Replying to Avatar The Daniel 🖖

nostr:npub1renaud65zug8r570ndztde2xhk206z3v50a5mwa3kp2xshy3zmjqkqaw97 I emailed nostr:npub1hcwcj72tlyk7thtyc8nq763vwrq5p2avnyeyrrlwxrzuvdl7j3usj4h9rq yesterday about this and here’s the response I got back:

“We were testing a beta feature with the Spark address/LNURL, but it is no longer required. We've removed the Spark address from that location now.”

Sounds like this privacy leak is getting patched in the next update. Let me know if you find anything else and I’ll forward it on.
Avatar
Renaud Lifchitz 3mo ago 💬 1

Removing the Spark address from the "well-known" LNURL address doesn't solve anything. Monitoring sparkscan.io for a given amount (for example sending 1 sat to a LN address) is enough to uncover the Spark address from the LN address... It's security by obscurity, nothing more! 🤡

Reply to this note

Please Login to reply.

Discussion

Avatar
Renaud Lifchitz 3mo ago 💬 1

Anyway, thanks for reporting them the issue, but it cannot be solved while they stay on a plaintext blockchain...

Avatar
The Daniel 🖖 3mo ago 💬 2

Damn it man, don’t make me into a Monero maxi.

Avatar
Renaud Lifchitz 3mo ago 💬 1

Solution is easy: stay on Lightning, not on a side-chain...

Avatar
The Daniel 🖖 3mo ago

It’s not technically a sidechain, it’s kind of a different concept than something like Liquid but it still serves the same functional purpose of a public ledger that can handle micropayments. Lightning is the connection layer but most people will never run it due to the complexity, so they will end up sacrificing privacy for convenience and ease of use.

Avatar
Renaud Lifchitz 3mo ago 💬 1

Interested by their answer if you forward them my remark about their "fix"... 😉

Avatar
The Daniel 🖖 3mo ago

I don’t know how that can be solved if each wallet has a static public key that can’t be abstracted away by design.