pull down to refresh

50 sats \ 34 replies \ @nout 20 Sep \ on: Official Coinos Guide meta
The NWC should be usable for both send and receive, right? @phaedrus
write
preview
273 sats \ 20 replies \ @k00b 20 Sep
No. Other companies might not care but SN does not store the ability to spend your money on our servers.
Just to be clear, because everyone seems to glaze over when we say it, and other companies say we are using NWC wrong: SN does not, and will not, store the ability to spend your money on our servers.
Coinos generates only one NWC string that grants both spending and receiving permissions in the same string. We cannot remove spending permissions from it, so we do not permit coinos' nwc string to be used for receiving. (It being an option was a mistake on our part. It will be removed in a future release.)
reply
0 sats \ 19 replies \ @SimpleStacker 20 Sep
Can you clarify what this means?
If I input a NWC string on SN for a sending wallet, in what ways am I or am I not giving SN the ability to spend my money?
reply
130 sats \ 18 replies \ @k00b 20 Sep
in what ways am I giving SN the ability to spend my money: when you have SN's website loaded, your wallet is decrypted, and your browser is connected to the internet, SN's clientside code has the ability to spend your money from your browser.
in what ways am I NOT giving SN the ability to spend my money: when SN's website is NOT loaded in your browser or your wallet is NOT decrypted or your browser is NOT connected to the internet, SN cannot spend your money.
in what ways WOULD I be giving SN the ability to spend my money IF SN did this differently: SN, or anyone who gained access to SN's database, would be able to spend your money at will, at anytime.
reply
5070 sats \ 6 replies \ @k00b 20 Sep
It may seem like we're punishing ourselves by being paranoid and doing something that may only sound marginally safer, but we think it's more than marginally safer and worth the pain -- assuming we can smooth out the UX.
Further, establishing the precedent and expertise around not storing any sensitive customer data on the servers will afford us great agility when doing things like end-to-end encrypted DMs (which we see as critical to providing marketplace and private chat/community features worthy of bitcoiners).
reply
57 sats \ 5 replies \ @SimpleStacker 21 Sep
reply
0 sats \ 4 replies \ @ek OP 21 Sep
Also, no nostr client is using NWC to receive, they all use lightning addresses afaik
Ask yourself why
reply
0 sats \ 3 replies \ @SimpleStacker 21 Sep
I... don't know why. The UX is more steps?
reply
30 sats \ 2 replies \ @ek OP 21 Sep
If they would use NWC to receive:
  1. They only store credentials to receive on your device, so you can only receive when your device is online (additionally to the requirement that whichever lightning node you use needs to be online).
  2. They store credentials to receive on their server so your device does not have to be online to receive, but now they need to make sure these credentials do NOT allow spending else they or anyone with access to them can spend from your wallet.
Since most nostr clients do not run a server, they can only use option 1 and that is a very bad user experience.
edit: Wait, I said something wrong. They could add NWC for receiving to nostr profiles, and clients could then fetch it and use it to request invoices from your node, but the permissions need to be checked before adding it to your profile for everyone to see.
Sorry, I just woke up lol
view all 2 replies
10 sats \ 1 reply \ @DP0604 20 Sep
Hey, I didn't know this. I recently started using Coinos, is one of the wallets I used as a beginner to start my journey with Bitcoin.
reply
0 sats \ 0 replies \ @k00b 21 Sep
It's a great place to start!
reply
0 sats \ 8 replies \ @SatSquares 21 Sep
Where exactly on the browser is the decrypted wallet stored? And does this mean our NWC is encrypted and living on your database?
reply
21 sats \ 7 replies \ @ek OP 21 Sep
In memory
reply
0 sats \ 6 replies \ @SatSquares 21 Sep
Got it. But then where's it come from / get hydrated? Does that mean it's living encrypted on your DB?
reply
0 sats \ 5 replies \ @ek OP 21 Sep
Yes, that’s how you have access to it on all devices and have to enter the same passphrase on all of them (we have plans to make this not necessary) and how we (or an attacker) don’t have access to it because we can’t decrypt it.
reply
100 sats \ 0 replies \ @SatSquares 21 Sep
Ahhh, the passphrase decrypts it. THANK YOU!
reply on another page
0 sats \ 3 replies \ @SatSquares 21 Sep
And I guess last question because I have a severe misunderstanding:
in what ways am I NOT giving SN the ability to spend my money: when SN's website is NOT loaded in your browser or your wallet is NOT decrypted or your browser is NOT connected to the internet, SN cannot spend your money.
The encryption key must live somewhere so can't SN decrypt said NWC and spend money that way? Or do I severely misunderstand NWC
view all 3 replies
0 sats \ 12 replies \ @ek OP 21 Sep
lol I had to deeply suck air in when I read this
I wish we could use the same connection for both but no.
Maybe I will have some suggestions for the spec, because the UX around permissions is by far the biggest pain point when it comes to NWC.
reply
1033 sats \ 11 replies \ @nout 21 Sep
The coinos NWC string includes the lightning address (e.g. xxxxx&lud16=nout@coinos.io), so why do users have to set it up separately? Can't you just parse that and use it? Is lud16 not what I think it is and the fact that it matches my receive lightning address is just coincidence?
reply
0 sats \ 4 replies \ @ek OP 21 Sep
damn, unfortunately the 700 sats for my zap couldn't be forwarded to your wallet because no route was found
reply
0 sats \ 3 replies \ @nout 21 Sep
There's a big chance that I actually don't have it configured correctly somewhere :)
reply
231 sats \ 2 replies \ @ek OP 21 Sep
You did receive 70 sats here though
So I guess the route is very illiquid
reply
100 sats \ 1 reply \ @nout 21 Sep
I guess I need to zap more to balance the channels :)
reply
0 sats \ 0 replies \ @ek OP 21 Sep
haha yes
reply
0 sats \ 5 replies \ @ek OP 21 Sep
Oh, to be honest, I just haven't noticed that Coinos includes it and completely forgot that NWC strings can include it!
We can definitely do something with that, great idea, thank you!
reply
100 sats \ 4 replies \ @nout 21 Sep
Yeah, my original question was meant to complain about the UX when I have to set up send and then receive to lightning address separately even though it could all be done as a single step.
reply
77 sats \ 2 replies \ @ek OP 21 Sep
Btw, you definitely earned that description in my eyes now:
Chief user experience complainer
Missing that NWC strings can include a lud16 parameter was definitely incompetence on my end haha
reply
55 sats \ 1 reply \ @nout 21 Sep
reply
0 sats \ 0 replies \ @ek OP 21 Sep
embarrassment-driven development
reply
0 sats \ 0 replies \ @ek OP 21 Sep
I am quite embarrassed that I haven't thought of this, but you are totally right, if it includes lud16, we can totally use that to setup receive haha
reply