pull down to refresh
12 sats \ 3 replies \ @supertestnet OP 25 Mar 2022 \ parent \ on: Whisper Addresses: Privacy preserving automatic bitcoin address generation in vanilla javascript bitcoin
Both parties don't need to be online at the same time, you can email the whisper key to the recipient whenever you want, including while he's offline. The money will stay in the whisper address until the recipient uses the whisper key to sweep it into his wallet or send the money to someone else. There's no time limit, he can wait as long as he wants to get and use the whisper key.
Other than that you got it right. Another wrinkle with whisper addresses is that it involves a one-way communication and that is not automated at all, at least not in the current state. If the sender of the money refreshes the page or forgets to send the email or does any of the myriad things that people do to make a mistake, he will lose his donation and the intended recipient will never receive it. (That may be easy to mitigate by making the user click a button whenever they generate a whisper address. Then I could use an automatic email or something like nostr to automatically send the newly-generated whisper key to the recipient. But it would also make it easier to spam him with whisper keys that don't hold any value.)
Other issues that people pointed out on telegram include:
-
it doesn't help your privacy if you dox yourself to an exchange
-
the police could do a sting operation by sending you some money, waiting for you to consolidate it with your other funds, and then confiscating the total the next time you send it to an exchange
-
(BTW noobs consolidate their funds all the time. Noob-friendly wallets actually do it automatically on the assumption that it's what a noob would want)
-
if the whisper keys are sent via email then email is the new point of failure. Trudeau can tell google "show us all the emails containing whisper keys" and google will probably be happy to do it. Once they do that, your whisper addresses are doxed, assuming they know your linking key (which is supposed to be public on your website)
Another benefit of using nostr for transferring the whisper key is a recipient web app could be built that filters out keys without a balance and allow for easier/more precise sweeping.
reply
The email vulnerability seems easy to avoid by using encrypted channels of communication (like nostr). The other vulnerabilities seems be present in PayNyms as well. Its probably wise to mix your funds in either case and to avoid consolidating them whenever possible.
reply
This system has a lot of potential and I'm excited to see how it develops!
@space waves