Why do you trust #[5]β to begin with? Any custodial provider can rug you at any time. Why would WoS be more trustworthy than Damus? WoS isnt even open source.
Discussion
This is where clients should implement rate limits set by the user, but ultimately users need to only keep in their custodial wallets an amount they are comfortable parting with whether it be due to zaps or malicious actors.
The setup I have that would be resistant event against a rogue client is a NWC relay over wireguard. Probably not easy for people to setup but itβs an option.
This is assuming the client doesnβt just swipe it locally vs sending the NWC connection string to their server or something. Would be dumb for a client to do that, it would tank my entire client and I would go to jail.
Any client is just 2-3 subtle bugs away from doing that and then it's just matter of someone noticing.
I think my preference is that the wallet creates a dedicated sats account that can only be used for zapping and is somewhat limited in max sats. And once in a while it would notify me to refill it.
Then the potential "total stolen amount" would be limited while the experience would still be top notch.
I donβt think people should be storing significant amounts of sats in these custodial wallets to begin with.
Exactly. You wouldnβt leave your house with your entire savings account in your back pocket. Be smart, only use these kind of wallets for your zapping around money.
True, same can be say about one tap zap. Just how urgently do you need to zap someone that that extra click to send is a burden? π€·π»ββοΈ
Said
You canβt do seamless client side zap splits without it. You would have to open N invoices externally and pay each one. Noone would do this.
And the problem with going exclusive crypto, as there are no guarantees nor regulations for the the companies responsibilities, and by the time they do offer security and regulations, the difference between fiat and crypto will be insignificant.
Then whether build back better is serving the purpose or a liability, well.
LNbits potentially fixes this if it would support the wallet connect feature.
I don't trust WoS either.
Let's say I use WoS, and i wallet connect to App A. Now not only WoS can rug me, but App A either. Somehow wallet connect can give a bigger attack vector, because after wallet connect, wrong security measures either on WoS or App A side can result in the loss of my funds.
App A and WoS could be replaced with any wallet, and any App.
I think what is important, that this does not mean App A is bad. It just means, adding wallet connect adds more security concerns. And maybe App A has better security measures than the wallet itself, but who knows.