What's your weakest definition of a self custodial lightning wallet? \ stacker news ~bitcoin

What's your weakest definition of a self custodial lightning wallet?

13.9k sats \ 46 comments \ @andy 22 Sep 2023 bitcoin

Many people seem to think that the holder of the private keys is the custodian, but with the emergence of services that allow the private key owner to do blind and automated signing that line is rapidly blurring and in a practical sense, I think maybe that's too narrow of a view. Would like to know your opinion.

bitcoin core + [lnd, ldk, eclair, or cln]: I do full validation of blocks and the mempool. I hold my own keys and I decide what transactions I'm going to assemble and sign. My machine is in my exclusive physical control. The way I connect to the internet and how I assemble transactions determines my privacy.
lnd in neutrino mode: I do moderate validation of blocks and the mempool. I hold my own keys and I decide what transactions I'm going to assemble and sign. My machine is in my exclusive physical control. The way I connect to the internet and how I assemble transactions determines my privacy.
electrum client connected to a single electrum server: I trust someone else for validation of blocks and the mempool. I hold my own keys and I decide what transactions I'm going to assemble and sign. My machine is in my exclusive physical control. If I privately connect to the internet, the electrum server can still gather an idea what my wallet looks like based on my queries, but they don't necessarily know who I am.
electrum client connected to multiple electrum servers: I don't trust a single server for validation of blocks and the mempool, instead I check with a few and see if they are in agreement. I hold my own keys and I decide what transactions I'm going to assemble and sign. My machine is in my exclusive physical control. If I privately connect to the internet, the electrum server can still gather an idea what my wallet looks like based on my queries, but they don't necessarily know who I am.
greenlight: I don't do any validation of blocks and the mempool. I hold my own keys but I let someone else provide me transactions to automatically/blindly sign, they know and indirectly control everything about my node unless I turn off the local signing software. The greenlight server has a full view of my lightning node, but if I privately connect to the internet, they don't necessarily know who I am. If I turn off the local automated signing software and opt out of greenlight, my future privacy and security are not affected.
lnd on voltage.cloud: I trust voltage.cloud to do validation of blocks and the mempool. voltage.cloud keeps a copy of my keys in RAM but not on disk. I trust that voltage.cloud is running an honest version of lnd. voltage.cloud can monitor what my node is doing by looking in RAM on their servers and whatever network traffic they see.

Also, please let me know if I've made any technical errors in the descriptions above.

bitcoind+[lnd/ldk/eclair/cln]20.0%

lnd in neutrino mode13.3%

electrum client: single server20.0%

electrum client: multi server6.7%

greenlight26.7%

lnd on voltage.cloud13.3%

15 votes \ poll ended

view all related items

1010 sats \ 16 replies \ @DarthCoin 22 Sep 2023

You are missing a key aspect in this. You start from the misinterpretation that in order to have full custody, you must run a public node. That's mislead many new bitcoiners into the space. As I explained in this guide about private nodes: https://darthcoin.substack.com/p/private-lightning-nodes

You can run perfectly full nodes without public routing, if you just want to use LN in a private mode. Public routing is NOT for each of the plebs that just want to pay his beer over LN with his own node! Public routing nodes are more for large liquidity providers LSP that will help (a lot) the small other private nodes. If you have balls and large capitals, ok go ahead, but do not start your LN node with public channels of 100k sats. You are doing more harm than good to the entire network!

Read more here:

Do not complicate your life when could be easy.

0 sats \ 15 replies \ @andy OP 22 Sep 2023

This question was not about private channels/stub nodes vs public channels/routing nodes, it applies to all types of nodes. It is about signing transactions and safely making the decision on what transactions to sign.

101 sats \ 13 replies \ @DarthCoin 22 Sep 2023

I would say for a minimalist setup to use neutrino. Depends also for what do you want to use such scenario. What are you building now?

398 sats \ 12 replies \ @andy OP 22 Sep 2023

Continuing to build Distributed Charge and StaticWire with the same design goal of using your own node. However, I'm getting concerned with all the talk about "hosted and managed self custodial" nodes from others in the marketplace. It seems very misleading and I'd like to start some dialog against that, but first trying to gauge other peoples' opinion on the matter.

101 sats \ 1 reply \ @Maximus 22 Sep 2023

Distributed Charge is a fascinating idea. Let me know if you’d like some help making the website more mobile-friendly, would be glad to help

0 sats \ 0 replies \ @andy OP 23 Sep 2023

You can find my contact information here: http://andyschroder.com/contact/ . Would be glad to hear from you on your ideas.

0 sats \ 0 replies \ @DarthCoin 22 Sep 2023

I don't know this very well is quite new, but maybe worth looking into UTREEXO https://thebitcoinmanual.com/articles/explain-utreexo/

0 sats \ 8 replies \ @DarthCoin 22 Sep 2023

Would be an interesting use case if you can use Greenlight for that superb DC machine. Could simplify a lot the whole process to setup and you still keep control of the whole node. I know is quite new but you know that bitcoiners are reckless. Make a test, break things, learn.

The other aspect here is the liquidity. LSP. How you would manage that?

0 sats \ 7 replies \ @andy OP 22 Sep 2023

The question is , do you really "keep full control of the whole node" with greenlight? You previously said that "for a minimalist setup to use neutrino". I'd argue that full control with greenlight is an exaggeration. What local validation do you actually do with greenlight? If you are just blindly signing things, do you really have control?

122 sats \ 3 replies \ @LaserStack 22 Sep 2023

I think apps using greenlight are supposed to run the client half of the validating lightning signer protocol, where they check all the important details of the transaction before signing.

0 sats \ 2 replies \ @andy OP 22 Sep 2023

How do you check "all the important details" without reviewing public blockchain data? Seems like you might be able to check some stuff but not all.

view replies

101 sats \ 2 replies \ @DarthCoin 22 Sep 2023

Indeed. A btcd or bitcoin core + LND with neutrino could minimize the setup, if you really want to keep all on you. Using Greenlight or trustedcoin from fiatjaf you will connect to a "trusted" validator, you are not in charge of that code base but you are still ok. You can change the validator any time you want, if that's the case. In my opinion is OK to use Greenlight or trustedcoin for such scenario you want to use.

Again, depends how far you want to go with the whole "sovereignty" of your node.

0 sats \ 1 reply \ @andy OP 22 Sep 2023

What do you mean by "you are not in charge of that code base but you are still ok"?

I think it's okay to use those services if you want to for sure, I think the main point of this thread and my poll is whether you can call that a "self custodial" lightning wallet or not. I don't think you can, and I think it's misleading to do so. I think another name should be created for these "blind signing" nodes. If we don't challenge the wording, the service providers will still keep calling them "self custodial" and continue to mislead people.

view replies

0 sats \ 0 replies \ @DarthCoin 22 Sep 2023

Here some other links:

Trustedcoin - by fiatjaf a lightweight btc node sync
Neutrino node

259 sats \ 2 replies \ @kristapsk 23 Sep 2023

I would say Phoenix on your phone. Not running Bitcoin node, but having channels and self custody. Without ability to open direct channels to your wallet AFAIK, so everything goes through ACINQ node. But you can always close channels yourself and get back your funds onchain.

0 sats \ 1 reply \ @andy OP 23 Sep 2023

Do you know how the Phoenix solution compares to Breeze wallet or Greenlight? Wondering if those should all be considered in the same category.

0 sats \ 0 replies \ @DarthCoin 23 Sep 2023

Phoenix and Greenlight are more or less in the same situation. They manage the channels, you own the keys. Breez is different - you manage the channels as you want, with little restrictions. You own the keys.

242 sats \ 6 replies \ @nout 22 Sep 2023

Something like greenlight is actually sort of similar for how we work onchain with Bitcoin nodes. You own keys, but if you use the same node and not over Tor, then the node can also identify you and block you from doing what you want. So that's why I'd still call greenlight model self-custodial.

21 sats \ 5 replies \ @andy OP 23 Sep 2023

Bitcoin nodes can be connected to many peers and they validate the proof of work. How can that be compared to a centralized service called greenlight?

21 sats \ 4 replies \ @nout 23 Sep 2023

Yes, the main bitcoin nodes run on clouds like AWS or are hosted by big companies and yet we don't call using them "centralized", because you have a choice to pick the nodes you connect to and you can do it anonymously. I'm not saying it's exactly the same, but many different businesses can run "something like greenlight" (that's why I said that above) and if there is a way to migrate between the "something like greenlight" services, then that would be comparable. Not the same, but comparable.

21 sats \ 3 replies \ @andy OP 23 Sep 2023

What is your definition of "the main bitcoin nodes"? According to https://bitnodes.io/dashboard/#asns , 1.8% are on AWS and 1.9% are on google. 63% are on TOR.

Also, you'd have to migrate to an alternate "something like greenlight", but with bitcoin nodes, you don't migrate anything, you just connect to a new peer and ask for data. I think that's a huge difference.

77 sats \ 2 replies \ @DarthCoin 23 Sep 2023

the main bitcoin nodes

I think he refers to those nodes that we know who are running them, well known bitcoiners, devs etc.

0 sats \ 1 reply \ @andy OP 23 Sep 2023

But how many people connect exclusively to nodes run by "well known bitcoiners, devs etc."?

77 sats \ 0 replies \ @DarthCoin 23 Sep 2023

quite a lot. For example, if you use Blixt wallet (that is a full LND on your mobile), is using neutrino with by default Blixt node. Same for Breez. But if you remove from settings that default neutrino node, it will get any other available neutrino node in the network. And most of them are those well known nodes, serving blocks for the public. You can set also your own node if you want and you have it activated with neutrino.

111 sats \ 1 reply \ @nerd2ninja 22 Sep 2023

I think this was intended to be ordered from best to worst, but if that's the cause wouldn't you switch electrum client connected to a single electrum server and electrum client connected to multiple electrum servers?

50 sats \ 0 replies \ @andy OP 22 Sep 2023

It was supposed to be from best to worst, but I messed that up, you're right.

10 sats \ 3 replies \ @kepford 22 Sep 2023

Isnt this over complicated. Not your keys not your coin. Thats my definition of self custody.

0 sats \ 2 replies \ @andy OP 23 Sep 2023

So, which option did you vote for then with this perspective?

0 sats \ 1 reply \ @kepford 23 Sep 2023

None of them.

21 sats \ 0 replies \ @andy OP 23 Sep 2023

So what option should I have added for you to choose? What example can you provide that would be a weaker self custodial option in your opinion?

303 sats \ 8 replies \ @DarthCoin 22 Sep 2023

Please keep this thread alive. I wish too to listen more expert opinions on this scenario and see how you can build those amazing tools.

Where are all those bitcoin developers and gurus? Why this thread it doesn't have more attention?

275 sats \ 7 replies \ @andy OP 23 Sep 2023

It's a Friday and the weather is nice. @k00b, does SN consider this in a post's time to live at the top?

101 sats \ 1 reply \ @k00b 23 Sep 2023

For the front page aka ‘hot’? Yes, it decays exponentially with time

10 sats \ 0 replies \ @andy OP 23 Sep 2023

Seems like it would be more appropriate to decay with block height and not clock time... and also slow things down if the weather is nice :) .

101 sats \ 4 replies \ @DarthCoin 23 Sep 2023

You are doing / building a very interesting project for bitcoin and you are asking very important things about how nodes are structured. The success of this project could be also an example for many others. I am surprised that not so many other experts are not jumping in to say sonething. I tried to help you with all info know myself but there are many other aspects involved that I don't know them well

Maybe re-post this in another day, being Friday maybe they miss this good post between beers.

I am very interested to see how is going this project. If you find a solution please post here the story

May the Bitcoin be with you.

156 sats \ 3 replies \ @andy OP 23 Sep 2023

Okay, maybe I'll re-post the survey another day with some more options to choose from. I was trying to figure out if people thought auto-signing systems like greenlight were actually self custodial. Seems so far that 27% of the people think so. I threw in voltage.cloud as another option to gauge the audience as well. Very surprised that 13% of the people think that is self custodial when they have your private keys in RAM. It seems as though not only do we have some interesting services like greenlight which push the limits of what you can call self custodial, but people may not really even know what the term self custodial actually means if they are okay with someone else holding their keys in RAM.

101 sats \ 1 reply \ @DarthCoin 24 Sep 2023

I would recommend you to do first this experiment for your device:

take a simple tablet, but I recommend with android 11 or higher
install Blixt wallet (full vanilla LND node) - here is a full guide I wrote about Blixt
play with the option for setting a bitcoin node as neutrino server (default Blixt Node, yours, or blank - random neutrino in the network)
open a Dunder channel with Blixt node LSP to have some inbound liquidity
open a bunch of other channels with other nodes (see a list here, that I made)
activate the option for persistent service, so Blixt will stay up and will not stop the lnd service. In that way you will have a full LN node.
yes, this LN node will not make routing, but for your device you don't need that, is even recommended to not have a public (visible) node in the network.
in this way you can have a mobile node wherever you are, with minimal resources, full custody and full control.

I don't want to shill Blixt, but is a powerful app once you know it.

0 sats \ 0 replies \ @andy OP 25 Sep 2023

Distributed Charge uses ubuntu server so it can run LND directly. Blixt look cool, but a major drawback is no reproducible F-droid build right now. Also, it's unclear where the push notifications are coming from. Why do we need push if the node is running locally on the phone?

0 sats \ 0 replies \ @DarthCoin 23 Sep 2023

Don't make it as a poll... people are voting without knowing anything. Few will gave the right vote. Make it more as a discussion and invite more gurus to join.

0 sats \ 2 replies \ @JustinGoldberg 23 Sep 2023

we need a better nomenclature, because calling a wallet "custodial" sounds too similar to self-custodial.

42 sats \ 1 reply \ @andy OP 23 Sep 2023

I agree.

We also have "non custodial" which leads people to wonder how that is different than "self custodial".