matt on Nostr: This isn’t specific to BOLT 12 and is really stretching the line on accuracy. Yes, ...
This isn’t specific to BOLT 12 and is really stretching the line on accuracy.
Yes, if you reuse a BOLT 12 across two companies they can compare notes and see that you used the same one (duh!), but it’s not “because you reuse the same public key”, it’s because it’s the same thing!
But, of course, you don’t *have * to do this. Wallets, by default, should generate a fresh BOLT 12 every time they display the receive key (and LDK will every time the wallet asks for a BOLT 12), including fetching a different “offer_issuer_id”.
Ultimately, don’t assume things just based on the name of a field in a spec - the “offer_issuer_id” is a misnomer, LDK actually has a different name for it because of this, and IIRC the spec even says don’t reuse it if you’re a regular end-user wallet!
Yes, if you reuse a BOLT 12 across two companies they can compare notes and see that you used the same one (duh!), but it’s not “because you reuse the same public key”, it’s because it’s the same thing!
But, of course, you don’t *have * to do this. Wallets, by default, should generate a fresh BOLT 12 every time they display the receive key (and LDK will every time the wallet asks for a BOLT 12), including fetching a different “offer_issuer_id”.
Ultimately, don’t assume things just based on the name of a field in a spec - the “offer_issuer_id” is a misnomer, LDK actually has a different name for it because of this, and IIRC the spec even says don’t reuse it if you’re a regular end-user wallet!
quoting note197d…uk8fDid you know bolt12 only lets you have a static qr code if you reuse the same pubkey again and again? This is bad for your privacy and allows companies like Chainalysis to offer a transaction monitoring tool for lightning. Bolt12 considered harmful.