I think the Ark protocol (not tied to a single Ark operator) is the trustless solution, to allow us to swap our on-chain zaps to *Lightning* Arks gives everybody unilateral exit, allowing a large number of users to have balances, but where everything is compressed into a single UTXO. So we gather a number of Nostr users, each of which have a number of on-chain zaps, and we collaboratively sign one big transaction that creates our 'Ark round', i.e. this single UTXO, consuming all the on-chain zaps. When that confirms, the operator of the Ark starts paying us via Lightning. With the preimage they receive from each of us, they then have the info needed to 'steal' our Ark balance. I didn't mention this in the previous paragraph, but each user's Ark vUTXO will be a bit complex, including a timelock and a hash So they get my on-chain funds (via Ark) if, and only if, they pay me the same amount via Lightning. If they don't, then - after a timelock - then I can unilaterally exit to get my money back In the happy path, they get all our preimages and - by presenting all those preimages on the blockchain - they can sweep all the funds to their own UTXO. Quite small on-chain footprint Privacy: if we present Bolt12 invoices to the operator, and use Tor and other best practices, then the users should feel very private

A private key allows you access to a series of derived addresses. You can receive transactions to any of those addresses and the transactions and balance of each address is publicly viewable. Coin Control is basically not combining transactions from different addresses that you control so that they don't get linked together. So when you do a transaction you only use the balance of the fewest/safest addresses to make the transaction to avoid linking the addresses unnecessarily. I am thinking of a swap as where you send a transaction on one chain (ideally to a kind of escrow) and you get a transaction on another chain, like between BTC and XMR on cake wallet. And then you can swap back again and you probably get a transaction with a different history not linked to you or your previous transactions. So you could use coin control to swap each small address and then from the other chain consolidate them with another large swap back. A transaction from each address is going to cost a little bit more for fees. If you are going to do large transactions in the future, then I guess consolidation would save you a little bit of transaction fees if you did the consolidation when on-chain fees were low during the consolidation and the fees were higher during the larger payment later. Otherwise, you could use coin control to keep splitting the addresses into smaller and smaller balances.

bro 💀