Avatar
nosmero 1mo ago

Good Day Monero Fans!

I’ve been researching and testing the following which I think might be of help to the XMR ecosystem. They have now been turned on for nosmero:

Monero Tip Jar

- This is a non-custodial browser hot wallet (your keys, your coins)

- Create new or restore from seed phrase

- This is not mandatory. You can still tip or unlock notes (see below) with the existing QR code option (hardware wallet compatibility coming soon)

- The queue function also works with the tip jar, so you can tip multiple notes all at once to deal with only one 10 confirm lockup

- Tor support with randomly connected remote nodes for maximum privacy

Paywalls

- I think it would be nice for content creators to have the option make a little XMR off their effort. So I’ve also added locked notes.

- Instant unlock when paying with the tip jar (tx_key auto-captured). You can unlock with external wallet, of course, but unlock is not instant, you’ll need to paste tx id and tx key from transaction to unlock.

- No middleman, the funds go directly to creator's address (either your tip jar address or whatever address is in your profile)

- Locked content is encrypted with AES-256-GCM , unlocks are tracked locally in your device, but also on nosmero if you clear local storage. The content of the unlocked note is not saved to nosmero, just { noteId, buyerPubkey, txid, amount, confirmations, unlockedAt }

Some of the Security Features Behind This Stuff:

Encryption at rest:

- Tip jar encrypted on your device with AES-256-GCM before touching local-only storage

- Key derived via PBKDF2 with 600,000 iterations

- Your PIN to unlock tip jar is never stored.

Brute force protection:

- 5 failed PIN attempts triggers 15-minute lockout

- Lockout persists across page refreshes

- Auto-lock after 15 minutes idle

Network privacy:

- Tor users (.onion): if you access through the Tor address the tip jar will connect to random remote nodes over Tor - your IP isn’t always sent to any single node operator. This is best way to use nosmero.

- Clearnet users: Connects to Nosmero's local monero node, so only nosmero sees your IP as it connects to Nosmero's local node through nginx reverse proxy but with access logging disabled, meaning your IP address and RPC queries (balance checks, transaction broadcasts) are never written to disk or stored anywhere

What nosmero can’t do:

- See your seed phrase or private keys

- Custody funds

- Log RPC queries or IP addresses for wallet operations

But, of course, this is a hot wallet - it is a TIP JAR - so keep only small amounts for tips and paywalls, not your nest egg. No guarantees, beta, as-is, where is, caveat emptor, etc. etc.

I hope you find these useful, and let me know of any bugs you run into. Mobile and desktop should have access to both of these features.

Reply to this note

Please Login to reply.

Discussion

No replies yet.