Paymail and ElectrumSV
Focus: Who can run a Paymail host
There have been some people excited about running their own Paymail host, or presumably hosting their ElectrumSV wallet somewhere so they can use Paymail. I avoid these conversations because there is never anyone who actually understands what is involved.
This article aims to share with you my vision for this aspect of how ElectrumSV will implement Paymail. It should also provide some insight to some of the people that are enthusiastic about using Paymail with ElectrumSV, but don’t understand how or why we do not allow it.
Providing a safe user experience
When any wallet sends money to a Paymail address, it needs to be able to perform some level of verification that the money is actually being sent to the person our user wants to send it to. But Paymail provides no way for us to verify that our user is sending money to the person they think they are sending it to.
We do not know if the Paymail host was secured well, and whether it has been compromised or not. We do not know if whomever runs the Paymail host is even trustworthy in the first place. And when we get a payment destination (this is actually a payment output script for ElectrumSV to put in a transaction when paying) for a given Paymail address that the host is responsible for, we have no way to know who it belongs to.
Let me state that as clear as possible — just because you get a payment destination does not mean that it can in any way actually be identified as belonging to the Paymail address you are asking for one for. You have to trust the Paymail host.
This leaves one option. If we are going to provide the ability for our users to send to Paymail addresses, we will do so by white-listing Paymail hosts run by businesses we accredit with some level of trustworthiness, and flagging with warning signs any other Paymail hosts.
Remember we are making a wallet for ElectrumSV users, not randoms on the internet who want to run their own Paymail host and have our users take a risk in sending them money. And since we can’t tell the randoms, from the safe Paymail hosts, from the unsafe Paymail hosts, through any inherent property of a Paymail address, this brings us to the one option.
For our users, it is going to look like it is unsafe to send to a Paymail address that is not hosted by Moneybutton, Centbee, HandCash or other established businesses in the BSV community.
How will ElectrumSV users be paid?
A key difference between ElectrumSV and other wallets, especially HandCash and Moneybutton who have working Paymail, is that we are not a business who make available their professionally polished wallet using their value-added wallet service. Our user’s wallets are not hosted, like theirs are. We have no business that runs a server that offers services to our users.
For those who cannot connect the dots, what this means is that there is no trusted server we can add to our white-list for ElectrumSV users to receive payments on. To integrate in the Paymail ecosystem, and provide a first class wallet experience, it has become clear we are compelled to run one. So it is the plan of the ElectrumSV developers at this time to extend our existing Paymail server framework (which we do not currently host or run) and offer Paymail hosting for our users. I’ve avoided this for the longest time, but we’ll seek help in securing it which has always been the reason for not wanting to do it.
As the ElectrumSV wallet is an open source project, and not a project oriented around value adding for our business, our API will be open. Users will if they want, be able to link their wallet to their own Paymail host, and in theory receive Paymail payments. However, as we have stated above, anyone paying to that address on a custom Paymail host will get warnings about it being unsafe as the host will not be in the white-list. If there are other hosts we can identify as having an appropriate level of trustworthiness, we will add them as white-listed alternatives to our own host.
Frequently asked questions
How can I run a Paymail server?
We will not be providing source code for this, but our API for managing a wallet on a Paymail host will be open.
Let me be clear. You need a wallet and Paymail is an extension of this. If you do not have the wallet that will let you run a Paymail server or host, then it’s a bit like the sound of one hand clapping.
Moneybutton kindly let people set their domains to their Paymail host, and self-host. But in order to do so you must use their wallet, and arrange it with them, I don’t know if they charge for it but I would if I were them. This is entirely reasonable, and it makes no sense they would host ElectrumSV wallets. If you have not received the message — you should never use the same seed in two different wallets at the same time. So if you do load your Moneybutton seed into ElectrumSV, and make payments, you will break your Moneybutton wallet. It does not work, and if you think it might, you should be very wary of your other risky ideas because you seem to be into mucking with things you do not understand.
The most precious commodity to a wallet developer is time. We all have untold amounts of things we want to work on and do. So it is very unlikely that any of the trusted wallet businesses will have the time or interest to put hosting ElectrumSV wallets before their more interesting projects.
Why can’t I just upload an xpub?
This isn’t a question. It’s a vague dream.
- Upload xpub.
Develop your own wallet, you can do it any way you want. We’ll do it the way where we end up with a wallet that we feel confident about our users using safely.
The real world
Not too long ago, I feel confident in saying that none of us understood much about Bitcoin. Then Craig came along and started clearing up a lot of misunderstandings. Bitcoin wasn’t the way to an anarchist paradise. Instead Bitcoin was government friendly, and the law comes first. And businesses need a stable protocol, where they can be sure it won’t change underneath them, undermining their efforts.
That in my view Paymail almost requires a web of trust for Paymail hosting, or in our case shorter term solutions like white-lists of trusted hosts, fits in with this. It is a now solution, and it is primarily being developed by professional wallet businesses. It might not be the longer term solution, at least not in it’s current form, but it’s okay to me that we start from somewhere achievable and safe.
A comparable solution to Paymail that we can look back on, was the original OpenId. In this fantasy, people used their own domains to host their own identities. In the real world, no-one outside of a cadre of nerds wanted to bother with that nonsense and .. look, what do you know, trusted businesses host the identities. Google, Facebook, Twitter. Real people will do the same, choose a known trusted host. Since all three of the above have dropped the ball, this leaves it open for businesses like HandCash or whomever to pick it up.
ElectrumSV will provide the best possible experience for our users. And in my opinion that is the white-listing. If you have a better idea that isn’t your own host appearing to be trustworthy, at the expense of our users, I’d love to hear it.
I have set the milestone delivery date for Paymail support for ElectrumSV as something like 14th of February 2020. There are no guarantees that we will make it. And at this time I do not know exactly how we will implement Paymail for anyone who might hope to use our API to provide Paymail hosting.
If the whole Paymail concept as it is described bothers you, you do not have to use it. You can wait until we do an on-chain identity system. We may release the beginnings of one with Paymail. Or we may include it in a subsequent release.
Also, I am not a Bitcoin expert. It is possible my understanding of Paymail is wrong. Or it is possible there are ideas for solving the problems above we have not considered. Please feel free to point out what I might have missed. But if your points include vague never really explained terms like “permission-less” or “own your own data”, I’ll probably zone out 💤