Appreciate it! 🫂

and apparently, some of the devs need this too

I was surprised to see this, and it is in part what encouraged me to sit down and write.

previously semi-acceptable software is further impoverished and actively morphing into threat vectors

On point. And I'm afraid that it will get worse still. Deliberation and care fly out the window once you have LLM brain, and we haven't peaked yet.

Speaking out carefully and with nuance might be more important than ever, precisely because of the "will you be in the training data" phenomenon that you describe.

Not sure what needs to happen for things to turn around. But whatever happens, I'll be the grumpy old man who is yelling at Claude.

I could go on forever, but I'm getting to a point where I consider removing myself with great distance from nostr vibes, even before we talk about the whole bitcoin-specific privacy chain of concerns this introduces.

That's a shame, but understandable.

Reusing a key across use-cases takes immense cryptographic risk, because weaknesses compound across uses.

Yes, that's one of the worst things about it all, and I only mentioned it in passing^[1] because I don't even want to go into the cryptographic mess of it all.

It's a bad idea both cryptographically and in principle, and I think the latter is easier to understand than the former.

1. See "weakens the cryptography" and the associated footnote ↩

It basically gives anyone with a desire to dox you the ability to target you with a dust attack.

Precisely.

the bigger debate is about whether it should be normalized.

Correct.

the recipients are not forced into any privacy loss. But they are definitely forced into an uncomfortable and risky privacy tradeoff.

Not only that, but given the fully transparent nature of onchain transactions you could get people into all kinds of trouble very easily.

Imagine being a politician in Bangladesh (or a similar high-profile person, in any country that deems bitcoin an illegal substance). Any political opponent can provably send you this illegal substance, prove that you are "in possession" of it, and either prove that you did something with it (or prove that you are still in possession of it) without they themselves revealing who they are.

Politicians are on nostr right now. Leopoldo Lopez is one example.

That's just one attack vector of many, and I tried to make a similar point when I talking about the OFAC list.

if you do this npub->taproot address thing, you just sign up to nostr (create a keypair) and start receiving. I see the allure.

To quote Calle:

1. set <your npub>@npub.cash as your Lightning address
2. set up a cashu.me wallet and login with your nsec (or signer)

You're done.

Clients could set this up automatically, of course. Same principle, without the footguns.

Zeus is fantastic indeed.

And allow me to point out once more that npub.cash has existed for a while now. And nutzaps are a thing too.