file this under: WTF
heads up that if you use the new WoS anyone can lookup your balance and transaction history. all they need is one of your bolt11 invoices. nostr:nprofile1qy08wumn8ghj7en9v4j8xtnwdaehgu3wvfskuep0wphhqatvv9eqzrthwden5te0dehhxtnvdakqqg8plualm48yqv2etxcgkn7vsfz74fg5vdlp6nkz4ctxkapngxlp4uypp6uv made a tool that you can use to extract a spark address from an invoice. i just tested it with one of my invoices and the tool gave me a sparkscan link that displays my current balance and transaction history 😳.
https://github.com/benthecarman/spark-invoice-doxxer
i prefer their custodial wallet over this.
Discussion
Damn. That's pretty basic. This is why foss is way, this would have been picked up way earlier. It's not the people who find a bug and report you need to worry about, more all the folks who found and didn't report.