Nostr Web Client

In the world of Bitcoin wallets there is a plethora of security threats that you need to stackrank.

What anti-exfil would do is to break 90% of the current wallets’ UX to solve a fundamentally low-risk threat, relative to other threats. When better solutions exist.

A big no-no.

Introducing a new round trip / new interaction every single time a user signs a Bitcoin transaction is a terrible idea from both UX and engineering perspectives.

It violates Single Responsibility Principle. Coordinator should stay purely coordinating. No more, no less.

Reply to this note

Please Login to reply.

Discussion

hugomofn 1y ago

Anti-exfil techniques spill engineering challenges into the user space. They also add a new dependency on the wallet coordinator to perform security-sensitivity tasks.

Tasks which they are not well suited for.

How can you even verify that the coordinator will be able to provide good entropy? You can’t.

So there’s also this hidden danger of using anti-exfil with singlesig with a coordinator running in unsafe environments, and THINK you’re safe, but you’re not. Turtles all the way down.

Just use multisig and be happy.