Yes. #[5] taught me
Discussion
He was using his own node though?
Yes, you need your own zapper. 🐶🐾🫡
Right. My understanding was you needed your own node?
Not node specifically, but the thing that serves lnurlp and the one that gets the callback when payment is processed. You basically get the list of relays that user has configured and potentially can tell who it is, using the sometimes unique signature of the relays (npub, Private relay with unique addresses, combination of relays, etc) 🐶🐾🫡
So you can match a list of relays someone has, but that still doesn’t “prove” it was them?
With filter.nostr.wine it was easy. Npub is in relay url.🐶🐾🫡
This is a great point to discuss threat profiles, faux privacy, and verifiable anonymity.
If the point of a private zap is to give a gift anon, there is little reason to dig to figure it out except morbid curiosity.
If you are donating to a cause that’s illegal in your country, etc… that’s a whole different kettle of fish then ain’t it?
Exactly! My point was that you could profile people based on this things. Faux anonymity is no good, especially if users believe they are. 🐶🐾🫡
It is difficult to find the correct terminology for these things. How do we describe shades of anonymity?
Pseudo anonymity! 🐶🐾🫡
No matter how I spin it, LN is also traceable if needed, so is bitcoin transaction.
At the end of the day, all of it is pseudo anonymous.
It’s all one exploit, cracked code, or zero day away from being plain to read.
Precisely! 🐶🐾🫡
Deferring to your expertise Fish, does the NIP-46 auth affect the npub visibility with filter?
It removes it and secure, so we are good. I am more worried about relay list being sent with nip-57 spec. Maybe it shouldn’t do that for anon zaps. Many users have unique relay configuration, plus add the amount signature and timing, and you have much smaller list of people to ID. Add pfp download and nip-05 and even narrower profile surface. Anonymity is hard problem and many holes that can be used to narrow down people. 🐶🐾🫡
You really are the best #[5] you know that right?
Both of you are the best. Thanks for the education!
🐶🐾😂🤣 just have experience in the field of security, that’s all! By far not the best! 🐶🐾🫂🤣💜
Your sharing of knowledge helps us setup security for ourselves, or at minimum think of better ways to protect ourselves online. I always pay attention to what ya write, cause I kno it’ll better my skills. Except that one time where I reeeeellllliiiiii missed the memo 🤣🤣🤣🤣
Main takeaway should be that you are not fully anonymous whenever you are online. The longer you hold one identity the easier it is to find who you really are. Act accordingly, and use other identities and sources to stay anon when you need to. The more you use the same things, e.g., IP, nickname, wallet, phone, providers of services, the easier it is to narrow down on you. Even your notes patterns and words you use, especially in the age of AI. We might not notice it, but patterns are there. 🐶🐾🫡
Totally. So many many many things factor in
#[3] , lot of what #[5] #[4] discussing is dev stuff. Not regular ppl speak. But main take away point is that zaps are likely almost never anonymous… even when ya toggle it to anon. Even if I don’t kno how to figure it out, I can easily ask someone else that knows how