@Vitor Pamplona Forwarding this to you. Yes, this is about onchain zaps!
Anita's avatar Anita
After all the discussions we had about on-chain privacy and the negative effects on the privacy of ALL users when identities are tied to a BTC address you have to put it on the front of the profile? I want to be able to at least opt out of this!!
View quoted note →

Replies (17)

As long as you are using any pubkey, of any type, anyone else can always lock funds to your key in any blockchain. You don't have a choice. We only make that visible to you so that you can decide what to do about it.
With BTC addresses that I control, I can control where I disclose that they are associated with me. On Nostr I can't. Big difference. Now on Amethyst I can not decide anything as you have decided to make the onchain possibility visible for anyone without giving me the option to opt out. 99% of people have no clue that they can send on chain zaps. Oh wait, you are promoting it which leafs to bad privacy practices. Best would be clients hide the on chain zap opportunity and only let users view if they received something or not. Why do you promote something that is bad for the network and all its users? Just because it is possible to send on chain zaps, you wouldn't need to advertise it.
Correct, you cannot control because the address is your npub. You can't hide it because that is your whole identity. In Nostr, those two are linked forever and there is nothing anyone can do about it. We can make a function to hide it, but that doesn't change anything. I don't believe in devs deciding what users can or cannot do. That's not my role. My role is to allow everyone to use everything as easily and safely as possible. I am not here to censor anyone... And that includes on chain zaps as well. Otherwise users are slaves of their devs and that is not good.
There shouldnt be ANY expectation of privacy on any bitcoin-based stack. You think you can control where you disclose your UTXOs.. you can't. That's a lie. If I want to figure out which utxos are linked to your name all I need to do is to buy that data from blockchain analysis companies. They will lay it out for me. What you think is "privacy", it's just the profit center of gigantic companies out there.
Ummm... You never had the option to opt out. Your nostr keys were always Bitcoin keys. They're derived with the same cryptographic primitives. Amethyst and Ditto just eliminated the barrier of having to write a custom script to convert the format, but people have been able to send Bitcoin to your npub for as long as nostr has existed. Nobody however is forcing you to move the funds to another wallet linking identities as a result. You can just leave it alone. That's the choice you do have.
But other people can see how many Bitcoin you have on that address that never changes (address reuse), and that can put people in danger. Especially, take a look at the project Anita works for.
Yeah. It's always been like that. Your nostr keys were always Bitcoin keys. This isn't new. You can let the funds sit, you can move them to another wallet, or you can burn them. Those are your choices. You can't prevent anybody from sending them to your nostr public key. Never could.
After all these years of being lied to from Bitcoin experts selling their shitty "privacy" solution back to us, I am now more convinced than ever that there is not a single way to stay actually private in Bitcoin. Everything has been captured via layered services or cryptographic tricks. And definitely using utxo for each transaction doesn't do anything for privacy. It's all bullshit that can easily be correlated with other information that is already on the web and will be confirmed on chain as soon as the user starts spending those coins using any wallet out there. For us on Nostr, since the point of this network is to create a public trace of your information for free, including zaps and other money transfers, the idea what any pubkey-liked Bitcoin, lightning or Cashu usage can remain private is laughable.
waxwing's avatar
waxwing 5 days ago
It's definitely a more correct position to take *by default* but by saying it's absolutely true that everything is traceable you're failing at the other extreme. And especially with Lightning. Even with onchain. The problem is not that everything's traceable, the problem is people thinking that some particular simple system fully defends you from that.
Yes, *lighting* has good sender privacy. Some people prefer to use custodial services which don’t. Not entirely sure you can blame LN for that? Though even for such services you can do client-side pathfinding, which admittedly isn’t all *that* common but is very doable and some protocols support.
waxwing's avatar
waxwing 3 days ago
Clearly that's the pure perspective, but I'll keep harping on this point: a model like Phoenix where you don't have privacy from Phoenix is absolutely different from a model like onchain payments. It fits closer to, and is better than, what people are (unconsciously) used to: when they use a bank card they know the bank knows all their transactions, and they accept that tradeoff (mostly because they have no choice to be fair!). I'm not saying a CPOF isn't a problem; such things will always come back to bite you eventually, if they get big enough. But that tradeoff is not even close to being a bad tradeoff with the current status quo, and it is emphatically a better privacy model than the vast majority of others (and I suppose it can still get better). So: self custody, privacy w.r.t. merchant[1] but not service provider, strictly better than bank money: no self custody, privacy w.r.t merchant but not service provider. [1] just means they don't see your financial history