WBD695 Audio Transcription

The Bitcoin Mutiny with Tony Giorgio

Release date: Friday 11th August

Note: the following is a transcription of my interview with Tony Giorgio. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.

Tony Giorgio is the co-founder and CEO of Mutiny Wallet, a self-custodial lightning wallet. In this interview, we discuss the privacy implications of using Lightning Network, challenges faced by Mutiny, the concept of coin swaps, the web-based nature of Mutiny, the Lightning Service Provider (LSP) model, and the potential future developments of Mutiny.

“We want to get to the point where any Lighting node on the network can be an LSP for anyone else, that’s the dream.”

Tony Giorgio

Interview Transcription

Peter McCormack: Tony!  Welcome to What Bitcoin Did, my man. 

Tony Giorgio: Let's fucking go, good to see you again, Peter. 

Peter McCormack: Good to see you.  Got to know you over the last couple of years, heard about Mutiny, I didn't know it was you until we got to Nashville. 

Tony Giorgio: Yeah, last week, a few days ago.  Yeah, everyone's been talking about Mutiny as the coolest fucking project in Bitcoin, the coolest wallet, the coolest Lightning project, and I get there and yeah, I get told it's you, which is amazing.  So, it's really cool that it's someone I've got to know that's doing it.  How's it going, man? 

Tony Giorgio: It's good, man.  We launched last week, but we've been grinding for the last few months as an official company at the start of Q2 of this year.  And me, Ben Carman, and Paul Miller, we've just been killing it the last few months.  We set a goal out, just like, "Hey, 1 April", we were like, "Let's shoot for the Nashville Lightning Summit", which was an amazing experience.  And we killed it, and we shipped it, and it's out there.  So, it's beautiful to see.

Peter McCormack: Yeah, big shout out to Rod.  Big shout out to Odell, big shout out to Harry, crushing it at Bitcoin Park.  Lightning Conference was great.

Tony Giorgio: Yeah, top notch.  I mean, every month they put on bangers with different topics, so a Lightning-specific one is always a lot of fun to do.

Peter McCormack: Competing here with Austin.

Tony Giorgio: I know, I know.  I'm always flying back and forth between Austin.  I'm glad it's only a two-hour flight because otherwise I don't think I would do it.  But yeah, a little competition, but we have our differences.  You know, we're a little bit more dev focus here in Austin, so it makes a little bit more sense for a dev focus team to be here in Austin, but I love the Nashville vibes every time I go there, so yeah, they kill it every time.  The Bitcoin Park, if you haven't been there, so two houses almost and a nice studio.  Yeah, you probably have shot down there a few times; really, really impressive. 

Peter McCormack: Yeah, we've been three times?

Danny Knowles: Three or four times, yeah. 

Peter McCormack: Yeah, we're now members. 

Tony Giorgio: Nice. 

Peter McCormack: We're official members.  Yeah, join as well if you're thinking, you're a Bitcoiner, just join, support the project.  It's important to have these spaces around.  So, this is your first time with the What Bitcoin Did crowd.  Tony, can you give people your orange-pill story, because I think that's going to be a helpful build up to what we're going to talk about.

Tony Giorgio: Yeah, I mean I heard about Bitcoin early on, 2012 or so, when I was in high school, my dad told me, "Oh, don't touch it, it sounds like a fake thing", and I was playing around with it.  But I didn't really do anything with it until I graduated from college as a software engineer.  I worked at defence for a little bit, and I was like, "Fuck this, this is boring, I don't want to be responsible for aircraft machinery that drops bombs on people", I didn't feel comfortable with that, so I just got involved in the Bitcoin Dallas scene, the Dallas Texas scene, that's where I kind of grew up in that area.  From there, I got involved in that community, picked up a job from a local blockchain company.  Natalie Smolenski has been on a few times. 

Peter McCormack: Yeah. 

Tony Giorgio: Yeah, I worked with her at Learning Machine at the time, and then then it got acquired by Hyland

Peter McCormack: Oh, we love Natalie. 

Tony Giorgio: Yeah, I love Natalie. 

Peter McCormack: I think she's the coolest person that's come into Bitcoin as a prominent voice in the last couple of years.  I know she's been around longer, but actually getting out there, getting out there, writing, getting on podcasts.  I fucking love Natalie.  We've done what, three shows with her? 

Danny Knowles: Yeah, I think three. 

Peter McCormack: Yeah, two independent, one with Gladstein.  She crushes. 

Tony Giorgio: Yeah, I love those the best out of all the podcasts.  I'd have to say that those are my favourite, along with the yearly Matt Odell ones at the end of the year.  So, those are fun too. 

Peter McCormack: Fuck that guy!

Tony Giorgio: Has that one come out yet?

Peter McCormack: Yeah, what was the last one?  I don't know.  Last one, he was yelling.  Oh, we just did one a few days ago.

Danny Knowles: Yeah, that'll be out tomorrow.  God, I can't even remember, they all merge into one.  Were we being nice to each other? 

Danny Knowles: Yeah, you were quite nice to each other.  It's never fully nice. 

Peter McCormack: He got me to get rid of my blue check. 

Tony Giorgio: Oh, you got rid of it? 

Peter McCormack: Yeah he shamed me into it. 

Tony Giorgio: Oh, man, okay, well it worked I guess. 

Peter McCormack: Pissed him off.

Tony Giorgio: I know.

Peter McCormack: No, it pissed him off that I did it.  He was like, "I was all ready for you to fight me back and then you just got rid of it".  It was like, "Oh, what do I do now?"  I was like, well, you know what, I agreed with his argument.

Tony Giorgio: Right, okay.

Peter McCormack: And then we had Marty on the next day and he had a good thesis to keep and I was like, "Oh, fuck, now I want to keep it!"  But it's gone now.

Tony Giorgio: That's awesome.  But yeah, I worked with Natalie for a while and that was a ton of fun.  I got acquired by Hyland, I left shortly after that to go to Bottlepay for a little bit.  Yeah, we had a little bit of a history back then.  I remember on Twitter, I was giving you a little shit and then you were giving me and Bottlepay a little shit for some stuff going on at the time, and then we met.

Peter McCormack: Did I?

Tony Giorgio: Yeah, we met and I actually got reprimanded for that.

Peter McCormack: Damn, what happened?

Tony Giorgio: Yeah, they were like, "Well, it's a UK company", they were like, "Well, Peter's UK.  We don't want to piss him off".

Peter McCormack: Now fuck that, come on.

Tony Giorgio: Yeah, I know, but they were like, "Hey, remove all affiliations with Bottlepay and don't speak publicly about it any more".  So I was like, "Fuck that".  I wrote this huge article on Lightning privacy because at the time, what we were getting shamed for at Bottlepay was all of the Lightning compliance and on-chain compliance that we were doing while I was there.  I was like, "Okay, fuck this".  So, I just came out with an article that basically said, "Here's how to get around every Lightning and privacy-related thing to get around some of those controls".  So I wrote this massive article.  It was all out of hate and spite for them, what they were doing over there, getting reprimanded for speaking my mind on social media, just as my own self, speaking my own mind.  So, I just came out with this massive article.  It was a 25-minute read, and it ended up being the basis for everything I've done since then.  I got on a Citadel Dispatch from there.  It's pretty much been the big primer on what does it mean to try to have privacy on top of Lightning. 

From there, I left Bottlepay, worked at Impervious for a little bit, and then was doing some contracting while we were trying to figure out what to do with Mutiny.  We started working at the -- we had a hackathon that Lisa put on, not bolt.fun, Base58, there was a -- oh, BTC++ Hackathon, where the whole idea of Mutiny was born.  It was called something else at the time, it was just some hackathon project name, and then we were like, "Okay, what do we do with this?"  Ended up at Voltage, because I was doing some contracting there, and we were like, "Okay, well me and Paul", Paul worked at Voltage at the time, we were like, "We want to focus on Mutiny.  We eventually want to leave Voltage and go do something and start this company", and Voltage completely supported us the whole way through.  They said, "Hey, join the team, work half-time at Voltage", building the Lightning service provider for Voltage, that is now being used to power Mutiny.

So it was kind of a handshake deal, gentlemen's deal.  Like, "Hey, you do your thing, help us, and then we'll support you when it comes time to leave to start Mutiny". 

Peter McCormack: Wow!

Tony Giorgio: Yeah, so I guess all in all, since 2017 getting involved, and then from now starting the company here in 2023.  It's been a wild ride!

Peter McCormack: That's a great trajectory, man.  So okay, look, a couple things to unpack there.  Firstly, with the amount of people giving shit, you don't always remember who's who and you certainly don't remember them, the profile and the person.  So, I can't associate an argument on Twitter or you giving me shit with that being you.  I only remember you as Tony, the guy I hang out with sometimes, who I think is my friend.  So what were you giving me shit for?

Tony Giorgio: It was probably BlockFi at the time or one of those.  But it was funny because we were in Miami for Citadel Dispatch, the live one, I guess the first Miami conference that existed.  You showed up, Matt was there, a bunch of people.  You're like, "Oh, man, I really you, let me follow you on Twitter".  And then I pulled out my phone and showed you my Twitter profile.  It was like, "Oh, that's you?  You give me shit on Twitter all the time".

Peter McCormack: Yeah, well do you know what, that's happened a few times.  And, firstly, I'm okay with that, because most of the time, I think you meet in person, you get to know each other, and you're like, "Actually, they're all right", and do you know what, you've got a fair point.  The BlockFi thing, I think I've regularly walked that one back, I didn't see it coming.  I used BlockFi, but I get it.  But also, I don't the idea of Bottlepay saying to you, "Don't give Pete shit", because they're censoring you because they think they might want me to say nice things about people on the pod.  I don't that.  I mean, I'm more likely to reject Bottlepay knowing that.  But they've gone kaput anyway.

Tony Giorgio: Yeah.  They shut down, NYDIG shut them down, I think a month ago or so.  I mean, Pete's a great guy.  It wasn't from Pete, it was HR-related things.  So I was just like, "Okay, whatever".

Peter McCormack: That's not Bitcoin, man.

Tony Giorgio: It's funny though, because I came out with that article and they're like, "Oh, wow, we want to shill it", and I was like, "No, it basically says how to get around Bottlepay's controls".  And they were like, "Oh, okay, we probably shouldn't publish that", I was like, "Yeah!"

Peter McCormack: What went wrong with Bottlepay?

Tony Giorgio: I think they had a good product in Europe, to be fair.  I loved that it was a small team, a small developer team.  That's why I was so impressed by it at the time.  It got acquired by NYDIG, it got acquired after I left.  I just guess they didn't pick up the users they wanted to pick up, they got acquired, NYDIG probably wanted to use them for a specific thing and it just didn't work out.  So, it's all speculation at that point, but maybe it just didn't get enough traction to make sense, maybe they tried to incorporate some B2B kind of stuff and that didn't work out.  They're probably still using the team in some way, but I'm not sure what.  They do a lot of good Bitcoin and Lightning stuff in the space, so they're hopefully trying to maybe utilise that technology in a different way. 

Peter McCormack: Yeah, I mean, I liked the product, Bottlepay, I like NYDIG, I like what they're doing with Wolf.  Yeah, I think that's a very cool kind of an accelerator programme; I think it's very cool.  I like Kelly who runs it. 

Tony Giorgio: We got an offer to join Wolf right before we started.  So, we decided to go with Ten31 as our kind of main VC and kind of let them bootstrap.  They pretty much said, "Hey, we'll match the same deal", but I was like, NYDIG's great, the new accelerator seems awesome, Evan went through it.  A lot of people in this space I respect went through it, have good things to say about it.  But from our perspective, it's like, "Well, no one's more aligned with our mission than Ten31 and Matt Odell and all of them".  So, we just raised from them and a few other angels and just said, "Okay, this feels comfortable.  This is the right move".

Peter McCormack: Yeah, good move.  I mean, we had Grant and Marty on to talk about Ten31.  I've been talking to Grant for quite some time.  I think, again, what an amazing fund to have behind you and what an amazing group of people.

Tony Giorgio: Yeah, and always great feedback from them too.

Peter McCormack: Yeah.  All right, cool, man.  Well, I said we're going to talk about Mutiny.  We should have a play with it.  Firstly, cool name as well. 

Tony Giorgio: Thanks!

Peter McCormack: Okay, so the background to Mutiny is the fact that you wanted to get around a lot of the privacy issues.  So, explain what these privacy issues are that you wanted to get around.

Tony Giorgio: Yeah, one of the big ones is receiver privacy.  So, sending on Lightning is pretty great.  In fact, I've been kind of saying more and more lately that we did build sort of a Tor network on top of Bitcoin.  The way the onion-routed payments work in Lightning, you go from hop to hop to hop.  There's a bunch of nodes on the network.  There's, I think, tens of thousands of nodes at this point, and 70,000 channels, so different hops you can go through.  So, we basically built Tor on Bitcoin with that, but there's still a lot of gotchas along the way.  So, I think one of the big inspirations of writing that was also hearing Matt Odell on Citadel Dispatch like, "Oh yeah, Lightning's pretty private".  I was like, "Well, there's a lot of gotchas.  You can't just handwave over it and say, 'Lightning is a privacy tool'". 

So, one of the big ones is receiver privacy.  When you show someone your invoice, the sender sees who you are as the destination node.  And what that essentially means is your node pubkey is shown to that sender.  If you know anything about Bitcoin privacy, you're not supposed to reuse addresses any more.  That's been a big no-no essentially in this space where once you do that, you can see all the transactions going in and out, you can associate it with an identity.  Lightning pretty much has that same problem.  They reintroduced it with node pubkeys.  You spin up an LND node on your Umbrel and that's going to have the same pubkey through its entire life. 

So, as people are sending to it, if you're going from a custodian to your pubkey, let's say you're sending from -- and I will say, I love Strike, but I've just used them as example.  They are a KYCd institution.  So, you send from Strike to your node pubkey?  And if you keep doing that, let's say it looks like it's just redrawing over and over again to that node, well they essentially can tie a social security number to a node because they see that destination in that invoice.  So, that's one of the big ones with lighting privacy. 

Peter McCormack: Can I ask a question on that one?

Tony Giorgio: Yeah

Peter McCormack: So, a lot of people, especially people maybe who listen to this show, not everyone, but don't understand all these details, and I've kind of positioned myself as the person who will take the front line of that.  Say you're not running a node, but say you've got a wallet, say you're using Wallet of Satoshi, is it the same scenario?

Tony Giorgio: It's a little bit different with Wallet of Satoshi and in fact, each wallet handles it a little bit differently.  With Wallet of Satoshi, since they're a custodian, they have pretty good privacy from the outside world.  It's almost like if you gave me an address from your exchange that you use, and I deposit to it, it's not going to tie -- I don't see anything about that, because that's an address that is owned by the exchange.  So, it's not owned by you, it's not tied to your identity, but that custodian sees what you do afterwards, it sees that you got deposited, it knows it's associated with you as Peter. 

Wallet of Satoshi is the same way, essentially, except that they aren't a KYCd service, so they essentially just see what email address you signed up with and they can tie it.  So, for custodians, it's almost a privacy solution in that way, where no one else sees anything about them.  But of course, there's non-KYCd custodians, and you never know how long those are going to stay around.  That's my one thing to say about Wallet of Satoshi.  So, Wallet of Satoshi sees it all, but they don't know your identity.  They see payments incoming and outgoing, but it does get good privacy from the outside world.  So if I pay your Wallet of Satoshi invoice, I have no idea what happens afterwards, I can't tie anything to it. 

With stuff Breez and Phoenix, they'll use an LSP and sometimes you can get pretty good privacy when you're using a Lightning Service Provider.  So, Breez runs the routing node of the network and all the users are sort of hiding behind them.  And that's kind of one of the ways we designed Mutiny, is to Voltage this LSP.  When you pay a Mutiny user, it looks like you're just paying voltage, except it routes through in a non-custodial way to the end user.  So, Voltage can never take the funds, can never take control of the funds.  They know who to route it to, but they don't know anything about the user besides the pubkey of the node that the user is using. 

So, it's almost a VPN for Lightning.  You can think of LSPs as VPNs for Lightning, where they can see what's going on, but the outside world doesn't.  And that's strictly better than what we have today, where if they were an LSP and the outside world could see it, then everyone, not everyone, the payers of the invoice can see.  So, when I show that invoice, you can see what my node is.  And if you keep paying that, you know you can associate it with my identity.

Peter McCormack: Okay, so what have you done with Mutiny to get around all this?

Tony Giorgio: So, when we built the voltage LSP, there's a project called lnproxy in this industry, and it almost works exactly like that, where they take the invoice and they wrap it again.  So, they give out another invoice back to the user, and that's what you show to everyone.  So, when you show that invoice as a Voltage LSP, we built the Voltage LSP off of CLN, and we built it in a way where whenever an invoice is created, it looks like it's just voltage.

Peter McCormack: What's CLN?

Tony Giorgio: Core Lightning.

Peter McCormack: Okay.

Tony Giorgio: Yeah, so a Lightning node implementation.  There's, CLN, LND.  The core of our application is built off of LDK, the Lightning Development Kit, that Block and Spiral kind of helped fund and helped develop.  And that's basically a toolkit to build your own Lightning node implementation.  So, with Mutiny, we basically built our own Lightning node implementation on top of this toolkit.  So, it allows us to customise every single piece of what it means to have a Lightning node.

Peter McCormack: How good is the interoperability between these Lightning implementations?  Because, I know with Bitcoin, we pretty much are all running Core.  And I know different implementations are possible.  I know there are, I mean, I haven't really looked at it.  I know Luke Dashjr has Knots.  I'm not going to get into an area I know nothing about.  But my limited awareness is that everyone's pretty much on Core.  But with Lightning, it seems we have more implementation, so how's the interoperability between them?

Tony Giorgio: It's good sometimes when it works, and it's pretty bad when it doesn't work.  So, they have a spec group, and they all try to meet I think every other week to talk about Lightning protocol development issues.  And just the fact that it works at all, you can have Lightning Labs supports the LND team, Blockstream supports the CLN team for the most part, and then Spiral supports the LDK team.  And there's also Eclair; that's what powers Phoenix, the Phoenix wallet.  There's basically those four main implementations.  And interoperability, when it works, the normal scenarios, it works pretty well, but when you start getting into really advanced cutting-edge stuff, it starts to break down sometimes.  

That's one of the issues we've seen launching Mutiny, is we've seen some LDK to CLN interoperability issues, where sometimes channels would force close when they shouldn't.  We've seen some CLN to LND issues where channels are becoming inactive for no reason.  Like, LND wants to bump up the fee to some X amount; the on-chain fee, they want to bump it up 10 times what they should bump up, and CLN is just like, "No, the on-chain fees are low right now.  Why do you want to bump it up ten times?" and they deactivate the channel.  So, there's a lot of issues still to work out for interoperability.  And one of the cool things that the way Lightning implementations run, they don't look at each other's code, they just go by the spec and they try to just say, "Okay, as long as we're obeying the spec, it should all be interoperable", but it's really hard to perfect.  And they're sometimes in their own bubbles. 

The CLN team, they're testing against test suites with other CLN nodes.  The LND team, they're working on test suites with LND nodes, but there's not really been a project yet that has a full interoperability test amongst all the Lightning nodes.  I think there's a few people trying to work on it, but we need more of that in the space.  And most people probably won't run into too many issues, but when you start doing advanced things, like we do zero-conf channels, which now has protocol level support.  So, instead of waiting for one confirmation or six confirmations for your Lightning channel to be confirmed, it's just zero.  So, there's a little bit of a trust from the user's perspective, but there's a little bit of trust when you have an LSP anyways, like the Breez LSP, they support zero-conf channels, Phoenix does as well.  Pretty much every node implementation, or at least mobile wallet, has support for zero-conf.  But interoperability, when we built the CLN LSP for Voltage, we wanted to get interoperability for zero-conf for all node implementations and that ended up turning into a six-month effort because not everyone was ready, even though it was in the spec.

Peter McCormack: Yeah, so that sounds like a very important project because, did we get into a bit of a disagreement with somebody when we left the party the other night, that last conversation? 

Danny Knowles: I don't remember.

Peter McCormack: I was chatting to some guy about something along these kind of lines and I was saying, "When we get Lightning out to the normies, my friends, and you go to do a payment and it doesn't work, there's going to be little patience".  You know, communicating this as the future of money and some issue it doesn't work and the issue is down to some kind of interoperability and they don't understand, my friends are going to be like, "It just didn't work".  They're not going to be people who say, "Well, it didn't work because the LDK doesn't…" they don't know, they don't understand this stuff and they don't care.  So, that sounds one of those important projects that they almost need to work together and agree a way to do all tests so it tests the interoperability and then make sure certain things perhaps don't go live until there is interoperability.  That's just my take. 

Tony Giorgio: No, that's the number one complaint that we've gotten since we launched, is payments aren't going out.  And we've investigated it a lot over the last few days.  And the number one issue is because there's channels that the CLN node has inactive with the LND node that shouldn't be inactive, so payments aren't going out.  And that's on us at the end of the day.  Like, when users are using Mutiny and payments aren't going out, that reflects poorly on us.  It doesn't reflect poorly on LND or CLN, and no one should have to know any of those things, but it reflects poorly on us.  There's so many -- pretty much all implementations except Eclair, I have worked on in some way, try to fix some bug report or some issue because at the end of the day, we're the application, and if some part of the network can't communicate properly, our users will see that as a reflection of us, not node implementations having some bugs.

Peter McCormack: But does that mean you have to create a workaround for their bug, or wait for their bug to be fixed?

Tony Giorgio: We have to create the workarounds.

Peter McCormack: And so that starts to feel like you're creating a patchwork, which doesn't feel like you're building the cleanest code.  But as somebody who has a background in coding and tech, is that common practice or are we just in this weird, decentralised world?

Tony Giorgio: Yeah, that's common practice.  In some scenarios you can fork the code.  So, I love the work that Roy does with Breez and very early on, he has just been banging his head against the wall trying to get LND to change the code in one way or another and they didn't want to go for it.  So, they just ended up running their own implementation of LND with certain features turned on and off, just so they can do it.  But it turns into a scenario, like I think Muun actually runs an old version of LND and they have forked it heavily, and I think they're on a pretty outdated version of LND that they've just having to patch over and over and over again and try to catch up to the latest code. 

So, forking a codebase, so taking the code, cloning it over, changing it in your way, and now you're the new maintainer of LND, you're a custom LND, that's not an easy task to do.  And it creates that patchwork, it creates the headaches, and then when you try to upgrade later to the latest codebase, then it becomes a nightmare.  You're not specialised in LND, the Lightning Labs team is.  So, when you do this on your own, you might not know what you're doing 100% of the time.  You can tweak code, you can change parameters, you can do all that, but you're not going to know some obscure bug that's been fixed in the latest version that you just have to figure out on your own.  So, the patchwork really sucks.  And sometimes the implementations have to do that patchwork themselves.  It's not ideal, but sometimes LND is like, "Well, CLN does it in this way, the protocol doesn't define it", so now they have to do some patchwork. 

LDK is coming in with the same position.  They're almost the underdogs in this story, and they're like, "Oh, well LND does it this way, and they're 90% of the network, so I guess we have to figure out the workarounds to work with LND, because they don't want to change the code in the specific way and even if they do, that's six months down the line maybe".  We don't have six months to wait for code updates, so we have to do that patchwork ourselves.

Peter McCormack: All right, talk to me about zero-confs, because I spoke to Bitrefill a while back, and my understanding was there was something changed with regards to zero-confs which affected their business and you're going to have to remind me, or can you remember what that was about?

Danny Knowles: I can't.

Tony Giorgio: Yeah, I remember, I remember it.

Peter McCormack: What was the thing that changed? 

Tony Giorgio: Bitrefill and Muun, so you can now do RBF on zero-conf transactions.  So, you can replace the fee and it doesn't -- actually for non-RBF.  So, it used to be if you signal a flag, then you can always replace it.

Peter McCormack: They've changed the default, haven't they?

Tony Giorgio: They changed it.  They didn't change the default, they allowed the option in Bitcoin Core so that any transaction could be broadcasted across the network to change the transaction, even if it's not explicitly saying, "I signal RBF".  So, what we had were merchants saying, "Oh, well if they didn't flag RBF, that means that the transaction is pretty much going to confirm".  They don't know it for a fact, but they know with a high degree of certainty that no node on the network, no Bitcoin node, no Bitcoin Core node would relay those transactions. 

Peter McCormack: And the risk rate was so low. 

Tony Giorgio: It was so low.  So, it worked for merchants, it worked for them for a while.  I think what spurred up the controversy is Muun Wallet operates heavily on zero-conf transactions for both opening it to the user and for the user opening it to them.  So, there's a lot of degree where Muun trusts their user a lot, because they're trusting that the user's not going to double-spend, and they had a pretty good success rate because of the RBF rule.  But since that became allowable on the network, I mean especially in high feerate environments, I know that they've lost a lot of money from users that were being malicious and for bugs on the network like, "Oh, that zero-conf transaction never confirmed and it got pushed out of the -- it never confirmed, it's been weeks, and it's no longer in the mempool", and the fee went back to the user after they already made a Lightning payment.

Peter McCormack: So, was there a way to essentially just scam them over and over with it?

Tony Giorgio: Because Muun is trying to give the users an instant experience, so Muun is not a Lightning wallet, it's all on-chain, so when you as a user want to pay a Lightning invoice, you expect that to be instant, because that's what Lightning is all supposed to be about.  So, it's actually two on-chain transactions every time you do a payment on Muun, and they trust that the user is not going to double-spend it, and they go ahead and spend that, they pay that Lightning invoice on behalf of the user.  So, I had a friend that was just bouncing money between multiple wallets because he was testing, and he ended up getting $1,000 back refunded on Muun, even though it arrived to his Phoenix wallet. 

Peter McCormack: I mean, it's great of Muun to try that.  So, I always wondered how Muun did that.  I was like, "What's going on here?  How are you doing Lightning payments for me and on-chain in the same one?"  I just didn't know.  So, what are they doing?  Are they paying it for you; are they co-mingling the funds? 

Tony Giorgio: Not co-mingling, they just... 

Peter McCormack: Because if they're paying the lightning fee for you, they've still got to take the Bitcoin from an on-chain address, which means there's an on-chain payment.  But that on-chain payment's going to be much higher than a Lightning payment, so how are they covering that?

Tony Giorgio: Sometimes it shows up as a huge fee when there's huge high-fee environments.  I've seen some screenshots from Muun users that said they paid a $50 Muun fee to pay for coffee.  And normal Lightning, it shouldn't have that scenario.  You pay for a coffee, it's a $5 transaction, it should be pennies on the dollar if you're doing real Lightning.  But in high-fee environments, Muun just doesn't work.  So, they're trying to do atomic swaps that aren't actually atomic because it's zero-conf and you can undo the first part of it. 

So, with an atomic swap, it basically means, I spend a transaction to the service provider.  They won't pay the invoice until -- it locks itself into a 2-of-2 with the service provider, so a 2-of-2 multisig.  Neither one can spend it unilaterally, but once Muun pays the invoice, they're supposed to be able to redeem the transaction to their own wallet.  So, it's like a two-step process, and if it's done atomically, there should be no issues with, I pay that invoice, and now I can't redeem the funds from the user.  You should always be able to redeem the funds from the user with an atomic swap, but since they're doing zero-conf, they're just like, "Oh yeah, well it'll confirm", and then it never confirms, but they already paid the invoice, and now they're out whatever.  So, there's huge liquidity requirements on Muun's side to keep enough funds on Lightning and enough funds on-chain to be able to support users going back and forth between on-chain and Lightning. 

I mean, I have to applaud Muun, they kill it with the UX, but there's a lot of trust in the user with it, and you could get in that scenario where you're bleeding money because of some of these assumptions.

Peter McCormack: Is there anything that Muun's doing where you're putting trust in not being rugged by them?

Tony Giorgio: Yeah, so it goes kind of both ways.  So, when Muun sends you the on-chain transactions, when you show a Muun invoice, it's Lightning, right?  But again, on your Muun wallet, you only understand on-chain.  So, it works in the reverse as well.  If that transaction never confirmed, you essentially said, "I redeem the payment", and then that transaction never confirmed, and then they could rug you that way as well.  So, they're not doing it maliciously, it's all zero-conf issues.  In high-fee environments where transactions could be bumped, it just happens accidentally.  It's just not anyone's fault, except for trusting zero-conf. 

We kind of have a little bit of that as well.  You don't have to set an LSP in Mutiny, you can just open up your own channel with any node on the network, but if you set the Voltage LSP as your LSP, you are assuming that Voltage will send you those funds or that channel will confirm and then the funds will be sent over.  They're good guys, and I love what they've done with the UX, but that's just some of the growing pains that that you get with doing it that way.  And I think they want to change it, they just didn't change it by the time we had the latest high fee spikes a few months back.

Peter McCormack: Yeah, it will be interesting to see if they continue with that.  I mean, I just love the UX anyway.  It's a great wallet.  It's a funny one with on-chain.  I don't operate with multiple wallets, but with Lightning, I do, I just have a range of wallets.  I really like John Carvalho's wallet, he's just launched; obviously, we like what you you're doing; I really liked Blue's Lightning wallet.  I know they've got rid of it. 

Tony Giorgio: Yeah, that's going away.

Peter McCormack: Such a shame.

Tony Giorgio: That was custodial.

Peter McCormack: Yeah, but I was okay with that.  I mean, I never kept much in it.  But there's so many good wallets, it's unbelievable how many good wallets are out there.  Okay, anyway, look, back to Mutiny.  So, that's the first thing you've done.  What else have you been doing to get away from, or to deal with privacy?

Tony Giorgio: Yeah, one thing that we're doing behind the scenes is allowing multiple nodes to spin up.  So, because we're built on LDK, we kind of get this toolkit to spin up multiple nodes really quickly and really efficiently.  One of the products that we haven't shipped yet, we did it at another hackathon that Lisa threw.  Lisa throws the best hackathons, the best events, the best education events in this space. 

We came up with a project where I'm calling it Redshift.  It's basically a Lightning-based coinswap.  And so, Chris Belcher came up with this coinswap protocol a while back.  I don't know if he's done any work on it recently or that he's finished it, but it's essentially it's like, I send a UTXO to you and you send one back, but there's no correlation between the two, it just shows up on-chain like I have a new UTXO you have a new UTXO.  And that just essentially means from a privacy perspective, it erases all previous links, all previous history that you had on that transaction.  So, you spend that transaction, you get a new one from someone else, and you will inherit their history of transactions instead of the one you had.

Some people don't like that, because they don't know what they're going to be essentially buying.  It could end up backfiring where, like with coinjoins, you all put your funds together, you're not supposed to link the inputs to the outputs, so everything should be uniform.  It should just be, "Oh, we're all treated equally, we're all the same, we all inherited each other's history, which is indistinguishable".  It basically erases that history from that standpoint.  But from a coinswap perspective, you inherit someone else's history.  It's not obvious that it was a coinswap, which is kind of a cool thing.  It just looks you did a normal transaction and just went one hop, went one hop away.

Peter McCormack: Because some services will reject coinswaps when they know what they are.

Tony Giorgio: They'll reject coinjoins, yeah.

Peter McCormack: Coinjoins, yeah.  So, is that the incentive to create what you created?

Tony Giorgio: Yeah, so with coinswap in general, that was the incentive.  We thought we could do coinswaps without needing to do some of the hardcore cryptography that Chris Belcher was doing.  We essentially are treating Lightning as the sort of contract layer for this transaction.  So, we will spin up a new pubkey on the same user's device, we open a channel with some random node on the network, we push the funds all the way through, it gets to the Voltage LSP, Voltage will open a channel with you with one of their UTXOs, and then when you're done, you just close the channel.  So, we do that all behind the scenes. 

What it looks to the user is, I have a UTXO, I want a coinshift.  Wait for some confirmations to happen, wait for some channel opens to happen, and then what you'll have is a new UTXO at the very end.  It essentially is coinswapping with Voltage.

Peter McCormack: Okay, and again, we're going to have to go to my base level understanding.  Does that mean you have to find somebody with the same value UTXO who wants to do the swap?

Tony Giorgio: No, so in this case, you just push as much funds as you can.

Peter McCormack: Okay, right.

Tony Giorgio: And then when you close that channel, it'll just be whatever amount ended up confirming.  Like, you could get a scenario where I open a channel with a random node, I try to push it through the network, and there wasn't enough liquidity and only half of it made it.  But that half that made it, you still get half a new UTXO, and when you close it on the original one, you'll have that half back.  It's almost toxic change on whatever's left over.  Those funds didn't make it through because there may have been liquidity issues, payment failures, whatever, but whatever amount will end up getting back to your new node, which is still on your same wallet, it's just spinning up new nodes under the scene to do -- it's almost like going back in a circle, paying yourself down different nodes. 

Peter McCormack: And there's no regulatory risk with you doing this, because we know coinswaps, coinjoins have been an important push forward in privacy.  If we go historically when we used to have mixers, which I know is different, but they were seen as something which had a regulatory issue with them, we know people have been arrested for running them.  So, there's no regulatory issue with that or you scared of it?

Tony Giorgio: There's no custody of the funds by any other third party but yourself.  You control both sides of it, essentially.

Danny Knowles: So, you're not even effectively a middleman in the transaction.

Tony Giorgio: And not even the LSP, it's just opening a channel to you and routing a payment like it does every other user on Lightning Network.  So, if there's regulatory issues, that means there's Lightning regulatory issues in general, which you could argue that.  Someone could make that argument, but that would be detrimental to Lightning Network and I don't think it would work.  I've been talking to some companies in the space that are operating major LSPs from, I won't name who, but they've pretty much got high, top executive lawyers to kind of say like, "Oh, running an LSP is fine.  There's no MTLs needed, there's no MSPs needed, it's all non-custodial at the end of the day.  So, you would have to ban Lightning to ban a Lightning-based coinswap.

Peter McCormack: It is brilliant, this kind of fundamental approach to decentralisation that has existed since the start of Bitcoin, which gets around so many issues with regulators, whether it's related, like you said there, to money transmission licenses, or anything to do with the SEC where they want to sue anyone.  It's absolutely brilliant, I love it.  I think we should, oh, let's talk about also, you're web-based.  Let's talk about the fucking massive benefits of that. 

Tony Giorgio: Yeah, so it's web-based and some people have called us crazy from the very start for doing it, some people are calling us crazy right now for doing it, and we can definitely get into the trade-offs of it as well too.  But yeah, we're web-based, we run it all, we write it all in Rust, all the node logic, a programming language called Rust, then we compile that to WebAssembly and then we ship that to the user's device.  So effectively, all the node logic runs right there on the user's phone in the web tab.  You can run it on a desktop, in Safari, Firefox, Chrome, same thing on Safari Mobile on iOS and then Chrome Android as well, Firefox Android, it works there as well. 

So, essentially you go to app.mutinywallet.com and then a new node spins up fresh from the start.  We've thought about, okay, how do we onboard the users?  How do we explain what's going on?  And for now, we're just sort of saying, "Here's a little pop-up.  Careful, this is still beta, but there we go". 

Peter McCormack: There we go.

Tony Giorgio: You click the X and you see that you have zero sats and you're ready to start receiving.

Peter McCormack: All right, so anyone listening, by the way, if you want to go to YouTube, we actually have it live on the screen.  If you don't, then we'll try and talk you through best what we're seeing here.  Dev-wise, what additional challenges did you face doing it web-based, or is it easier?

Tony Giorgio: It's so hard.

Peter McCormack: Oh, okay!

Tony Giorgio: It's so hard.  The Rust WebAssembly ecosystem is getting a lot better, but there's still challenges.  For one, everything runs single-threaded, so you don't get a lot of performance benefits from being multi-threaded.  For another, yes, it's just a weird thing. 

Peter McCormack: Yeah, multi-threaded, come on, man! 

Tony Giorgio: Yeah.  Another is talking to the Lightning Network is a challenge.  So, we have to run a communication proxy, anyone can run it, you can self-host it.  We have the code on GitHub, it's all MIT source code.  You can run your own proxy on your own Umbrel, but essentially web browsers can't talk TCP, so just a native internet protocol to any other network.  You can only do HTTP requests and it gets a little weird, but essentially it can't natively talk to Lightning Network, so we had to build some tooling around it to allow you to have some central point that you can talk to the rest of network.  And all the messages that are going back and forth are encrypted to the node you're talking to, so there's no you know man-in-the-middle attacks there, there's no you know decrypting and seeing what you're saying.  You can even use that as just a normal proxy because no application can talk to a normal protocol like Lightning or anything like that.  So, it gets in the weeds there. 

I mean, but also the security isn't as good as well, I will admit that; it's not.  We're treating this as a hot spending wallet.  You can onboard your waitress, put $20 worth of sats as a tip to your waitress, or get someone onboarded really easily and they can progress from there.  Don't put your life savings on there.  We've had some people put way too much on there and had some issues and we're like, "Okay, this was thousands and thousands of dollars".  We warn you, "Don't put too much money on here", and the first thing users do is put thousands of dollars of sats on there and they ran into some weird issue.

Peter McCormack: There is a different scenario that happens as well.  So, I got my first BlueWallet in around, I'm going to say 2020, start of 2020, I can't remember exactly.  And I had $200, $300 that went up to say $400 with inbound.  Bull run happens, I have $4,000 in there.  So, a bull run can just drive up the value of your wallet.  I mean during the next bull run, the amount of dollar value of sats you're holding there could 5X, 10X.

Tony Giorgio: Yeah.  We have warnings around amounts now, so if you try to do too much we'd say, "Don't do that".  But yeah, also on the inverse side, we haven't run into it yet, but yeah, once you have collected enough sats, we should probably have a prompt that's like, "Hey, put this to cold storage, put this in some other app.  Keep a little bit on here for your spending, walking-around money".  We're going to come out with a lot of social-based Nostr features, we're going to come out with some cool things that I think make us pretty unique.  But in general, yeah, treat it as a spending wallet. 

Everything is encrypted to your seed words as well.  So, if you have your seed words, you can destroy the wallet, you can clear your browsers, history and cash and everything like that, and recover from the same 12 words.  It'll recover your channels, it'll recover your on-chain balances, you can load up your on-chain balance in a different wallet, that's all interoperable. 

Peter McCormack: "Dangerously paste from clipboard", love that! 

Tony Giorgio: Yeah, clipboard isn't the safest either.  Of course, the first thing I see Odell do is say, "Oh, dangerously copy to clipboard, I love that", and he clicked it!

Danny Knowles: I did see you getting a little bit of shit around this because obviously, putting your seed words into a web browser is never normally a good idea.

Tony Giorgio: Yeah, and you shouldn't use it from a fresh wallet.  The only reason this is there is if you're restoring your other Mutiny wallet, like if you deleted your browser history and you need to restore it again.  Like again, if you're using it just for a spending wallet and you only have a little bit on here, when you're restoring your seed words here, it should just be your previous state; that should only be a little bit.  Of course, it is not a good practice to be doing that, just walking around doing it, but I don't know, it's a hard one.  We want people to be able to restore from the same user interface that they're using.  But no, you shouldn't go and stick your ColdCard seed words into the browser, no.  It already spins up one by default.  If you click on the backup screen, definitely don't show the seed words.  It won't show it by default, but it'll ask you, "Hey, back up" and that's what you should back up.  So, it creates some seed words on the client device by default once you spin it up for the first time. 

Peter McCormack: So, it's pretty good working from your cash, but if you created the wallet in incognito mode, say you were using incognito mode, surfing the web and then created the wallet, you would have an issue there. 

Tony Giorgio: Yeah, so it would be a different wallet.  Yeah, and some incognito browsers will cut off access to storage at all, not even temporary.  One of the things we want to be able to do is allow Tor browser users to spin up a wallet, use it for their instance that they're using it, and then throw it away.  If you want to set up a new Lightning wallet today and you already have an Umbrel with LND on it, how easy is it to get another Umbrel with LND on it?  It's a whole pain-in-the-ass process.  So, we've essentially made it super-easy to spin up a node just like that, use it for single-time use if you want to, and then throw it away. 

Peter McCormack: Like a digital Opendime. 

Tony Giorgio: Basically, yeah.  But the Tor browser doesn't allow any access to even the temporary storage, so we have some issues around that and we'll have to do an "in-memory only" option for Tor browsers.  So, we'll have to pop up the warning like, "Hey, nothing is going to be saved.  Once you close this tab, it is gone forever", but I could totally see some users wanting to quickly spin something up and do it. 

Peter McCormack: So, what is the long-term role of Mutiny?  Is it just a wallet in my pocket? 

Tony Giorgio: Yeah, I think it works well as a wallet in your pocket, also a desktop too.  I find myself wanting a desktop wallet as well sometimes.  I really being able to bounce between the two.  So, some users are using the same browser.  They load it up on their phone, and then they're like, "This is so cool, let me load it up on my desktop", and then channels will close, because you have two nodes running at the same time with the same seed words, and we've had forced closure issues from that.  So, we have to communicate to users, "You can have this on multiple devices, just don't use them at the same time, or else there could be channel closures and some issues around that".

Peter McCormack: But are these channels you're opening for them?

Tony Giorgio: These are the channels that the users are either opening themselves, or they sent a Lightning payment and the LSP opened to them as well.  So, what will typically happen is just the channel will close, you'll get the funds back on-chain and that'll be it.

Peter McCormack: So, you've sent to this, Danny?

Danny Knowles: Yeah, I've just sent to it.

Peter McCormack: Okay, and then a Lightning setup fee of 10,000 sats.  Is that your monetising?

Tony Giorgio: No, that's the LSP. 

Peter McCormack: Oh, okay. 

Tony Giorgio: Yeah, so we don't even operate the LSP.  All right, it worked, boom.  The channel was open and you received 45,000 sats. 

Peter McCormack: That's incredible.

Tony Giorgio: So, you can send that out and you have -- we want to make it that easy to onboard someone to Lightning for the first time in a non-custodial context.  Now, sure, until the channel is confirmed, technically, Voltage could double-spend the on-chain transaction.  But if that starts happening, then there's a lot of trust issues with the LSP and then you would switch.  We want to get to the point where any Lightning node on the network could be an LSP for anyone else, that's the dream. 

So, if you don't want to trust Voltage, if you trust your Uncle Jim, and he's running the LSP for your family in a non-custodial context, you know he's still a little bit trusted, but in a non-custodial context, you can pick whoever.  All you need to do to be an LSP, in my opinion, is have an always online node that has good liquidity.  And there's tons of nodes on the network that would meet that requirement.  It's just we haven't built out that yet and there's some open LSP specs going on.  Breez from Roy, a lot of liquidity providers, a lot of wallets are in on those conversations, but I think that some of that is still six or so months away.  Evan just is launching his LSP with Zeus and we're talking to him about putting in an option into our wallet where it says, "Do you want to use the Voltage LSP or do you want to use Evan's LSP?"  So, at least get multiple choices. 

It's not going to be a one-for-one, you can just swap out any pubkey with anyone else.  We're going to have to hard-code some things to get it to work with Zeus in the beginning, but our dream is that anyone can be an LSP.  You don't have to trust anyone else.  You can even say like, "No, I don't want a Just-in-Time channel.  I'm going to wait one confirmation before I reveal the preimage to the node, to the Lightning Network".  So, you could do it in a way where it's a lot less trusted by just saying, "I'll wait one confirmation and then I'll consider the channel active".

Danny Knowles: It reminds me, I know it's obviously completely different, but it's a little bit Cashu, in terms of how you actually use it.  And I was really impressed with how simple that is and that's obviously never been done with Lightning before, so it's very cool.

Tony Giorgio: The Fedimint stuff, the eCash stuff, is going to be huge I think for the Lightning Network.  And one of the things that we haven't done yet, we're still waiting for some of the eCash stuff to get a lot better.  It's going a long way, it's coming a long way.  But one of the dreams is, so when you made that deposit, you noticed that there were minimum requirements.  So, we require 50,000 stats for the first inbound, for the first channel to be open, because it doesn't make sense to open a channel to you for like 500 sats, 1,000 sats; the on-chain fees are too high for that, you wouldn't want to do that.  So, we want a mode for if your very first deposit is under 50,000 sats, it goes into a Fedimint.

Danny Knowles: That would be very cool.

Tony Giorgio: And then once you have enough money in the Fedimint, maybe you never do, maybe it's the waitress and she throws away the wallet and doesn't care about Bitcoin ever again.  But say you have a user that gets enough sats, starts learning about Bitcoin, it's the same wallet, same user experience, they see they have Lightning stats, that's just in a Fedimint, but it's still interoperable with Lightning.  Once they get enough stats like, "Hey, do you want to be non-custodial now?  You have enough to open your very first Lightning channel and then you're not trusting the federation or the Cashu provider for that".  So, we want to be able to do that.

Danny Knowles: So, it would almost be good to have a simple mode for that.  So, instead of seeing sats and basechain, you just saw your balance.  And maybe that balance, you can even say, just be in dollars.  And then you can go into the more complex mode where you see where those sats are actually held.  You know, if you're trying to onboard waitresses, I think the more simple you can make it, the better.

Tony Giorgio: The unified balance experience is something we want to do.  I think we made an interesting trade-off for this.  We talked a lot about it.  If you use Muun or Phoenix or Breeze, right now it just shows you a single balance, and you can do on-chain with both of them.  They make some trade-offs in order to do it.  Muun is an on-chain wallet by default, that was their trade-off.  Phoenix, it's technically custodial when you do anything on-chain, at least temporarily custodial, at least it passes through them.  They do on-chain stuff on your behalf.  So, I mean, they're operating not in the US, then they're operating in some other countries, so maybe they can get away with that. 

But in this scenario, we're like, we don't want those trade-offs right now, but when we get splicing, that's when we're going to unify it and it's just going to show one balance.  Because splicing is a huge improvement for the Lighting Network, and it's going to get around all of these weird issues where you're operating as on-chain, but you can still do Lightning, or you're operating as Lightning and you can still do on-chain.  There's a lot of headaches around that.

Peter McCormack: Danny can you just go to the receive page?  Okay, so you've got "Receive" and then get rid of that.  I hadn't even noticed this.  So, you've got basechain on here. 

Tony Giorgio: Yeah.

Peter McCormack: So, how do I send to base -- because usually you choose whether to send to a basechain address or a Lightning address.  How do you populate the basechain address here?

Tony Giorgio: Yeah, so put in some amount for that, and then set that amount, and then hit "Continue".  We spin up a unified QR code, so BIP21 unified QR code.

Peter McCormack: Oh, so it doesn't matter what -- so, if I send from basechain, it goes to basechain; if I send from Lightning, it goes to Lightning?

Tony Giorgio: Yeah, and it's up to the sender what they can do.  If you see at the bottom, it says, "Choose Format".  If you wanted it to specifically be Lightning or on-chain, you have that choice, but with unified it just makes that UX a little bit easier and it allows the sender to decide how they pay you. 

Peter McCormack: That's interesting.  But in a wallet where you don't really want people to have too much in there, to have basechain is kind of kind of interesting. 

Tony Giorgio: Yeah, that's true.  We figured if you still want to use Mutiny for both, and you can still keep $100 or $200 worth of on-chain on there, what I'm excited about is to be able to add cold storage integrations as well.  So, you can actually plug in a ColdCard to your phone and you can pass PSBTs around that way.  So, you could have Mutiny up on your phone or on your desktop and you say, "I want to sign a transaction, but it's only cold storage.  We don't have any on-chain funds at hot risk.  There's no on-chain private keys on there".  We can have a mode like that.  And then you plug in your ColdCard, it creates the PSBT, you sign it with the ColdCard, and you pass it back, and then boom, it makes an on-chain transaction. 

So, you could effectively have, you could have 1 million, 2 million sats on your Mutiny wallet, most of it on-chain, but the on-chain part's protected by your ColdCard.  So, even if something were to happen or someone took your device, that would be fine, and only the Lightning funds would be at risk.  So, you can keep topping up that way, from cold storage to Lightning, just whenever you need to.

Peter McCormack: Can you move your basechain sats into your Lightning wallet? 

Tony Giorgio: Yeah.

Peter McCormack: Okay, sometimes I have to confess things I've never done.  I've never done the reverse.  I've never, in my history of Bitcoin, sent Lightning sats back to basechain, just never.  BlueWallet didn't have it, and so is that easy to do?

Tony Giorgio: We can do it here.  We don't expose it to the user because most people, once you're onboarded to Lightning, you want to stay there unless you absolutely have to make the on-chain transaction, and then you probably have another wallet you can do that with.  With this, you can close the channel, but you effectively -- like, I want to pay you.  You paid 10,000 sats to get the channel open to you.  Some of that went to the on-chain fee.  You're already set up, so ideally you don't have to go from Lightning to on-chain, and splicing will make sure that you never have to do that.

Peter McCormack: And with your Lightning wallet there, you only have one channel open.

Tony Giorgio: If another one comes in, so let's say you made an invoice for -- so when Voltage opens up a channel to you, they're not just opening it up for 50,000 sats or 60,000 sats, they're giving you a little bit of buffer as well.  So, you can start receiving more right now, up to 100,000 more, without needing another channel.  So, you don't pay another 10,000.  You can receive up to 100,000 more right now without paying another 10,000 sats. 

Peter McCormack: That's cool.

Tony Giorgio: But if you cross that threshold, then Voltage will just charge you another 10,000 sats for another channel, and you'll have two channels to you.

Peter McCormack: And in that 10,000 sats, is that covering the full fee?

Tony Giorgio: Yeah.

Peter McCormack: Why is it not a variable fee? 

Tony Giorgio: It should be.  We haven't built that part at the LSP level to change it.  So, Voltage can change it manually, and then if it's a lower fee environment, it should be configurable on the fly.  But we haven't built that part yet.  So right now, we're just estimating on-chain fees, stipulate it should pay for a little bit of that, and then it should pay a little bit more for Voltage for providing that service to you.

Peter McCormack: All right, let me ask you a question that's been with me and Danny for a while I still haven't fully figured out.  My basechain Bitcoin, my cold storage Bitcoin, I am completely self-sovereign.  We just had Tuur Demeester in before you and we were talking about the future of Bitcoin, hyperbitcoinisation.  It might be $10,000 at one point to send an on-chain fee.  So, some people might never be able to get on-chain.  If that is the case, can you be self-sovereign on the Lightning Network, or are you always using a provider; and therefore, is any provider really a bank to you?  No one's ever given me a really good answer to this question and I feel like, are we are we ignoring; is this like an elephant in the room? 

Tony Giorgio: It all has to fall back onchain at some point for you to be completely self-sovereign.  So, with Lightning, if one party goes away, you close the channel, it falls back on-chain to you. 

Peter McCormack: This feels a big Bitcoin elephant in the room, in that we are encouraging the world of being self-sovereign and trying to get as many people onto Bitcoin as possible, but in a post-hyperbitcoinised world where an on-chain transaction is $10,000, it might be that, it might be $1,000, even at much lower levels, you're going to want to spend most of your time on Lightning.  Do we need to have an honest conversation about this and say the future of Bitcoin is that most people won't be self-sovereign and therefore, what are we really creating here?

Tony Giorgio: Right.  I think solutions like Ark could be interesting, and I don't know all the details about Ark, but it's just an alternative payment channel network that doesn't have some of the problems Lightning has.  It has other problems, but I think in worlds where there are Fedimints, maybe it's the exact scenario where I said, "Okay, you're in a Fedimint and then once you got enough --", it could be a scenario where it's like, "Okay, once you've got $10,000 so you can make an on-chain payment, now you can self-sovereign opening a Lightning channel".

Peter McCormack: Yeah, but you don't want to spend the whole $10,000 you've got!

Tony Giorgio: Oh, yeah, you don't want to spend that fee, yeah, so it would be more like $100,000 to be self-sovereign.

Peter McCormack: But even at that point…

Tony Giorgio: Yeah, and then why would you want to spend $10,000 for that, unless you were at risk?  I think when fees are that high, there's a lot of things that will break. 

Peter McCormack: But hopefully, new things will be invented, you never know. 

Tony Giorgio: Yeah, and Ark could be one of those new things that have -- so with Ark, you could have a scenario where the transactions, they do it in a way where they're spending the on-chain transactions, but you can always fall back on-chain, but I don't know.  Everything breaks if you can't go back on-chain. 

Peter McCormack: Yeah, my assumption is that we end up in a place that there are service providers that are like banks in the future, but they have just a very different trust model from a bank. 

Tony Giorgio: And federations would be perfect for that. 

Peter McCormack: Exactly, yeah, but it's just it feels like it's a bit of an elephant in the room that we've avoided talking about when we get to super-high-fee environments, but okay, we can worry about that for the future.  We're early enough, we should be okay!

Tony Giorgio: But it sucks even paying $10 for an on-chain transaction.  I hate that.

Peter McCormack: Dude, yeah, of course, yeah.  Okay, let's talk about the rug model, because that was another thing that came up in Nashville during the Lightning Conference.  One of the downsides of this is that because you're not app-based, you could rug people.  Look, I know you, I know Ben, you're not that character, but it's still part of a risk model.  Is there anything you can do to mitigate that in terms of the way you update the code?  Can people have something their end to check the code hasn't been updated?  What can you do on that? 

Danny Knowles: I think with it as well, you should explain how it would be possible.

Tony Giorgio: Yeah, I'd love to.  For one, because we're not app-based, we can actually push up a code change in five minutes, which gives us, on the reverse side, it comes nice for development because we can push up a hot fix instantly.  We're not waiting on Apple to approve it, we're not waiting on Google to approve it, we can push it instantly.

Peter McCormack: Or them to fuck you the way they've just tried to fuck Nostr.

Tony Giorgio: Yeah, I mean and sometimes they'll catch some old issue that they didn't catch before and you can have an unrelated update that has nothing to do about whatever feature they have a problem with, and they say, "Well, we caught this one thing we didn't catch before.  Now you can't update your app until you get rid of that".  And it's like, "Well, okay, now I can't update a fix".  So, we can push up really fast, but that also means, yeah, we can push up something that takes the hot wallet funds that are on there. 

For the most part, apps still have that problem as well.  How many people have auto updates turned on in the App Store, the Google App Store, the Apple App Store?  They may have updates turned on automatically.  It's just a two-day turnaround instead of a five-minute turnaround, but they can still push up an update.  Like BlueWallet could push up an update if they wanted to, to iOS store.  There is no verification on the iOS wallet that you get from the app store.  Now on Android, you can do things like check the APK, you can check the binaries, you can compare hashes, you can try to reproduce the build.  On iOS, you get none of that.  If you download any app from the iOS store, you're effectively trusting the developers and Apple or both.

Peter McCormack: Right, okay.

Tony Giorgio: So, there's still some of that that exists, especially for iOS users, but it's still applicable here.  There's a lot of web-related hacks in general that can happen, DNS-level attacks, core web protocol stuff that can happen with this that you don't get when you're running a binary on your app store.  In one scenario, we could do...  So, it's a progressive web app, which means -- and a lot of especially iOS users, iOS doesn't expose this to many users, but you can hit the share button on some websites and install it to home screen so it almost looks an application.  So that way, if someone makes a malicious domain that's like Mutiny wallet with two Ts.com, you won't run into that problem because it caches the code on the phone and you have that.  And we haven't done it yet, but we can even add a button that says, in the front end on the home screen, we can say like, "There's a new version of this wallet".  And so it can download the new version whenever you want it to download. 

So, there's a little bit of caching and asking the user if they want to download a new version that we can do.  We haven't done some of that yet, but we'll probably want to once we figure that part out.  For now, we're wanting quicker updates.  There can be issues around caching where it turns into a nightmare, where it doesn't ever update for a day or two and users are like, "Hey, this new feature, this new bug fix is not working".  It's like, "Okay, well, clear your cache".  Well, if you clear your cache, you might clear your browser, and then you don't want to run into that.  So, we have to figure out the UX around cacheable PWAs, but we can have a button that says, "Do you want updates?" and that'll help a little bit. 

Another thing is we could have third-party watchers.  So, I know NVK runs something called binarywatch.com or BinaryWatch

Danny Knowles: He's got every domain in the world! 

Tony Giorgio: Yeah, it's a simple domain, it's got to be something that.  He gets the OG domains.  We can have something where some third party is pulling down the code and making sure that if it has been updated, maybe we can do something where we're signing our releases and we're signing the updates.  Like on the web, it's a lot harder to do some of the binary verification stuff that we get with Bitcoin Core and Sparrow and some Android wallets.  So, it's always interesting.  I think bitcoiners pushed the boundaries on how we can get reproducible builds.  I don't think people were doing reproducible builds 10, 15 years ago.  I think bitcoiners pushed the boundaries on like, "Okay, what does it mean to sign binaries with your PGP key?  What does it mean?"  Like, how do we make sure every single build looks exactly the same no matter how you do it?  I think bitcoiners pushed the ball on that. 

I think we could probably push the ball on what we can verify in a web context.  It's going to be a lot harder, I think, and we're going to have to be really creative, but I mean we put a node in a fucking browser; I think we can be a little creative on what we can do!

Danny Knowles: So, the big one I've heard as well is obviously phishing, like you said, Mutiny with two Ts or whatever.  Presumably, there's nothing you can really do in terms of what the user actually sees to know you're on the correct web page, because they could just copy anything, right?

Tony Giorgio: Yeah, I mean someone could literally download the source code and throw it up in any domain.  But because of that, you can self-host it as well.  So, we haven't done it yet, but we want to be able to integrate with Umbrel and Start9, so you can have like PeterWallet.com. 

Peter McCormack: Okay.

Tony Giorgio: And you're self-hosting it, and you decide when you update.  And we could probably build it.  I haven't used Umbrel in a while, but we could probably build it where there's an update button in Umbrel and you decide whenever you want to update and use it.  So, you could self-host your own domain and do it yourself.

Peter McCormack: It feels to me, it's that kind of almost typical risk model whereby your risk model is similar to carrying a physical wallet with $200 in it, about the same kind of risk that you want for the same kind of money.  By the way, Danny, I noticed you're in private browsing, so you're going to have to...

Danny Knowles: Oh, that's all right.  I did that on purpose, because I've already got one open.

Peter McCormack: You're going to have to back up your --

Danny Knowles: I was going to show the private keys, that's why I did it in private, but we never got there anyway.

Peter McCormack: You're going to have to back that up otherwise you're going to lose those sats.

Danny Knowles: That's okay, I'll send them out.

Tony Giorgio: So, when you have funds for the first time, we do have this warning at the very top that's like, "Okay, you have funds, back them up".

Peter McCormack: Good old 3.5" floppy disk!

Tony Giorgio: Yeah, Paul has done all the UI, and he's worked with the Bitcoin Beach wallet -- definitely don't tap to --

Danny Knowles: I was going to do it to see if someone can steal it from the show.

Tony Giorgio: Yeah, go ahead, tap to reveal seed words.

Peter McCormack: Dude, you can move them straight after we've made the show.

Danny Knowles: No, let's see who gets in first!

Tony Giorgio: Right, so it shows the words.

Peter McCormack: I've never seen "Satoshi" in the list of words. 

Tony Giorgio: Yeah, I didn't know either. 

Peter McCormack: I didn't know Satoshi was in this.

Tony Giorgio: I got it one time before on a wallet, yeah.

Peter McCormack: That's amazing.  I did not know Satoshi -- how many words are there?

Tony Giorgio: 2,024.

Peter McCormack: Yeah, I did not know Satoshi was one of them; I've never seen it.  My God. 

Tony Giorgio: So, we don't ask the user to back up until there's any funds on there because some of the onboarding experience, it's like, "Okay, write all these down, now repeat them back in random orders".  And it could take minutes to do the entire process, and they might not want to do that, and they might not ever use the wallet ever again.  They say, "Oh, this is too much, I left".  So, it's like, okay, well once you have funds on there at all, then we prompt you to back them up.  We ask you to write down the words, we tell you their funds are your responsibility, and that you're not lying, just to get over with it.  And some users have screenshotted that bottom part, and it's like, "Oh, you got me.  I was just going to click and continue". 

Peter McCormack: I've done it!

Tony Giorgio: So, you can't get past that unless you're being truthful.

Peter McCormack: All right, Danny, run through the menu just to make sure we've covered everything, down the left.

Tony Giorgio: I mean, we really wanted to be as simple as just send and receive.  You can send Bitcoin, you can receive Bitcoin.  One of the cool things if you go to the settings, we have some Nostr Wallet Connect features.  So, we have something called Wallet Connections.  And we're trying to do subscriptions on top of Lightning, something that bitcoiners have never had before.  The way we're going to do subscriptions, that works for anyone, not just us, but you can effectively have Bitrefill, and you link your Mutiny wallet up with Bitrefill.  So, if you want to type maybe Bitrefill or something there, you create a profile for a new wallet connection. 

What it does behind the scenes, if you drop that down, if you scan that, I have the ability to request payment from you with just that code.  Now, you don't have to pay it.  It doesn't take the funds automatically, but a little pop-up will show up in the UI saying like, "Hey, do you approve this payment for 10,000 sats?"  And if you remember what you were just doing, so if you're checking out with Bitrefill and you hit that checkout button, and then a notification pops up on your phone, it says, "Do you want to pay 10,000 sats?"  And you just easily click yes.  It's like a bank asking you, "Do you approve this transaction for whatever amount?" 

Danny Knowles: That's very cool. 

Tony Giorgio: Doing subscriptions in a credit card way on top of Lightning just isn't possible.  So, we do almost a pull based request system.  So, when you open your wallet again, we ask you, "Here's your Netflix subscription for the month".  Like, you can subscribe to Mutiny Plus on here and at the end of the month, we'll send you a notification, "Do you want to subscribe to Mutiny Plus again?" 

Peter McCormack: What's Mutiny Plus? 

Tony Giorgio: Mutiny Plus, you get absolutely nothing, but you're supporting the dev team for 21,000 stats a month.  So, we want to put in some advanced features into our wallet to actually give people access to Mutiny Plus, but we do want to monetise it with this wallet.  It is FOSS, it is open source, it is MIT.  We are VC funded, and we just announced, or OpenSats just announced we got a grant from them.  We got a $150,000 grant from them to implement a lot of Nostr-related features and some DLC stuff over the next six months. 

Peter McCormack: So, how do you get to the point where you are self-sufficient though?  What is the monetisation model long-term?  Because it is a problem in Bitcoin that it's hard to make money. 

Tony Giorgio: Yeah it's hard to make money, and Danny just subscribed Mutiny Plus, I appreciate you, brother.

Peter McCormack: Well done, Danny.

Danny Knowles: Whoever steals this wallet is now subscribed!

Tony Giorgio: So, we're exploring a lot of different business models and one of that is seeing, okay, can we get people that will get our advanced features?  And in the app store, you can't do subscriptions right now without going through the Apple Pay or the 30% cut that Apple gets.  Literally funding a dev team in a subscription-based model on Bitcoin just isn't possible in the app store today.  They'll ban you immediately, they won't let your app go through.  So, this is one of the features where I'm really excited about, what have Bitcoin wallets been capable of this whole time that have never been able to get in the app store with those features?  And subscriptions is one of them, not just for us. 

So, if you go back to your Nostr Wallet Connections, you should see that there's a new one in there for Mutiny.  And, it doesn't really do anything.  You can disable it anytime, so if you don't want to be a subscriber, you just simply either not pay or you can disable it.  But we want to open this up to everyone.  We want to see what subscriptions could be like for merchants, for Nostr relays, for supporting someone in an OpenFans kind of way, like let's see what subscriptions on Lightning could look like.  And if you're in the app store, you can build something like this today, so let's experiment with it. 

Danny Knowles: Someone like me who forgets about loads of subscriptions I have as well, it's great if you get prompted to resubscribe.  There's loads I've had open for like a year that I didn't even know I still had. 

Peter McCormack: I mean, look, I love it.  I'll tell you why I love it, is I'm sometimes between my laptop and my mobile trying to make Lightning payments, and I'm emailing Lightning addresses to my phone and then copying and pasting it in to send it.  To be able to do it straight from my browser is just really cool, I love it.  And I just love the fact that you're doing this. 

Tony Giorgio: To expand a little bit more on the business model, just so that's there, we're exploring a lot of different ones.  We don't know what's going to work or what's not going to work; are we going to get enough from this?  Any advanced feature that is just front-end only that doesn't require any services from us, we want that to be available for free for self-hosters.  So, if you self-host, you go through that effort, you get these front-end related features for free.  We want to do things like DLCs in the future, maybe we can monetise that way.  We do want to be an LSP eventually. 

We only raised a little bit to start out and we didn't want to have to raise a lot just to fund a Lightning node and get it to be a good LSP for the user.  I think we got 1,000 or more channels that opened up over the last few days, and Voltage can do that, they're a lot more well-funded than we are.  But the con to that is when you pay that 10,000 sats for Voltage to send a channel to you, open a channel to you, they get those stats, not us.  So, we do want to run an LSP eventually, and we can monetise off of that.  DLC related things, we can monetise off of that.  But we're still exploring what it looks like to monetise an open-source wallet.  And if you're going through the App Store, you almost can't do that today without giving Apple a cut.  I mean, dude, Apple accept Bitcoin, and maybe we'll talk about giving you a 30% cut, but until then, like…

Peter McCormack: Go fuck yourself!

Tony Giorgio: Yeah, exactly!

Peter McCormack: Well listen, man, we love it, love that you're doing this.  Anything we can do to support you, let us know.  If people want to check it out, go to mutinywallet.com.  Maybe you'll make the money on these cool T-shirts, man.

Tony Giorgio: That too.  I mean, Paul wanted to turn Mutiny into a lifestyle brand at one point.

Peter McCormack: Dude, I would have paid for this, I would have given it.

Danny Knowles: You were meant to.

Peter McCormack: Was I?

Danny Knowles: No!

Peter McCormack: I actually got two.  I got one for my son, I know he would like it.

Tony Giorgio: That's great, I'm glad. 

Peter McCormack: But you're a friend of the show.  Anything you need, you give us a shoutout. 

Tony Giorgio: Appreciate that, Peter.

Peter McCormack: We love this, this is very cool.  My signal usually comes from other bitcoiners and everyone I know talking about this, backs this, are high-signal bitcoiners.  So, yeah, we wish you the best, stay in touch.  Anything you need, give us a shout and we will pimp this everywhere. 

Tony Giorgio: Awesome, I really appreciate that.

Peter McCormack: Thank you, man.

Tony Giorgio: Thank you, guys.