It's a great idea! And will be great for usability.
There are some security concerns we're working through though with giving third party software the ability to potentially debit hundreds of thousands of customer accounts - I'm sure you can imagine.
This feature is fundamentally different to everything that came before.
3rd party meaning Damus and snort?
Yes - and anyone else that implements it too.
Given they are open source and we can verify, what other constraints are you considering?
If this becomes the preferred way for people to use nostr, then the nostr client becomes a defacto custodial wallet, even though they may not be focusing on that.
It's a change from a "push" based payment to a "pull" based one. The responsibility for security of customer funds now rests on the nostr client. How much: All of it? None of it? Some of it? Do they even want that?
If an exploit is found, or bug introduced - hackers will very quickly exploit it to its maximum (one of the best things about lightning! but also one of the most challenging). Even with limits set, that can be a lot of money, and a lot of damage to everybody involved.
For example:
Suppose nostr is wildly successful. There are 100 million WoS users on nostr, and WoS has implemented a limit of 50K sats for NWC zaps by nostr clients per customer.
If one morning we all wake up and there is 50,000 sats missing from 100 million accounts...
I might be totally wrong, but one possible solution for this would be an app integrated wallet like zion does?
I'd like to hear nostr:npub1xv8mzscll8vvy5rsdw7dcqtd2j268a6yupr6gzqh86f2ulhy9kkqmclk3x 's thoughts on this. It's a good debate to have to make NWC as secure as possible for users.
True. Don’t mind making the extra tap to secure the BTC.
Although don’t mind keeping small amounts in Alby for one-taps.
I agree, somehow I can't justify to add my wallet details to a nostr app.
I rather open my wallet to pay.
I don't want to have an App X at the end, that does everything, which can turn into bad quite quickly.
Why do you trust #[5] to begin with? Any custodial provider can rug you at any time. Why would WoS be more trustworthy than Damus? WoS isnt even open source.
This is where clients should implement rate limits set by the user, but ultimately users need to only keep in their custodial wallets an amount they are comfortable parting with whether it be due to zaps or malicious actors.
The setup I have that would be resistant event against a rogue client is a NWC relay over wireguard. Probably not easy for people to setup but it’s an option.
This is assuming the client doesn’t just swipe it locally vs sending the NWC connection string to their server or something. Would be dumb for a client to do that, it would tank my entire client and I would go to jail.
Any client is just 2-3 subtle bugs away from doing that and then it's just matter of someone noticing.
I think my preference is that the wallet creates a dedicated sats account that can only be used for zapping and is somewhat limited in max sats. And once in a while it would notify me to refill it.
Then the potential "total stolen amount" would be limited while the experience would still be top notch.
I don’t think people should be storing significant amounts of sats in these custodial wallets to begin with.
Exactly. You wouldn’t leave your house with your entire savings account in your back pocket. Be smart, only use these kind of wallets for your zapping around money.
True, same can be say about one tap zap. Just how urgently do you need to zap someone that that extra click to send is a burden? 🤷🏻♂️
Said
You can’t do seamless client side zap splits without it. You would have to open N invoices externally and pay each one. Noone would do this.
And the problem with going exclusive crypto, as there are no guarantees nor regulations for the the companies responsibilities, and by the time they do offer security and regulations, the difference between fiat and crypto will be insignificant.
Then whether build back better is serving the purpose or a liability, well.
LNbits potentially fixes this if it would support the wallet connect feature.
I don't trust WoS either.
Let's say I use WoS, and i wallet connect to App A. Now not only WoS can rug me, but App A either. Somehow wallet connect can give a bigger attack vector, because after wallet connect, wrong security measures either on WoS or App A side can result in the loss of my funds.
App A and WoS could be replaced with any wallet, and any App.
I think what is important, that this does not mean App A is bad. It just means, adding wallet connect adds more security concerns. And maybe App A has better security measures than the wallet itself, but who knows.
Ah amazing! Someone finally yelling about what I’ve been saying
Hmmm I see your point.
Do we had some security audits on #NWC or is it still as is like 2y ago nostr:nprofile1qqsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqpz9mhxue69uhkummnw3ezuamfdejj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09ug4n6q3. As a user I see things improving, but don't know much about the base layer. I'm trying to convince WoS we need NWC.
It seems nostr:nprofile1qqsrxra3gv0lnkxz2pcxh0xuq9k4f9dr7azwq3aypqtnay4w0mjzmtqpzemhxue69uhkummnw3ezu6m0wdkk7uewdaexwqgkwaehxw309aex2mrp0yh8qunfd4skctnwv46qzxnhwden5te0dehhxarj9ehhyctwvajhq6tvdshxgetkvjvusy never joined this debate and it would be healthy to know about the raised concerns from his perspective or the perspective from security engineers.
Most wallets that support NWC also support setting daily, weekly or monthly limits on the NWC connection to minimise the risks of the concern raised.
Lol Add it to "Chad user" feature sets
