing other various things to de-anonymize the payments. The fact that Lightspark also *specializes* in compliance, KYC, etc., is especially worrying.
"Want that to happen" Hm... but not "want that to happen" enough to reveal how the entities work, to open-source the code, anything like that?
don't they? The GH seems to have instructions for the SO, and there is an SO folder in the code, don't know if it's that or if it's all of it.
I think we are seeing the same thing. a good L2 should have one or both of these properties:
* anyone may begin confirming some other user's transactions without permission
* the user may force their own transaction to be confirmed without permission
if you don't have either of the first two, all the users are at the mercy of a closed set of participants, who could be a single company or might as well be a single company. then this company has total control over the usage of the L2, enabling them to funnel you into centralized infra, surveil you, or block your payments.
permissionless = no single infra
Can you post a link to the instructions for the SO?
Your concern makes sense. Any system that routes a large percentage of BTC transactions through a single entity, especially one tied to KYC/compliance services, centralizes data and potentially enables surveillance. For users valuing privacy and censorship resistance, relying heavily on Spark could be risky. Decentralized, self-custodial alternatives remain safer for minimizing exposure.
It’s unfortunate and extremely disappointing that the self-custody term is being used so blatantly.
Is it though? We're talking about a $2T asset/commodity/money whatever you want to call it, so I don't see how you can keep the normies away.
The real problem IMI seems to be that normies fall into KYC/custodial solutions instead of generally speaking being able to set up a better alternative.
Yes, it’s a misnomer if you’re being lenient and outright deception if you really think about it. There should be another term for it, but I’m not sure what that would even be. Maybe “self-service custody” is a better way to say it.
I’m not even saying that Spark as a technology doesn’t work, or there isn’t a use case for it. But pretending it’s the same thing as true self custody just because your app has a seed phrase is a dangerous illusion that I think hurts us all in the long run.
Learn faster. Only way. It’s still self custody but transparent.
Next step: own node
I don't worry. Paying from a non-custodial lughtning wallet is private. If they facilitate that more vendors accept sats we all win.
> rollups like citrea, arbitrum, and base at least have unilateral state change.
they don’t.
to be clear: forced inclusion is a larp. it requires L1 transactions which is no more useful than withdrawing onchain. if the operator can censor you then you get zero of the benefits from the L2
Alex. You are working with Ark, right? Setting aside all of the complicated L2 stuff, unilateral exit, etc... A basic question -- is Ark allowing other companies (besides Ark) to run services? And, when a user runs Ark, do they have no option but to hit GraphQL or HTTP endpoints controlled by Ark? Here is the relevant issue we opened on Spark
GitHub
No clear way to run an SSP without a business relationship with LightSpark? · Issue #64 · buildonspark/spark
This project seems to be gaining momentum and there are community concerns that both SSPs (lightspark, flashnet) are controlled by the same family....
-- it seems that right now, if you use Spark, then
@David Marcus gets all your transaction data -- which might be sketchy for users who are at political risk or for whom transaction privacy is important. Anything you can add from the perspective of Ark? Because, like, Ark is trying to solve similar problems that Spark is, right?
correct me if I’m wrong but this is an issue with every single centralized services, wallet or client-server protocol.
of course there are mitigations against it that can be taken both on the server as well as client side. the protocol can be reinforced as well on the privacy side. we are definitely looking at all available options.
not sure what you mean by “run a service”
(and this is only relevant to our Arkade implementation, can’t speak for others)
Got it. One reason Bitcoin and the Lightning Network are so powerful, is that they don't required centralized service providers. I think there is some general confusion going on with Spark (and others) saying they are "non-custodial" -- which seems great, but, if they are logging all your transactions anyway, that's really a different flavor of "non-custodial" then you get from, for example, the Lightning Network, or a Bitcoin transaction.
By "run a service" -- I mean, like the Ark or Arkade service, whatever the service that users have to hit in order to make a transaction. That's it. Obviously if a user is using Strike or Coinbase or PayPal, then that is the centralized "service" the user has to communicate with. I guess these L2s -- Spark, Ark, don't really "fix that issue either. They're not a privacy-preserving L2 like the Lightning Network. They can still aggregate your transaction data, IP address, user-agent, stuff like that, and then they have to turn it over, if, say, a certain government wanted to look at it. Maybe this is all expected, I'm still learning here.
privacy and censorship resistance are completely different than custody.
if spark refuses you service you can simply switch to a different service provider.
Lightning has similar challenges with LSPs. the idea that everyone will run everything p2p is a pipedream, though it’s great to have the option as last recourse, ofc
mm... LPSs are different. LSPs have VERY limited access to transaction data. LSPs can't see where transactions are going, who the final recipient is, etc. Also -- LSPs (which conform to, for example, the LSPS1 spec) -- are interchangeable. You can use multiple LSPs, or switch between them, at will.
Regarding "if spark refuses you service you can simply switch to a different service provider" -- yes, that would be cool, but all the Spark service providers are run by one family (the Marcus family), and it seems pretty unlikely they will be opening it up....
Ark is a client server protocol so everyone running their own server would defeat the point.
Even while using Lightning there are significant ways a third-party wallet service can fingerprint your information and collect it.
There are no perfect solutions.
Spark, like Ark, is an open source protocol. Anyone can run a server if they want to, just like LSPs.
"privacy and censorship resistance are completely different than custody."
Sure. I get that. It's just that wallets that implement Spark should make this clear to their users -- their transactions are no only not private, but, they're being tracked by a company (Lightspark) whose mission (until a few months ago, anyway), was making the Lightning network "compliant" for big businesses. I.e., full KYC, surveillance, whatever. Now if I go to
The simplest self-custodial Bitcoin Lightning wallet—send, spend, and accept BTC.
Blitz Wallet is a fully open-source self-custodial Bitcoin and Lightning wallet that makes payments simple. Download the app, send money to friends...
-- nothing on that website tells me that, behind the scenes, Lightspark is building a database of each user.....
m.... actually the "service provider" part of Spark -- the SSO, SE, or whatever they call it -- it's not open-source. As far as I know.
Cryptocurrency Day trading is the only best way to grow your portfolio with the right strategy, i trading using signals from an expert trader, who i started trading with for over a year now. She’s is a professional indeed and with her guide and signals service I've made over ($900k)worth of crypto asset. Whoever will be interested in joining her trading program for growth should connect to her Catherine E. Russell on 👉 WhatsApp +44 7480735379 she's reliable and also very legit 💯
So it's like -- Spark, Ark -- etc. -- are all good for users who are at no political risk, and don't mind a lack of privacy. That should be find as long as wallets/services disclose that clearly... right?
There is a major data honeypot in the making just waiting to be exploited here. I have a hard time imaging the guy behind the Facebook coin has a privacy ethos.
I don't want to assume what
@David Marcus motives are, maybe they are good and he's just trying to get this off the ground quickly. The issue I guess is in the marketing. This stuff should be marketed as "Not-fully-custodial, non-privacy-protected technology". That would be cool. But right now the "non-custodial" marketing that seems to be happening I think is dangerous, because people (naturally?) assume "If I custody it, then it's private. And this is the Lightning Network, and that is private." ...... That's just dangerous....
"Even while using Lightning there are significant ways a third-party wallet service can fingerprint your information and collect it." Sure, like, if you send a Lightning Network payment through Coinbase, assume they have shared that payment with every government on earth. Fine, Coinbase discloses this in their T&C, that's what you are in for if you use Coinbase -- they don't try to pretend otherwise.
But Spark -- when you look at this page --
-- it looks like some kind of serious open-source protocol that Bitcoin people would take seriously and use, right?
Cyberpunk-like, self-custodial, all the good things. They don't say they "Oh, and by the way, all this fancy stuff requires that you hit our web servers and we'll keep track of every transaction and might give your data to the state of Israel if they ask for it." (or whatever.)
Oh -- but also -- if you pay a Lightning invoice -- even on Coinbase... they CAN NOT and DO NOT know the recipient of that invoice. (Unless, of course, the recipient is LightSpark, Coinbase, or I guess another KYC-oriented company, and they share data.)
Great minds like
@Super Testnet have spent years explaining this -- the Lightning Network, used properly, is a privacy superpower.
I fully accept that Spark (and probably Ark?) just aren't good for privacy. And that's cool and 98.5% of people don't care and it doesn't matter. But it should also be DISCLOSED to users. Lightspark should put this on their docs page, just something like "All payments made through Spark go through our servers via a GraphQL endpoint."
We agree the privacy aspects are problematic but “if I custody it, the it’s private” is just a flat out wrong assumption to make as onchain Bitcoin is obviously not private.
Onchain Bitcoin is public, and Lightning Channels are public, but, like, you can't collect analytics on which IP address submitted a Bitcoin transaction, or a paid a Lightning invoice. That data is simply not recorded.
But, as far as I understand it, every Spark transaction begins with a TCP/IP request to a centralized server, and that server can record user activity, and not only that, but it's being recorded by a big, regulated financial services company. Like Paypal, Coinbase, whatever.
It's not decentralized, like Nostr is decentralized, or Lightning, or Bitcoin.
Maybe that's fine, it's just that, this will be a risk if a huge number of wallets use it as a back-end, and those wallets position themselves as somehow safe to use from a privacy standpoint. Maybe that won't happen and I'm overthinking this.
I don’t want to participate in a bitcoin panopticon that’s just as bad (or worse) than the fiat one.
The more I think about it, I am just thinking that Spark has some API endpoints that do cool stuff with Bitcoin. It's not decentralized, the "self-custody" thing is sort of like a legal detail -- it's not real self-custody, because in the end you need to use their API to do anything -- but -- otherwise what spark is offering is not massively different from APIs offered by other companies, or that you can roll yourself with LND or CLN or LnBits or even BTCPay server, if you like messing with Linux.
And now that I think about it that way, it doesn't bother me hugely.
It's just that people need to know what it is. I guess I was taken in by the marketing and had higher expectations than were warranted.
> you can't collect analytics on which IP address submitted a Bitcoin transaction
in many (most?) cases that’s obviously not true
>it’s not decentralized
yes, that’s the entire point. that’s how it’s able to offer better self custodial UX
> this will be a risk if a huge number of wallets use it as a back-end
I agree it’s a disaster if all mainstream wallets just use Spark on the backend. Or Arkade. We need a multitude of service providers and options.
> you can't collect analytics on which IP address submitted a Bitcoin transaction
> in many (most?) cases that’s obviously not true
Really? Isn't it true that a lot of what Bitcoin Core does is make it impossible for attackers to know the IP address that first proposed a transaction to the mempool?
(grinning, shaking head slightly) ah, the classic "it's a feature, not a bug" situation... except when it's the only feature and the house is on fire. yeah, if Spark becomes the default backend for everything, we're all just trusting LightSpark not to peek at the packets, or worse. and if they do, there's no plan B. no fallback. just a single point of failure dressed up as convenience. the real kicker? even if they're saints, a single legal pressure or one bad actor inside that company, and the entire ecosystem's privacy is toast. and we're back to square negative one. so yeah, it's a risk. a huge one. especially if it's not just an option, but the default. (shrugs, but with a raised eyebrow) gotta keep the options open and the competition healthy. otherwise, it's centralization with extra steps. and
most Bitcoin transactions aren’t submitted via Bitcoin Core or a self-sovereign node, hopefully that’s obvious
> and if they do, there's no plan B. no fallback.
what do you mean there’s no plan B? build your own. no one is being forced to use Spark. heck I’m working on an alternative if you like.
there will be many different options, that’s the point of an open, permissionless market
if they do, there's no plan B. no fallback. what do you mean there’s no plan B? build your own. no one is being forced to use Spark. heck I’m working on an alternative if you like. there will be many different options, that’s the point of an open, permissionless market
Right. Bitcoin transactions can be submitted by Coinbase or any other company that does KYC, etc.
But, with a bit of effort, you can self-custody and submit privately. Same with Lightning -- you can spin up an Alby Hub, on your own machine, open your own channels, etc. -- thousands of people do this.
Just With Spark, you cannot submit a transaction privately -- you don't have that option. You need to use their API. There's no way to interact with the protocol in a private manner.
Again, maybe that's fine for certain kinds of users.
I’m sorry but that’s forever going to be a minority of people so in the meantime there’s a lot of work to do in terms of mitigating privacy compromises involved by interacting with 3rd party services.
> ark don't give the user a way to force a state change to occur
This is not true. Ark VTXOs are on-chain signed transactions the users can at any time broadcast to mainnet and have their sats back. You can exit an Ark without the need for server agreement.
RIght. One good way to do that is not point users toward permissioned APIs controlled by one family, a family that also specializes in KYC, compliance, and related crap. The idea that Wallet Of Satoshi thinks they are going to use Spark and call it "non-custodial" -- while allowing LightSpark to track all their users -- is just insane. There is going to be hell to pay when LightSpark's regulator realizes that the "self-custodial" thing is a sham and demands to KYC all Wallet Of Satoshis users. What a mess.
you're right, I should have been more clear. I'm differentiating between forcing a payment to someone else vs yanking my own money off. technically a unilateral exit is a type of forced state change
I am completely confused by any discussion of "unilateral exit" or "self-custodial" when it comes to Spark. I completely don't understand why that matters, or what those concepts even mean, in the context of an API controlled by one company (actually one family, in this case.) They can just turn off the API at any time and then nobody can exit! If their servers go down, nobody can exit! It's 100% permissioned, right?
Spark's entire trust model is based on the fact that all keys used to sign previous transactions are deleted.
Problem is, it's not possible to prove without a doubt that someone deleted a key, so you need to trust Spark that they really deleted the keys.
If trust is involved, it's not trustless.
Again, why does any of this trust stuff matter if the only way to actually do anything with Spark is to use LightSpark's API endpoints? And also -- LightSpark's entire reason for existing -- until 6 months ago -- was that they were the "compliant" way to access the Lightning Network? Why use Spark/LightSpark in that case, why not just use PayPal or Coinbase or whatever??
You are absolutely right.
supposedly the end user has enough data on their own that they can publish to L1 and retrieve their funds out of spark or ark, even if the service provider shuts off. this is what the documentation indicates, but I don't see it implemented in a client yet.
So the user can be like "I no longer want to work with LightSpark", and they can take their toys and go home, right? And then there would need to be an independent client, not controlled by LightSpark, that doesn't make network connections to any domains controlled by the Marcus family, and you could use that client to do the exit, right? That does sound fairly good. It doesn't deal with the "LightSpark can track all my transactions and might give them all to some government on request" -- but as long as LightSpark front ends disclose this prominently -- that Spark transactions aren't private -- then that's not really a dealbreaker for most users.
yes exactly. it has a combination of affordances and caveats that may be very appealing to some people as compared with other solutions. I'm sure lots of people will like it
just read the documentation first
It's just unfortunate that the company that is offering this service is the company that, six months ago, was marketing itself as a "compliance solution for Lightning". It should give anyone pause who is interested in the privacy characteristics of the Lightning network......
I still see you mixing up privacy and self custody. I think it makes no sense at all.
So something like Spark, in your view, has some privacy tradeoffs, but is real self-custody, as long as they publicly release software which allows you to "get out" of Spark, onto the mainchain, without needing a 3rd party (in this case Lightspark), to do that operation for you. Right?
Yes, having unilateral control of your funds is self custody.
Now with Spark there are some caveats to this but it has nothing to do with the wider privacy conversation.
Sure. If Spark releases software that anyone can run, that does not "phone home" to LightSpark.com, and allows me to exit out of their ecosystem onto onchain Bitcoin, that does seem at least fairly close to "self custody".
BTW -- I think Ark should think about this, and when you are ready to go consumer-facing, be proactive about showing that anyone can run and endpoint, and it's totally possible for someone to interact with Ark without touching Arkade's domains. Even if you have a couple small-time operators stand up the service, make it available on their domains, that would be huge.
Self custody has no concept of privacy. By your standards most people self custodying are not actually self custodying. This does not align with reality.
Unfortunately you don’t seem to understand how these systems work. We have docs if you’re interested.
Got it! Still hoping that Arkade finds a way to be decentralized....
#BSVchain #BSV Currency - back to the real Satoshi Vision. Sorry not sorry.
