It's software for musicians. They can dd a bunch of songs and a place where they want to receive money and then it will create a website for them with a shareable link. People who visit the shareable link see all the songs and can vote with sats on their favorites and/or which ones to hear next. The top voter in each song also gets to leave a comment that other voters can see. 

 Here is the course: https://www.udemy.com/course/nostrdevs/?srsltid=AfmBOooqAqjC8B2Ub3AFyn5V_J2TJcJfhC1RaCL1v8ng2EHH1SIwvrio

It costs $50 

 Here is the course ($50): https://www.udemy.com/course/nostrdevs/?srsltid=AfmBOooqAqjC8B2Ub3AFyn5V_J2TJcJfhC1RaCL1v8ng2EHH1SIwvrio 

 Ecash mints are programs for running a mini central bank where people can deposit bitcoin, redeem it whenever they want, and in the meantime they get fast and cheap transactions with other users of that mint. They are pretty neat, especislly their privacy properties, but they come with most of the tradeoffs of custodial systems: the mint can steal anyone's money whenever they feel like it and can dmstart KYC'ing its users at any moment 

 > Mints can pick and choose which users they want to steal from on the basis of any test they come up with, e.g. "Well only steal from North Koreans, or only from women, or only from Jeremy Hudson from Mobile, Alabama"

FTFY 

 > ...and thus lose your money, completing the proof: mints can enforce KYC requirements against any user and penalize the noncompliant

FTFY again, I agree it's fun 

 By blocking your API queries until you submit satisfactory KYC info and, until then, returning only error messages that direct you to a data collection page 

 Yes, and I often do

But then people continue to advertise that ecash mints have perfect privacy so then I make threads like this one where I spell out exactly how they can compromise the privacy of any individual user or group of users with a penalty of loss-of-funds if they don't comply

Which means they are perfectly capable of enforcing shotgun KYC

Whereas a protocol with *actual* perfect privacy wouldn't have anyone in a position to enforce *any* kind of KYC 

 bitcoin is also non-kyc, why not use that instead?

people who use stablecoins instead of bitcoin have reasons for doing so

I'm just trying to persuade them they are dumb reasons 

 Coming soon, hopefully. It's based on an observation about phoenix: their version of splice-in transactions atomically swap an inbound lightning payment for a fresh deposit of bitcoin into your channel. This form of atomic swap is better than a submarine swap in this respect: it uses only one single bitcoin transaction instead of two. So I came up with a generalized version that can be used outside of lightning wallets and I called it papa swap. I was about to implement it too (hence the repo) but I got delayed by the need to prepare workshops for upcoming conferences. When things settle down I hope to implement it. 

 A lesson in there for all of us
nostr:nevent1qqswpuzqw2nhr2pkd79e6ul8lfnk00hqfc0jsm6rta59g9rn7ww4gqsppemhxue69uhkummn9ekx7mp0qgsy6h88dqfr2cautqmf0k67sjzpldfg77ms3ktx7tj5v2rvu0rjqacrqsqqqqqpc9vakc 

 Glad to be of service!
nostr:nevent1qqs05pmjk3x2l90glmtmv3lk0sj99v7p0vtwagxcse7m6zradlvgsccppemhxue69uhkummn9ekx7mp0qgszm52qe2qdkc4u7dma0klx3532jka2g8geck6fwxncyp90wktq2xsrqsqqqqqpl60rtw 

 I am aware of the first problem and I note that Rene Pickhardt tried to perform this attack in 2019 with little success. He tried to take a snapshot of the balances of all routing nodes on testnet, and while he did manage to do it, it took him over 9 hours to do so. It would be an even harder task on mainnet due to the larger number of routing nodes.

Since lightning has high volume, I think you wouldn't get good days about the history of transfers on LN unless you could get snapshots of routing node balances every few seconds, rather than once per day or so.

Nonetheless, Rene did find that while it takes a long time to probe the balances of*every node,* each *individual* node only takes about 20 seconds to probe. So if you looked your attack to a single largr routing node you could probably get reasonably good data about what traffic it routes across the network.

Also, the Blinded Paths upgrade mitigates this attack. Part of the plan for Blinded Paths is to remove the distinct error messages revealed by nodes depending on whether the payment made it to its destination or had a routing failure part of the way through. With Blinded Paths, the same error message is displayed for every payment failure, which means Balance Probing as performed by Rene won't work anymore. His technique involved sending multiple fake payments through a routing node and logging whether they failed due to the routing node not having enough capacity or the recipient being unable to finalize the payment. If the latter, it meant the routing node *did* have enough capacity to forward that payment, so Rene would try again and again with larger and larger fake payments until the routing node reported an inability to forward the money, then record the prior amount of the fake payment as their latest balance. This method relies on does not work if all payment failures look the same, so the Blinded Paths upgrade should fix this. 

 > Is also possible to snapshot individual wallet balances, addresses, transactions?

Unless the wallet is a routing node I don't think this is feasible for third parties to do. But all wallets are connected to at least one routing node, and each of those routing nodes know the balance of your channel with them. Some, like Binance's routing node, also proactively state in their privacy policy that they log this data and share it with law enforcement, including info about any transactions that flow through their node. So be careful who you open channels with.

> So not an unsolved problem anymore?

I'm not sure. The solution is known but I am not sure node devs will upgrade to versions that don't support payment probing. It's a popular feature with native commands for it in LND and Eclair, and they would have to disable that popular feature that many wallets rely on to assess the likelihood of a successful payment before attempting one. It seems unlikely that LND and Eclair will upgrade to a version that disables this. Maybe a new, privacy focused lightning network subnet is what's needed, where participating nodes all announce that they won't allow payment probing. 

 Ew yuck no 

 The costs seem to me to outweigh the benefits 

 If you withdraw your funds from a CEX to any wallet, I think the CEX will mark it as sent to you, and would probably testify that, as far as their records can tell, you still have it. I would not be surprised if a judge said that's enough data to conclude you *do* still have it. If you claimed to sell, spend, or lose all of it, I would not be surprised if a judge said that's an unlikely story and consequently "innocent until proven guilty" doesn't apply. If that happened you might need to show evidence to probe your case, and might be considered to at least own whatever amount you can't show convincing evidence of selling/spending/losing.

If you used a standard bolt11 invoice to withdraw the funds, they would have full route info from themselves to your LN wallet and could trace the funds that far. You could use tools like lnproxy.org to throw them off, but they might subpoena or purchase your "real" routing info info from lnproxy.org or whatever competitor(s) you use.

If your wallet is connected to a routing node like Amboss or Phoenix, and you're not using tor, those guys have your IP address and can also see when you close your channel and send your funds to cold storage. They might act as informants against you if their routing nodes showed up as the "last hop" on the path from the CEX to you.

All that said, I don't think they would be unable to *deterministically* trace the funds if you use tor + route blinding (e.g. through lnproxy plus a few of their competitors, or bolt12) but they probably don't need to -- if they are confident you withdrew the money *somewhere* then you will be marked in their books as having whatever amount of money you withdrew, regardless of where you sent it afterwards. 

 In he last paragraph there was an important typo. I wrote "I don't think they would be unable..." but it should say "I don't think they would be able..."

I used the "Edit" feature in amethyst to fix it but just in case your client doesn't show edits, I'm clarifying here as well. 

 Video: first look at brick wallet

https://video.nostr.build/cf0b94894c073b594d130fa42e7c630cf56e3281bcf0640f33093e89e40db1b1.mp4

nostr:nevent1qqs9d2jsk4c923999rkm0rr2sn09jx38nw78zezchyjrmhn39d5df0spremhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet59upzqgvra9r4sjqapufyl0vnc4kv4fz70e29em4c655y37vz206f0wt4qvzqqqqqqy24qecj 

 I've seen replyguy but I didn't know it was spam 

 > Rights are something you earn and defend

How is this any different from Might Makes Right? You can't lay the foundation for tyranny and then act shocked and horrified when tyrants start to trample. In a society that teaches rights are created by a strong arm, the guy with the biggest gun will run amok 

 I'm down too and simplex works for me 

 if you just can't wait for more, try Zhou Tong'd "Holding for the Longest Time" which is also in this style (and he recorded it 11 years ago!!!):

https://www.youtube.com/watch?v=NG1qooBzE2w 

 The secure bunker is *IN* the phone 

 I don't see it in my app store search results. Do I have to sideload the app? Where can I get it? https://image.nostr.build/f895780f42952ff15fb75d8c5c6cd5d55d8c3d80aafb655fb2511ca9615d6ae9.jpg 

 But I don't want to put my nsec in another app. Sign-via-dm should be a standard feature of nostr phone clients 

 People helpfully provided links to Amber for me. But I'm confused. Why should I put my privkey in amber when I already have it in amethyst? Can you make *amethyst* an nsecbunker backend? 

 Why not? Right now I have my nsec in app A. You want me to download another app (app B) and put my nsec in there. Doesn't it make sense for me to object and say I just want to keep it in app A alone? If not, why not? 

 How do I set up amethyst to use amber as a signer? I don't see an option for that in Settings 

 Figured it out, testing it now.

I downloaded amber and set that up, then logged out of my account on amethyst. Then on the login screen there was an option to log in with amber. So far it works great! 

 Tickets also available for purchase on clearnet:

https://shopstr.store/listing/ec99989d0af62f7dc385afd1eb1dde4cc1c3a0c14007f9772509603062df3008 

 Three that I know of so far: Bisq, Robosats, and Shopstr

Link for Robosats: http://robodexarjwtfryec556cjdz3dfa7u47saek6lkftnkgshvgg2kcumqd.onion/

Link for Shopstr: http://iftfujvg3tv6v5fcilgswbkkntdfd7bphyuth6zfyghqrwj3kowxwbad.onion/ 

 Bisq and robosats are DNMs because they are marketplaces on the darknet. They compete directly with other DNMs on products such as cash parcels, gift cards, and currency swaps.

I doubt any of the commonly used silk road descendants (good term!) support LN yet but I suspect they are looking since their competitors are doing it and seeing millions in volume. Their incentive is to attract those users to their platforms. 

 > I would still call those (peer to peer) exchanges

Stuff can be two things

I like wikipedia's definition of the dark net:

"A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol."

Tor and i2p hidden services certainly qualify in my book. And if the hidden service lets people list items for sale, it's a martetplace on the darknet. A DNM. 

 Monero bros down bad as *yet another* DNM adds lightning

LN has better privacy than monero

Standard caveat: do not use either one for serious privacy needs without also adopting additional defense in depth strategies

nostr:nevent1qqs236swmvx9ntkmn7drunza3vnem55nx03d0r69egzumtwqg073ltqpzemhxue69uhkummnw3ezu6twdaehgcfwvd3j7q3qhxjnw53mhghumt590kgd3fmqme8jzwwflyxesmm50nnapmqdzu7sxpqqqqqqzcpnch3 

 It is for bolt11 and bolt12 

 Found another transparency chain shill! Have fun staying public bro. Maybe someday people will use your useless altcoin and pump your bags 

 (1) Regarding the left side of your charts, you write that monero does not (red x) publish all transactions by default, but it does. Here they are: https://localmonero.co/blocks/

(2) Still on the left side, you write that monero encrypts the sender and the recipient, but it does not. If it did, you could name the encryption standard it uses for that. But it doesn't, so you can't. (Lightning uses the Sphinx encryption standard for that.)

(3) On the right side of your chart, you write that lightning does not (red x) encrypt the recipient or the amount from all nodes. It does. It uses the Sphinx encryption standard for that. Not even the last node in the route knows who the recipient is or what amount the sender sent.

(4) Still on the right side, you write that lightning does not (red x) hide your ip address by default. It does. Lightning wallets and nodes do not reveal their ip addresses by default. To reveal your ip address, you first have to set up port forwarding on the standard lightning port (or pick a different one), and then you have to make a choice: do you want to reveal your *real* ip address or use tor? Most people choose to use tor which is why over 70% of lightning nodes are on tor:

https://i.ibb.co/ggYyDy5/list-of-tor-nodes-on-ln.png

source: https://bitcoin.clarkmoody.com/dashboard/ 

 Re: #3, the last hop doesn't know the amount being sent because of multipath, etc., and he does not know the recipient because he does not know he is the last hop. Onions are padded at each step so that they are always 1300 bytes. So the last hop thinks he might be the first hop with up to 19 more to go.

Re: "by default," lightning nodes don't expose your IP address to the public by default because the only way that happens is if you (1) configure your node to route payments (it doesn't do it by default) and (2) choose clearnet instead of tor.

Re: the podcast, we recorded it a few days ago and I am excited for its presumably looming release. I made this chart in part based on things I learned while preparing for the de ate, like the fact that monero does not encrypt peer to peer traffic. Dandelion++ is nice but if several of your peers are fednodes logging all of your IP traffic they can learn a lot. 

 I have no idea but for a stab in the dark I would guess under 20% is using bolt12 

 For more details, I encourage readers to listen to this debate I had with Luke Parker (monero dev):

https://x.com/super_testnet/status/1824431745443279044 

 I made it into NOBS this week! Mission accomplished
nostr:nevent1qqs2vsryz6du5jvn54w57h078utsfq4avdn705nltge970xzq80m07qpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgstnffh2gam5t7d46zhmyxc5asdunep88yljrvcda68ee7sasx3w0grqsqqqqqpw89a69 

 I feel like Sean Parker would tell me "drop the 'un' -- it's cleaner that way" 

 Too memorable? 

 https://cdn3.emoji.gg/emojis/6413_depression.png 

 Maybe robot A has a chicken and robot B wants it. But robot B has wheat and robot A wants that. If robot A and robot B can trade with one another right then and there, great, but what if robot A doesn't want wheat *right now*? He won't trade. And maybe when he *does* want wheat, robot B won't want a chicken anymore. With money (i.e. bitcoin) that both robots accept for all goods, robot B can trade *money* for the chicken and robot A can *save* it, and when he wants wheat later he knows robot B wants money (because you can buy *anything* with it) so he has confidence he can buy the wheat with it. 

 reminds me of Nostr Terminal:

https://github.com/cmdruid/nostr-terminal