I'm not gonna take the money because I don't want any obligations but you guys should check out nostr:nprofile1qqsf07zg4hxyccnkdp07fppxmetpfzru3fg6mgzx3nk8r7af8qnjjygpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcppemhxue69uhkummn9ekx7mp066595x
They've been offering generous sponsorship offers to promote and, assuming no scam is going on, I can respect that.
Tell me what you think about it.
As an Italian i respect this.
they spam me on nostr wey too much for me to take seriously
First time I was hearing of it. For what they asked I found them generous and that give me mixed feelings.
well i'm just one person and i have no direct experience with their business aside from them trying to get me to try their stuff constantly
Zaps are actually the solution to spam, kind of.
I never felt good about recommending any custodial Lightning wallets or services to anyone before nostr:npub1jluy3twvf338v6zlujzzdhjkzjy8ezj34ksydr8vw8a6jwp89ygshpp2kq existed. Reputation and reliability matter.
Did they pay you to say that? Aren't they built on that same compliant, leaning back-end as the new wallet of Satoshi as well, unless I'm confusing services?
No and no. I just like the service and I donโt mind recommending it to people who need to spin up a wallet or a cloud node quickly.
Lmao. Just checking.
Nobody should ever keep any more money in a custodial wallet on the internet than they would carry in a physical wallet in a public place.
And yet people don't seem to learn. They fall into complacency because they trust a custodian and they get fucked.
More of a knock on people rather than the service, but still.
True, but have you ever seen someone fuck up even worse with self custody? I have.
Oh, I've fucked up worse with my own self custody. Trust me, I've learned my own expensive lessons. But I trust myself more than a custodian.
nostr:note1td5e4mx7wycv8yqy5ly96mk5w7pc3nacywygq8v6zl5zfuxpt2rqx88ras
Okay, I haven't lost that much, dear Lord.
Makes you realize how few people in the world are responsible enough to handle their own private keys.
Okay, granted I just skimmed the article. But That sounds like typical social engineering to me.
It is, but thatโs just one of the bad things that happen, even to people who should know better.
Right, but it doesn't mean that people should just blindly trust custodians because it's "easyer". You don't need to be some sort of master tech wizard to keep a key safe.
You don't need to be a master tech wizard to keep a key safe. I submit to you however than 95% of the population is unable to keep TWO keys safe. And remember which is which. And keeping TWO keys safe is actually necessary if you are going to be fully self-custodial with both "hot" wallet and a "storage" wallet.
I have an opinion on this. Bitcoin users should be expected to manage at most one (1) seed phrase, and that's for their cold storage / hardware wallet. Asking anyone who is not technical to manage TWO seed phrases -- one for their cold storage, one for their "hot" (lightning) wallet... that is just too much. Most people will fail.
Yeah. I wont disagree entirely.
Is it better than Blink? Why?
(Also I make a difference between shilling and recommending. Those are two different things.)
I donโt use Blink, but donโt they require a phone number to access it?
I think telegram or phone
Responsible Lightning services that offer NWC really HAVE to provide some way for a user to get back into their account if they are locked out. We use a 40-year-old technology -- email -- along with a 15-year-old technology -- 2FA.. because we're conservative. A service could also use Telegram, SMS, etc. But fundamentally a service MUST provide a way for a user to recover his/her account. Just "login with your nsec" is not good enough. Users will fuck up, lose their nsec, and lose their funds. That's our opinion. Not everyone will agree.
Ok, so then blink to have this but only phone and telegram. Not emails. Make sense to me to offer the email alternative.
I prefer email over SMS because itโs easier to protect privacy with an email address. Either way youโre still dependent on a third-party service. I understand the hesitation to use a Nostr login method but have you considered using magic links/login codes with DMs or NIP-07/46 signers?
Walk me through how "account recovery" would work with this strategy. Like. "I'm a normie, and I forgot how to access my sats." Do you know how it would work?
Probably the same way Damus Purple logins work. Itโs dependent on the user maintaining access to their uncompromised nsec, but otherwise they would simply enter their npub into a form and receive an OTP code to login.
OK, so, walk me through this.
This is system it to log users into "Damus Purple", their premium service.
1. User has to be logged into Damus (with an nsec)
2. User submits a their npub
3. User is logged in to Damus Purple via the OTP sent via Nostr DMs.
Do I have that right?
The issue is this: I think a user's sats and a user's Nostr nsec should be firewalled -- for the same reason that normies don't log into Instagram with their Chase account, and don't log into Chase with their Instagram account. It's more secure to keep money separate from identity.
Or am I missing something?
No, you got it correct. I guess my question is are the userโs sats safer using an email address provided by a centralized service that can be revoked?
https://www.pcmag.com/news/journalists-hacktivists-proton-mail-reinstates-suspended-accounts
Sure, email addresses can be revoked. On any given day, for a Normie, this is a 0.0001% chance that this will happen. On any given day, for a Normie, the chance that they will misplace their nsec (or never even understand that they have an nsec, in the first place), are like 10%.
So you wouldn't consider this even as a backup or alternate 2FA method for that reason?
this counts more than my complaint! a happy customer!
Sounds like they're building themselves up to be the next custodial rug.
Could be and everyone using it should keep this in mind. But I'm not necessarily against custodial wallets so I don't want to go there straight away. But I certainly wouldn't ever actively shill a custodial for that very risk.
I definitely understand there is a place for custodians but I'm still vehemently against them So I probably assume the worst far too quickly. And aggressive advertising makes me sus. Especially trying to pay people to shill.
Tried to zap u but your lighting address didnโt produce and invoice.
Looks good so far.
Will report honestly either way.
I saw another pleb here shill the app couple of times, didnโt know they were being sponsored by rizful
Thanks for the disclosure
I'm not paid to endorse Rizful, although I've recommended it a few times.
What I like about Rizful is that they accept suggestions for improvement and that it works well.
Kind of like when most of us here on Nostr used Alby when it was free.
Closer to the community
It seems so.
Basically, we very much give-a-shit about Bitcoin, Lightning and Nostr. And we run one of the biggest Lightning Nodes on the network. But, in essence you are right: If you are technically savvy, you should run your own node and do all your own zap-server stuff (although, it's complicated to achieve 24/7 uptime.) These are our docs on running your own node: https://docs.megalithic.me/lightning-user-vs-lightning-runner/prerequisites
