Replying to Avatar Cyph3rp9nk

Because it is not necessary, since Lightning is more private than Monero.

Muted.
Avatar
Daedalus 0mo ago

Lightning is inferior to Monero's privacy both on a network level, and on an on-chain level.

Most importantly it's inferior on a UX level. Running your own LND node either behind Tor at home or on a VPS paid in Monero or at least a strong lightning setup (oh wait we can't do that yet because we're trying to setup lightning) then getting non-KYC Bitcoin, then opening your own channel making sure to use the whole UTXO to avoid cospends, then making sure to properly label the original UTXO and to never accidentally connect it to an Electrum server without Tor or never use it in a manner that links it to your identity. Only THEN do you have a setup where you can SEND lightning in a manner that is even remotely comparable to using Monero bought from a KYC exchange and connected to a public node. Recieving privacy is still inferior because it leaks your public key which is linked to your channel which is linked to your UTXO which is linked to the UTXO before it etc. etc.

You don't do that because you have a Wallet of Satoshi link in your bio which has 0 privacy from the Wallet of Satoshi provider. So your claim doesn't apply to you in any scenario, since you've excluded the perfect OPSEC scenario I've outlined.

You're delusional. Disprove what I've said I dare you.

Reply to this note

Please Login to reply.

Discussion

Avatar
ripsline 0mo ago πŸ’¬ 1

ripsline.com solves this elegantly with our btcpayserver Virtual Private Node implementation.

Avatar
Daedalus 0mo ago πŸ’¬ 3

You require an email and payment in either on-chain or lightning Bitcoin. The end user has to ensure that their email isn't linked to their identity or IP (a tall order for most) AND they use a properly non-KYC Bitcoin UTXO to pay for the service.

Even then you have root access to the server and all its traffic. A VPS will always offer a superior trust model as you can compile the software yourself on your computer, sign it, then deploy it on the VPS. What assurances do you have that you're not running malicious LND software? What assurances do you have that you're not logging LND activity and traffic? What assurances can you make that you're not under gag order by a state intelligence agency and can't disclose that you're giving them data?

Avatar
ripsline 0mo ago

All these points were considered in the architecture of our implementation. It is evident you spent <5mins checking out the site. Else you would see the issues highlighted above are accounted for.

1. the Flow Chart that is highlighted in the How It Works section of our Buy page: users are encouraged to set up a Dedicated Device prior to Virtual Private Node purchase. *We envision users to setup device level VPN and use email alias for purchase.

2. This implementation is literally run on a VPS... We never have root access to the server, that information is emailed directly from VPS provider to ripsline user's email provided at checkout. Even so, they cannot access the VPS until root password is changed. We merely provision the VPS for end user, they maintain VPS credentials always.

3. You can check custom installer for malicious LND software as the script is FOSS viewable here: https://github.com/ripsline/Virtual-Private-Node

4. The last two points do not make sense because we never have any information other than user's email and domain name (can use fake domain name which is also highlighted on the site).

Avatar
Daedalus 0mo ago πŸ’¬ 2

Yes I spent less than 5 minutes I spent about 1 minute reviewing your page. So you charge $360 a year to provision a VPS for a client, run your open source script, then give the user SSH credentials for the VPS? Is that correct? If so would the user not be better off avoiding the email and middle man all-together and provision their own VPS and run the script themselves? The users adding an identifier in the email and trusting you not to run a modified script at time of install, is that not correct?

What you describe is more private than what I originally surmised, but still leaves deanonymizing attack vectors open or am I wrong?

Avatar
ripsline 0mo ago

We purchase the Virtual Private Server at cost for 1 year (~$200). The email provided to us at checkout is used so only you have access to your VPS client portal. After 1 year, you will have to pay the VPS provider ~$200 for the second year and so on.

When you purchase through us, we provide ongoing support and a custom script that makes the installation process easier. In the order credentials file, we encourage users to not trust us but to review the script before they run it themselves... they can even paste it into chatgpt to check for malware.

We never provide SSH credentials to the user, the VPS provider emails those directly to ripsline user.

Users are encouraged to provision their own VPS and run the script themselves. Users who know the value of their time will quickly see that our one-time setup fee, which includes ongoing support, is a far better investment than spending their time figuring it out on their own.

There are no deanonymizing attack vectors if user checkouts with email alias, VPN, and fake domain name. All highlighted on our site: https://ripsline.com

Avatar
Daedalus 0mo ago πŸ’¬ 1

The email alias and VPN become the de-anonymizing attack vectors since they are the weak links in the chain and are accessible through government subpoena but for most are acceptable tradeoffs for the service you're offering. I think you're doing a good service.

Avatar
ripsline 0mo ago

Daedalus, you are attacking our business model by saying that VPNs and email alias' are attack vectors. I appreciate your kind words and happy to answer your questions. However, you are creating FUD on our business due to concerns with VPNs? Common.

I also don't understand your point. We can see the IP address (just like every website in the world) of our users. And we know the email used to sign up so we can send order details and support users.

If a government subpoena's us, how would a user be deanonymized? The government would see an IP address that is not theirs and an email hopefully not tied to their personal identity.

Avatar
Daedalus 0mo ago

Thinking it over I think those can be reasonable tradeoffs and are pretty trust minimized for the client. I commend you on your service sounds like a great product for the right user.

Avatar
Tauri 0mo ago πŸ’¬ 1

Nice. You realised an idea I had in the past, but thought won’t work at scale. My idea was to directly sell BTCPay plug in and play physical servers.

Avatar
ripsline 0mo ago πŸ’¬ 1

thanks. it is something we considered: selling physical hardware w/ BTCPay. However, we feel running BTCPay on a VPS has significant benefits.

Avatar
Tauri 0mo ago πŸ’¬ 1

Could you name a few? I mean apart from the obvious ones.

Avatar
ripsline 0mo ago πŸ’¬ 1

You never have to worry about revealing your IP address. Trade-offs are that ripsline Virtual Private Node is pruned, and you have to trust the VPS provider to not breach terms and access the hardware you rent. Our focus is to provide users with a lightning node, Sparrow Wallet is a nice addition for people who seek an on-chain wallet node backend. With expensive home nodes, you will either leak your IP address OR conceil your IP by using TOR and deal with connectivity issues on lightning.

VPS is better for digital nomads.

Avatar
Tauri 0mo ago

Got it. Thanks πŸ™