So completely insecure in other words? šŸ˜®ā€šŸ’Ø
reply
So that adds to my concerns:
  1. Are limits configurable? Can I set a limit of N sats per tap, and N taps per hour?
  2. Example: the terminal shows 5,000 sats. I tap. Later, I find 100,000 sats deducted. The merchant was dishonest. My "tap" authorized it though.
  3. There is protection against a replay attack (single use token), but not against someone stealing my card and draining funds either at other merchants, or the thief manually sucking everything out.
reply
The cards themselves look beautiful, I've struggled to find a proper nice looking credit card sized NFC card before so I'm definitely getting this.
The cool thing about it is that you can make it work with whatever service you want since it's simply a LNURL that you can write in the card.
Here are the ingredients:
  • One of these awesome cards, or a boring blank NFC card.
  • A phone with NFC (only tested this in Android but iOS should be the same)
  • Either your own lightning node or an external service like ln.cash
  • An app to write NFC like NFC Tools.
You can of course also use their own exchange and that way you will be able to use it as a debit card funded with the funds in that account. They have free withdrawals and deposits with lightning so it's basically a free service.
reply
Lightning Network now has a contactless payment card
This is powered by LNURL which powers the kind of interface for paying that people have come to expect which is just tap and go
You can get this today and start living on Bitcoin, living the dream, it also work as a gift card
reply
Here's the Bolt Card page on CoinCorner's website:
The Bolt Card | CoinCorner https://www.coincorner.com/TheBoltCard
And the blog post announcing it:
There is another post, here on SN, with the link for ordering this:
Buy The Bolt Card | CoinCorner #29306 https://www.coincorner.com/buytheboltcard
reply
I prefer the "I give you" over the "You take from me" model. The "You take from me model" does not require the user to authorize a transaction. Its like a "Proof of number" system. Instead, the merchant knowing the number is the proof that the user authorized some transaction, but the problem with that model, is that the number has to be known by more than the user.
"I give to you" is how cash works, but its also have custodial wallets typically work. The user knows the authorization number (the private key) and no one else has to (or should) know that number in order for transactions to be processed.
So that's why I will not be using the bolt card (or browser extensions)
reply
You don't understand how this thing works. Is not a "I take from you", that card is actually your signature. Read more http://fiatjaf.com/77921fcb.html
All this hate against custodial is just dumb. Custodial is just fine, in a certain amount of spending. Nobody is saying to use all your BTC stash on that card. That is a fucking spending card.
You mention cash... are you going with all your cash on you when you go to buy a beer? Or you just go with some coins in your pocket.
reply
Alright its better than I thought it was, but its still bad. The redeeming quality it has is this: "LN SERVICE only needs to implement a scheme for renewing the balanceCheck URL on every call it receives, returning the next URL every time"
Slight improvement over credit cards because a radio transmision sniffer would steal the creds of a credit card and use it over and over, but still a downgrade over a non-custodial wallet. Non-custodial wallets hold their keys interally and don't reveal secrets when signing. Based on what I'm reading, this reveals a new secret on each transaction which is still susceptible to sniffing.
The hate towards custodial is justified. Mt. Gox is the only learning lesson anyone should need, but even then 1971 (the removal of the convertibility of the dollar into gold) should have been the only lesson people needed. The banking lobby itself would not exist without depositors.
Am I going with all my cash to buy a beer? If a method existed for transmitting monetary value over a communications channel, without the need for a 3rd party, I wouldn't be going with cash at all, but the irony is that the example you give still does not require a custodial solution. The reason I don't go to buy a beer with cash at all is for three reasons:
  1. The value of the dollar is guarenteed to lose value over time. So I only convert to dollars when absolutely neccesary and save in a store of value
a. Caveat, my spending money for daily life is is spent well before the devaluation of the dollar reflects any price changes.
  1. I have an incredably difficult time buying an item which is a store of value over a communications channel, without the need for the 3rd party.
  2. All of the money is fake, so if the bank I'm with does run into trouble, the federal reserve will just print more paper for them to play with.
Now to speak to the point about converting to trash dollars at the time of purchase, I think this service does well to compete with Bitpay or CashApp (insofar as CashApp's usability to sell Bitcoin on the spot and pay with a CashApp card), but I do not believe that if there were to exist a method for transmitting monetary value over a communications channel without the need for a 3rd party, counter-party risk, and had final settlement, I would much rather prefer something like that over any custodial solution, any day.
If only.
reply
Oh let me guess... you are one of those going top pay for a coffee with a Trezor, connected to a laptop over Tor, using a LiveCD linux...
And people waiting in line behind you, until you remember your 2FA.
People that lost money in Mt.Gox where the losers, the traders, not real Bitcoiners. I am in Bitcoinlandia from 2012 and didn't lost any sat on MtGox, because I didn't have any BTC there, only on my wallets.
For all these 10+ years I use the method of 3 levels satshing: HODL, cache, spending. Each level with a certain amount. For spending is just fine to have some easy fast tools even custodials, without touching all my satsh.
reply
I understand using a custodian if you absolutely have to.
The issue I see is that there does not seem to be any security level benefit. Sure your phone can be hacked, but so can the website you're custodying with, but worse and more concerning to me, is the influence that is given to any custodian.
I mentioned the banking lobby
I have yet to mention FTX, although they have walked their statements back, the point is that depositors give custodians undue power of influence in a world where politicians are bought and paid for. Maybe maybe if it is combined with a culture like "proof of keys day" then maybe it could be safe enough as to avoid a server side number that does not accurately reflect the backend's cold storage and therefore make a banking lobby 2.0 infeasable.
Sure, your $200 of spending money with a custodian might not be a big deal to you, but thousands of depositors with that same amount, or worse millions, has compounding effects that I don't believe are often considered when people choose to use a custodial solution, a point that is nonetheless moot if you absolutely have to use a custodian.
reply
you don't have to use a custodian
reply
Wish is wasn't custodial. Coinkite has cards without a custodia.
reply
It doesn't have to be custodial.
reply
Here's one, using BTCPay Server:
reply
Wondering if I should buy some and use?
reply