nostr:nprofile1qyg8wumn8ghj7vf5xqhxvdm69e5k7qgkwaehxw309ashgmrpwvhxummnw3ezumrpdejqqgrxlkw9cq3thedcswuxazj4p37eeyxj373yga2vfaejum07j87ttqte6cq5 This is the standard that Primal would need to implement so you can see both inbound and outbound zap data with NWC. Primal might be more interested if you reply here and tell them it would be useful ;)

nostr:nprofile1qyvhwumn8ghj7urjv4kkjatd9ec8y6tdv9kzumn9wshszymhwden5te0wp6hyurvv4cxzeewv4ej7qpq6c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9qe52zdt We have lots of users requesting this behavior ... any chance to add it to the Primal developement queue? It should be straightforward and backwards compatible....

OK this is now rolled out on rizful.com -- when you get a chance, would be awesome if you could try it out and let us know -- thanks

How is this?

Sure, email addresses can be revoked. On any given day, for a Normie, this is a 0.0001% chance that this will happen. On any given day, for a Normie, the chance that they will misplace their nsec (or never even understand that they have an nsec, in the first place), are like 10%.

Great, looks like you've set up a Lightning Address with Rizful. You're 1/2 of the way there! Please follow the tutorial for your Nostr app here to learn how to connect your app to Rizful: https://docs.megalithic.me/category/using-rizfulcom

Once you've finished, please ping us back here so we can try to zap you!

OK, so, walk me through this.

This is system it to log users into "Damus Purple", their premium service.

1. User has to be logged into Damus (with an nsec)

2. User submits a their npub

3. User is logged in to Damus Purple via the OTP sent via Nostr DMs.

Do I have that right?

The issue is this: I think a user's sats and a user's Nostr nsec should be firewalled -- for the same reason that normies don't log into Instagram with their Chase account, and don't log into Chase with their Instagram account. It's more secure to keep money separate from identity.

Or am I missing something?

DM'd him...

"Txs over X sats". I wouldn't have thought of that but that's a great filter idea.

Walk me through how "account recovery" would work with this strategy. Like. "I'm a normie, and I forgot how to access my sats." Do you know how it would work?

nice! going to try this today... so this supports both the old (insecure) Nostr messages, and the new (secure) messages?

Good idea with the filters, that should be very easy to implement, will add that to the queue.

Couldn't zap this note. (Maybe that's intentional opsec ;) )

nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl also -- This should hopefully be straightforward to implement for Nostr client developers, and would greatly improve the UX for users who use NWC in your apps....

Not a coldcard. Those aren’t friendly. Maybe a blockstream jade? Those seem more friendly.

You don't need to be a master tech wizard to keep a key safe. I submit to you however than 95% of the population is unable to keep TWO keys safe. And remember which is which. And keeping TWO keys safe is actually necessary if you are going to be fully self-custodial with both "hot" wallet and a "storage" wallet.

I have an opinion on this. Bitcoin users should be expected to manage at most one (1) seed phrase, and that's for their cold storage / hardware wallet. Asking anyone who is not technical to manage TWO seed phrases -- one for their cold storage, one for their "hot" (lightning) wallet... that is just too much. Most people will fail.

It's like, wait, I thought there were two sides, and I thought I knew what the two sides were, and now I'm lost and have to start over.

Responsible Lightning services that offer NWC really HAVE to provide some way for a user to get back into their account if they are locked out. We use a 40-year-old technology -- email -- along with a 15-year-old technology -- 2FA.. because we're conservative. A service could also use Telegram, SMS, etc. But fundamentally a service MUST provide a way for a user to recover his/her account. Just "login with your nsec" is not good enough. Users will fuck up, lose their nsec, and lose their funds. That's our opinion. Not everyone will agree.

Basically, we very much give-a-shit about Bitcoin, Lightning and Nostr. And we run one of the biggest Lightning Nodes on the network. But, in essence you are right: If you are technically savvy, you should run your own node and do all your own zap-server stuff (although, it's complicated to achieve 24/7 uptime.) These are our docs on running your own node: https://docs.megalithic.me/lightning-user-vs-lightning-runner/prerequisites

I tried desperately to ignore it

You should store 99% or more of your sats in offline cold storage, hardware wallet, or similar. Only keep sats on the lightning network that you think you might use in the near future.

Thanks. I will check back in 14 days and assume u will have it sorted by then…

If you use Rizful NWC in primal, you should definitely be able to see who has zapped you.

https://docs.megalithic.me/using-rizful/use-primal

Tried to zap u but your lighting address didn’t produce and invoice.

Zaps are actually the solution to spam, kind of.

"Want that to happen" Hm... but not "want that to happen" enough to reveal how the entities work, to open-source the code, anything like that?

nostr:npub1c9r9lad84kpqwnh09u58vdzwnfsnxcr7a40uf5ulkpdguq4667jsgaxu4k Yep, just tried him, his node is not producing an invoice. Here is the deal with nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm lightning addresses, according to our findings.

1. "Alby Pro Cloud" ( https://getalby.com/pricing ) -- should be VERY reliable. You should NEVER have a problem getting zaps if you do this.

2. If you self-host your own Alby node, then things get more complicated. Is your computer online 24/7? Is your internet connectivity really good? (And lots of people **think** their connectivity is good, but in reality, their internet goes up and down, and they don't notice.)

I'd be willing to bet that nostr:npub1c9r9lad84kpqwnh09u58vdzwnfsnxcr7a40uf5ulkpdguq4667jsgaxu4k might be in situation #2.

Self-hosting is good for other reasons (decentralization of the network). But it is challenging to get zaps.

Thanks, you wrote "a notification service to the Rizful web wallet" -- this could mean a lot of things, any chance you could take a screenshot of the kind of notification you are looking for? Maybe a screenshot from coinos? "Notification" can mean a lot of different things....

sent u a DM

zapppped!

Great, looks like you've set up a Lightning Address with Rizful. You're 1/2 of the way there! Please follow the tutorial for your Nostr app here to learn how to connect your app to Rizful: https://docs.megalithic.me/category/using-rizfulcom

Once you've finished, please ping us back here so we can try to zap you!

nostr:npub13tkusutqsx0yjr9szc4vhkxf5fkhne3aka84kxm9jwgp9yj20uzsnyllwf sent you a DM... did u get it?

Para usar en Android, recomendamos utilizar Rizful NWC con Alby Go.

Probably never. Getting through app-store approval is just too painful, and not enough normies use alternative app stores (yet).

Good question. We've been involved with BTC since 2013, and currently we're doing a few different things with the aim of increasing usage of the Lightning Network. We're running LSP services... https://megalithic.me/ .. maintaining some docs on the network ... https://docs.megalithic.me/ ... and running Rizful ... https://rizful.com/ .... So: while there is a little bit of revenue generated from the Lightning stuff ( see https://docs.megalithic.me/the-gentlemans-guide-to-routing-nodes/a-node-for-a-gentleman for a humorous discussion of that) ... in reality this is closer to a NON-PROFIT project which we are undertaking to find ways to increase Lightning adoption.

In the long-run these projects could be a business, but they could also just be a few little things we are trying to do to give back to the BTC community, as the BTC community has given us a lot over the years!

We're just mostly excited about the various places that Nostr and Lightning can intersect... that's why so far we've focused on zaps and zapping as the area we want to help the most with.

awesome, we are privileged to send you your first zap here!

awesome, we are privileged to send you your first zap here!

Nostr clients can do weird things with links

We have carefully designed Rizful for maximum security. At the same time, we have found that too many Nostr users have poor security practices with their private keys. (For example, entering private keys into many websites and apps.) Since real money is involved, we don't allow users to login via Nostr, and we don't ever ask for your private Nostr key. A combination of email/password, plus optional two-factor authentication, is the battle-tested and secure way to protect your Rizful account. This also means that, if, in the future, you make a mistake with your Nostr keys, your Rizful account won't be vulnerable.

We just sent you a Nostr DM.... If you didn't get it, could you please reply here? Or feel free to reply on Telegram or Signal -- our contact details for these are here: https://megalithic.me/contact

zapped!!!

This is an interesting test case. I just tried 3 different clients and none of them are showing your lightning address, so they don't allow me to try to zap you. Are you doing something unusual with your relays? Also, what client is the screenshot you just sent from? I want to try that client.

great, it's working!