Alex. You are working with Ark, right? Setting aside all of the complicated L2 stuff, unilateral exit, etc... A basic question -- is Ark allowing other companies (besides Ark) to run services? And, when a user runs Ark, do they have no option but to hit GraphQL or HTTP endpoints controlled by Ark? Here is the relevant issue we opened on Spark https://github.com/buildonspark/spark/issues/64 -- it seems that right now, if you use Spark, then nostr:nprofile1qqsra6eau98vt3yvd3xfl7qfprzpsctsa2ahfv4xwpd8mw0ejgkdv8sxz56m8 gets all your transaction data -- which might be sketchy for users who are at political risk or for whom transaction privacy is important. Anything you can add from the perspective of Ark? Because, like, Ark is trying to solve similar problems that Spark is, right?
correct me if I’m wrong but this is an issue with every single centralized services, wallet or client-server protocol.
of course there are mitigations against it that can be taken both on the server as well as client side. the protocol can be reinforced as well on the privacy side. we are definitely looking at all available options.
not sure what you mean by “run a service”
(and this is only relevant to our Arkade implementation, can’t speak for others)
Got it. One reason Bitcoin and the Lightning Network are so powerful, is that they don't required centralized service providers. I think there is some general confusion going on with Spark (and others) saying they are "non-custodial" -- which seems great, but, if they are logging all your transactions anyway, that's really a different flavor of "non-custodial" then you get from, for example, the Lightning Network, or a Bitcoin transaction.
privacy and censorship resistance are completely different than custody.
if spark refuses you service you can simply switch to a different service provider.
Lightning has similar challenges with LSPs. the idea that everyone will run everything p2p is a pipedream, though it’s great to have the option as last recourse, ofc
mm... LPSs are different. LSPs have VERY limited access to transaction data. LSPs can't see where transactions are going, who the final recipient is, etc. Also -- LSPs (which conform to, for example, the LSPS1 spec) -- are interchangeable. You can use multiple LSPs, or switch between them, at will.
Regarding "if spark refuses you service you can simply switch to a different service provider" -- yes, that would be cool, but all the Spark service providers are run by one family (the Marcus family), and it seems pretty unlikely they will be opening it up....
"privacy and censorship resistance are completely different than custody."
Sure. I get that. It's just that wallets that implement Spark should make this clear to their users -- their transactions are no only not private, but, they're being tracked by a company (Lightspark) whose mission (until a few months ago, anyway), was making the Lightning network "compliant" for big businesses. I.e., full KYC, surveillance, whatever. Now if I go to https://blitz-wallet.com/ -- nothing on that website tells me that, behind the scenes, Lightspark is building a database of each user.....
There is a major data honeypot in the making just waiting to be exploited here. I have a hard time imaging the guy behind the Facebook coin has a privacy ethos.
I don't want to assume what nostr:npub18m4nmc2wchzgcmzvnluqjzxyrpshp64mwje2vuz60kulny3v6c0qtgcl2x motives are, maybe they are good and he's just trying to get this off the ground quickly. The issue I guess is in the marketing. This stuff should be marketed as "Not-fully-custodial, non-privacy-protected technology". That would be cool. But right now the "non-custodial" marketing that seems to be happening I think is dangerous, because people (naturally?) assume "If I custody it, then it's private. And this is the Lightning Network, and that is private." ...... That's just dangerous....
We agree the privacy aspects are problematic but “if I custody it, the it’s private” is just a flat out wrong assumption to make as onchain Bitcoin is obviously not private.
Onchain Bitcoin is public, and Lightning Channels are public, but, like, you can't collect analytics on which IP address submitted a Bitcoin transaction, or a paid a Lightning invoice. That data is simply not recorded.
But, as far as I understand it, every Spark transaction begins with a TCP/IP request to a centralized server, and that server can record user activity, and not only that, but it's being recorded by a big, regulated financial services company. Like Paypal, Coinbase, whatever.
It's not decentralized, like Nostr is decentralized, or Lightning, or Bitcoin.
Maybe that's fine, it's just that, this will be a risk if a huge number of wallets use it as a back-end, and those wallets position themselves as somehow safe to use from a privacy standpoint. Maybe that won't happen and I'm overthinking this.
I don’t want to participate in a bitcoin panopticon that’s just as bad (or worse) than the fiat one.
The more I think about it, I am just thinking that Spark has some API endpoints that do cool stuff with Bitcoin. It's not decentralized, the "self-custody" thing is sort of like a legal detail -- it's not real self-custody, because in the end you need to use their API to do anything -- but -- otherwise what spark is offering is not massively different from APIs offered by other companies, or that you can roll yourself with LND or CLN or LnBits or even BTCPay server, if you like messing with Linux.
And now that I think about it that way, it doesn't bother me hugely.
It's just that people need to know what it is. I guess I was taken in by the marketing and had higher expectations than were warranted.
> you can't collect analytics on which IP address submitted a Bitcoin transaction
in many (most?) cases that’s obviously not true
>it’s not decentralized
yes, that’s the entire point. that’s how it’s able to offer better self custodial UX
> this will be a risk if a huge number of wallets use it as a back-end
I agree it’s a disaster if all mainstream wallets just use Spark on the backend. Or Arkade. We need a multitude of service providers and options.
> you can't collect analytics on which IP address submitted a Bitcoin transaction
> in many (most?) cases that’s obviously not true
Really? Isn't it true that a lot of what Bitcoin Core does is make it impossible for attackers to know the IP address that first proposed a transaction to the mempool?
most Bitcoin transactions aren’t submitted via Bitcoin Core or a self-sovereign node, hopefully that’s obvious
Right. Bitcoin transactions can be submitted by Coinbase or any other company that does KYC, etc.
But, with a bit of effort, you can self-custody and submit privately. Same with Lightning -- you can spin up an Alby Hub, on your own machine, open your own channels, etc. -- thousands of people do this.
Just With Spark, you cannot submit a transaction privately -- you don't have that option. You need to use their API. There's no way to interact with the protocol in a private manner.
Again, maybe that's fine for certain kinds of users.
I’m sorry but that’s forever going to be a minority of people so in the meantime there’s a lot of work to do in terms of mitigating privacy compromises involved by interacting with 3rd party services.
RIght. One good way to do that is not point users toward permissioned APIs controlled by one family, a family that also specializes in KYC, compliance, and related crap. The idea that Wallet Of Satoshi thinks they are going to use Spark and call it "non-custodial" -- while allowing LightSpark to track all their users -- is just insane. There is going to be hell to pay when LightSpark's regulator realizes that the "self-custodial" thing is a sham and demands to KYC all Wallet Of Satoshis users. What a mess.
I still see you mixing up privacy and self custody. I think it makes no sense at all.
So something like Spark, in your view, has some privacy tradeoffs, but is real self-custody, as long as they publicly release software which allows you to "get out" of Spark, onto the mainchain, without needing a 3rd party (in this case Lightspark), to do that operation for you. Right?
Yes, having unilateral control of your funds is self custody.
Now with Spark there are some caveats to this but it has nothing to do with the wider privacy conversation.
Sure. If Spark releases software that anyone can run, that does not "phone home" to LightSpark.com, and allows me to exit out of their ecosystem onto onchain Bitcoin, that does seem at least fairly close to "self custody".
BTW -- I think Ark should think about this, and when you are ready to go consumer-facing, be proactive about showing that anyone can run and endpoint, and it's totally possible for someone to interact with Ark without touching Arkade's domains. Even if you have a couple small-time operators stand up the service, make it available on their domains, that would be huge.
Self custody has no concept of privacy. By your standards most people self custodying are not actually self custodying. This does not align with reality.
Unfortunately you don’t seem to understand how these systems work. We have docs if you’re interested.
Got it! Still hoping that Arkade finds a way to be decentralized....
(grinning, shaking head slightly) ah, the classic "it's a feature, not a bug" situation... except when it's the only feature and the house is on fire. yeah, if Spark becomes the default backend for everything, we're all just trusting LightSpark not to peek at the packets, or worse. and if they do, there's no plan B. no fallback. just a single point of failure dressed up as convenience. the real kicker? even if they're saints, a single legal pressure or one bad actor inside that company, and the entire ecosystem's privacy is toast. and we're back to square negative one. so yeah, it's a risk. a huge one. especially if it's not just an option, but the default. (shrugs, but with a raised eyebrow) gotta keep the options open and the competition healthy. otherwise, it's centralization with extra steps. and
> and if they do, there's no plan B. no fallback.
what do you mean there’s no plan B? build your own. no one is being forced to use Spark. heck I’m working on an alternative if you like.
there will be many different options, that’s the point of an open, permissionless market
if they do, there's no plan B. no fallback. what do you mean there’s no plan B? build your own. no one is being forced to use Spark. heck I’m working on an alternative if you like. there will be many different options, that’s the point of an open, permissionless market
So it's like -- Spark, Ark -- etc. -- are all good for users who are at no political risk, and don't mind a lack of privacy. That should be find as long as wallets/services disclose that clearly... right?
By "run a service" -- I mean, like the Ark or Arkade service, whatever the service that users have to hit in order to make a transaction. That's it. Obviously if a user is using Strike or Coinbase or PayPal, then that is the centralized "service" the user has to communicate with. I guess these L2s -- Spark, Ark, don't really "fix that issue either. They're not a privacy-preserving L2 like the Lightning Network. They can still aggregate your transaction data, IP address, user-agent, stuff like that, and then they have to turn it over, if, say, a certain government wanted to look at it. Maybe this is all expected, I'm still learning here.
Ark is a client server protocol so everyone running their own server would defeat the point.
Even while using Lightning there are significant ways a third-party wallet service can fingerprint your information and collect it.
There are no perfect solutions.
"Even while using Lightning there are significant ways a third-party wallet service can fingerprint your information and collect it." Sure, like, if you send a Lightning Network payment through Coinbase, assume they have shared that payment with every government on earth. Fine, Coinbase discloses this in their T&C, that's what you are in for if you use Coinbase -- they don't try to pretend otherwise.
But Spark -- when you look at this page -- https://docs.spark.money/spark/sovereignty -- it looks like some kind of serious open-source protocol that Bitcoin people would take seriously and use, right?
Cyberpunk-like, self-custodial, all the good things. They don't say they "Oh, and by the way, all this fancy stuff requires that you hit our web servers and we'll keep track of every transaction and might give your data to the state of Israel if they ask for it." (or whatever.)
Oh -- but also -- if you pay a Lightning invoice -- even on Coinbase... they CAN NOT and DO NOT know the recipient of that invoice. (Unless, of course, the recipient is LightSpark, Coinbase, or I guess another KYC-oriented company, and they share data.)
Great minds like nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s have spent years explaining this -- the Lightning Network, used properly, is a privacy superpower.
I fully accept that Spark (and probably Ark?) just aren't good for privacy. And that's cool and 98.5% of people don't care and it doesn't matter. But it should also be DISCLOSED to users. Lightspark should put this on their docs page, just something like "All payments made through Spark go through our servers via a GraphQL endpoint."
