Replying to Avatar Naruto

Assume you're a stack duo user. You want to pay a paynym. You send the notification transaction to the paynym. You then use the change UTXO from the notification transaction to make the payment to the paynym. A presumably common flow if you intend to pay a paynym. The world sees the notification transaction and then sees the change UTXO spent in a subsequent tx.

Assume 2 other people do this same thing.

Now assume the recipient is another stack duo user who has posted their paynym somewhere. The recipient then consolidates those 3 payments in a subsequent tx.

This is strong evidence that anyone can use to form a lower bound on the amount the paynym received. Without a strong holistic privacy toolkit, leakages like this are bound to happen.
Avatar
finch ☦️ 2y ago

Change from a paynym notif tx is frozen by default btw. So the user will not be able spend that output unless they unfreeze it.

Reply to this note

Please Login to reply.

Discussion

Avatar
finch ☦️ 2y ago

It’s not perfect but it’s still better than someone posting a static address to receive donations like the Canadian truckers did.

Avatar
Naruto 2y ago

Is this the case in Stack? That is solid

Avatar
finch ☦️ 2y ago

I'm 90% sure that is the case for both Stack Wallet and Stack Duo. Will be able to test later and confirm.