Oddbean

Lightning custodian has less attack surface. ECash has all the vulnerabilities of custodial lightning (rug, because it is a lightning wallet) plus additional risks of hacking, technical error, and unverified issuance (fractional reserve). I'd love to be convinced otherwise.

I've built several "Lightning custodians" myself and this is not true. All "additional risks" you're mentioning are equally or even more true for *every* custodian. Ecash introduces no additional risk, except that transactions can't be reversed. In return, you enjoy censorship resistance as a user.

I have to take your word for it in regards to the technical security. But it still looks like a mint runs on top of a lightning wallet, which has the risks of screwing up something and losing lightning funds *and* the risk of screwing up the mint (I have lost small amounts to mint bugs or operator error). It never occurred to me that custodial lightning wallet could lie about "issuance". I suppose they could in a Ponzi kind of way, siphoning funds as a "slow rug". I think you have a point. I'm trying to think through some of the privacy and anti- censorship benefits. If there's a list somewhere or a podcast where you discussed it, I'm very interested. I'm very optimistic, but also don't see it as a scaling panacea. https://primal.net/e/note1gwev8mgqf7x0wms94mw4l0knm79s3l00lh99dc7wctfxknsdfpts7tlxxk

In terms of custodians, if the reliability of the backing node/mint and the trustworthiness of its operator are otherwise equal, then yes I believe I would agree. Cashu interests me as a user for privacy reasons and for its potential to facilitate asynchronous payments between users. But I also have uncertainties about those uses. In terms of privacy, how much of the privacy benefits are lost when performing swaps between mints, or payouts back to lightning, since in both cases it involves a lightning payment? And in terms of asynchronous payments, is there a way to lock tokens so they can't be redeemed by anyone except the intended recipient, with a timeout so the sender can reclaim the funds after a defined period of time passes? If someone sends me ecash tokens, there is no assurance for me to know it hasn't been redeemed by someone else (including the sender) until I try to redeem it and see that it's still valid.

Your WoS (or any other LN custodian) account can be hacked as well. Infact even more easier to steal from WoS accounts: you simply log in and funds are yours. Cashu has no logins. You'll need to hack the actual phone and hack the wallet to get out the ecash.

Fair point, but I think the context from @corndalorian was it being stolen from the mint rather than an external threat actor. I'm still interested to learn more on it all. What's the best resource? Thanks

To both of your questions: yes Your privacy for paying ecash-to-LN is the same as with ecash-to-ecash except that the mint can see the LN destination (Lightning needs blinded paths for this). Much better privacy than any other custodial LN. You can lock tokens with P2PK. Wallet support is still limited but it allows what you described. Token can't be stolen if the hacker doesn't know your private keys. Cashu txs are not reservible. Once ecash is stolen, it's stolen. This property also means that you enjoy strong censorship resistance as user though, which is why it's preferable imo.

Thanks 🙏 it would be cool to see P2PK supported in wallets, or even just an option to lock the token with an arbitrary PIN or passcode. Without it, sending ecash tokens feels a bit like sending cash in the mail. And that helps put the privacy into better context. Now hopefully we will see more trustworthy mint operators, or maybe even some way to gauge their trustworthiness. I get very nervous when I see that I've accepted ecash from a mint running on the LNbits demo site. I am quick to swap those into my lightning wallet.