360 sats \ 4 replies \ @mixmaster 2 Nov 2023 \ on: AcceptLN.com - Every email address now accepts Bitcoin Lightning bitcoin
Great idea and thank you for building stuff for Bitcoin adoption!
I can see 1 general issue:
As far as I understand it, the sender has to enter the email address of the recipient on your website to make it work. That means you are storing a lot of email addresses which turns you into a honeypot for hackers to collect emails (for sending scam & spam). I personally would also be pissed when somebody puts my (so far spamfree) email on some list without my permission (of course I can never prevent that from happening, but you kind of incentivize people to do so).
I won't pretend to have read all of the code, but after the initial claim email is sent, I don't see any strict requirement why they should need to keep the recipient's plaintext email address on file.
The claim link in the initial payment notification email contains a secret that redeems the coins, so unless they need to send follow-up emails to an inactive payee, the email address could be discarded once the payment notification email is sent.
reply
Interesting! If that is true, that would be pretty awesome! I guess @acceptLN can clarify how they do it.
reply
This was the first thing about this otherwise cool idea that stopped me from immediately trying it. Glad you brought it up, thanks. It deserves some attention, in my opinion.
Would like to see @acceptLN responding with their thoughts / plans on this.
I personally would also be pissed when somebody puts my (so far spamfree) email on some list without my permission
Agreed. Which, btw, is why I'm a big proponent of single-use email addresses.
reply
We’re pondering the idea of integrating simplelogin, anonaddy, aleeas etc in-line — and even thinking about requiring you choose one, rotating the default.
Would be part of the new-user lesson. Thank you very much for your feedback,
Jamie
AcceptLN Team
reply