Closed RequestPrivacy closed 1 year ago
Agree with the reasoning, if I could suggest something, a dialog box maybe explaining a little bit of paynym.is and its advantages and disadvantages before accepting the connection would be great to protect against unwanted retrieval from the application side.
PM8TJ..
code is all needed to make any BIP47 TX, as well as Stowaway & StonewallX2 on SparrowIt looks as if Sparrow tries to retrieve the PayNym. Opening it a second time (unfortunately not filmed):
Then I went into Tools -> Find Mix Partner and here it retrieved the PayNym automatically!
After that going back into Tools -> Show PayNym
So either both menus try to retrieve the PayNym or at least the Tools -> Find Mix Partner does. I definitely haven't asked Sparrow to retrieve a PayNym, just switched between menus and yet there the PayNym is. That isn't something which should happen imho.
PayNym retrieval should be an informed opt-in, even more so if your point no 2) is valid for both use cases.
Use of PayNyms is opt-in. There is an application-wide setting in the config file
"usePayNym": false,
which is by default false. To get it set to true, you must have explicitly opted in by clicking the "Retrieve PayNym" button, as indicated in the following screenshot:
True, there is such an option in the config file. Okay, this leads me to the following questions:
I don't know if it adds value to others, but I would prefer to have the choice in each separate wallet.
Was/is there a setting in the UI where I can toggle this on/off AFTER I set it to true by clicking on the button?
No - as one has already sent the payment code to paynym.is, so disabling it later is perhaps less useful than it would sound in the UI.
I don't know if it adds value to others, but I would prefer to have the choice in each separate wallet.
Can you motivate this use case? I prefer to treat different sets of wallets with different privacy requirements using different configs with the -d
flag to set Sparrow home, which is less mental burden (for me anyway).
I never thought about using the -d
flag for separating use cases. Thanks for the advice.
First of all it has something to do with Sparrow not behaving like I expected it to do. The fact that @nyxnor agreed and even @rapidlab309 was unsure (in the sense that he expected it to be always opt-in, not just before the first "agreement") makes me think others might also be taken aback by this behavior - although I am certain most won't care.
Use cases or motivation:
"use paynym: false
or -d
flag for separating via different configs) would be cool for control freaks like me.As I now know what's going on and have workaround feel free to close this issue when the others have no comments and/or you don't see a need for further action.
Thanks everyone involved in the discussion!
Understandable - although a lot of thought has gone into balancing these kind of concerns with making it easy enough to use, communicating all the detail without overwhelming the user can be difficult.
At least a hint in the docs towards editing the config file (set "use paynym: false or -d flag for separating via different configs) would be cool for control freaks like me.
I've made some changes to https://sparrowwallet.com/docs/spending-privately.html and https://sparrowwallet.com/docs/faq.html#where-does-sparrow-store-data to indicate that PayNyms (and by extension connections to paynym.is) are strictly opt-in, and can be configured in the config file.
Closing this off.
Note - it might be that some of the following statements are based on a flawed understanding of payment codes and PayNyms on my side. I appreciate clarifications.
Description
System: Linux (Kubuntu 22.04LTS) Sparrow: 1.6.6
I've recently created a new wallet and once I clicked on Tools -> Show PayNym, Sparrow automatically retrieved the PayNym (i.e. the short descriptive name and robot picture) from Samourai's paynym.is site.
I recall that this was previously an opt-in feature (might be wrong here).
As far as I understand it, PayNyms in the sense described above are not mandatory, as the real deal is the underlying payment code starting with
PM8...
.Feature Request
Disable automatic retrieval of a PayNym by defaulting to a button which has to be clicked for kicking-off the retrieval (making the process opt-in).
Offer a tooltip or dialog explaining the reliance on an external server and company (Samourai) and its potential privacy implications (it seems to me that paynym.is is an open directory where all PayNyms and their followers can be viewed). Further make it clear, that every collaborator with whom you shared your payment code can retrieve your PayNym (and its followers?) from the site:
Add to the tooltip the extract from the Sparrow Docs http://sparrowa7io5pz6ud3ehqzosvepbxbxt2zphmkjsylp2zgxooko23pqd.onion/docs/spending-privately.html#soroban-paynym-payment-code "You can perform a collaborative two person coinjoin with either payment codes or PayNyms on Sparrow. If you are collaborating with a Samourai user, you will need to use PayNyms, and add each other’s PayNym to your respective contact lists."
Reasoning
If someone knows that a wallet is used just between Sparrow clients or users who do not want to use or understand payment codes/PayNyms accidentally clicking on "Show PayNyms" or "Find Mix Partner" there shouldn't be made an externally connection without their consent.