Samourai could have used block filters by default for user to fetch their balance info in a private manner.
Now the feds potentially have all the xpubs of user that didn’t configure their own Dojo nodes.
We implore all wallets to look into providing block filters for their users and to be mindful of how the data they collect - or pass to third parties - could be used against their users.
This is why running your own node in general is so important.
Users, take some time to research and reflect. Ask yourself how your favorite bitcoin wallet is fetching block data:
Is it private?
If not, is there a way I can point it to my own node?
Do it.
Got some reading to do, thanks Z!
They rejected the idea the couple times I brought it up years ago as a UX issue. The response was "use Dojo."
There are definitely both trade offs in UX and engineering challenges in implementing, but the option should always be there for users.
The alternative, the outcome many users find themselves with right now, is horrendous.
The option was always there for the users: run own dojo, which they always repeatedly and most users did.
Sending xpubs to dojo was not a whirlpool requirement (sparrow iust uses electrum servers). It was purely a UX decision to make the experience on mobile bearable.
They justified in an interview that for the postmix account (which can have hundreds of transactions), using block filters requires gigabytes of network traffic. For mobile that is simply unacceptable.
So mobile data usage is unacceptable, but potentially having your customers full wallet info in the hands of federal agencies is acceptable.
Got it.
They are both unacceptable, that's why most people used their dojo. If it were up to me, no wallet would have a default node, regardless of wether it's a dojo, electrum or bitcoin-rpc
Did they seriously upload entire xpubs? Not just addresses?
Can i see a source on that?
Block filters, for a mobile wallet that supported all 3 script types? You don't need me to tell you how that would have gone.
You mean what Zeus does?
It can be quirky at times, for sure. But it sure as hell beats the situation many users are facing right now.
Zeus supports all script types? For wallet imports too?
Not all, but Taproot, Segwit, Nested Segwit
Where can I find the source code for the filters builder?
karma
they weren't the kindest of critics.....
