Can we *please* not have AI slop?
Anyway, a malicious receiver can sign statements with the generated addresses to fuck over donors. And sweepint all received funds in one TXN can allow adversaries that have dusted the address to link all donors as well.
In any case, senders should expect no privacy by default.
Solving the problem of having to manage separate sp addresses, just using payment targets provides significantly better security (nsec handling separate from funds) and changes nothing in the UX.
You can’t tamper with the sp on the payment target unless you have the nsec.
semisol
npub122…cgrkj
2026-05-29 18:32:33 UTC
in reply to nevent1q…del2
Author Public Key
npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkjPublished at
2026-05-29 18:32:33 UTCEvent JSON
{
"id": "a7abe2bc7f7dd7629b889b18ed955cec25f26fc525883a41ff7f32844d73ae88",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1780079553,
"kind": 1,
"tags": [
[
"e",
"5bea571e093b2c965586409034acd0dc40bfae232d0b67b46b2841e8ba07b7af",
"wss://aggr.nostr.land",
"root",
"06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
],
[
"p",
"06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
]
],
"content": "Can we *please* not have AI slop?\n\nAnyway, a malicious receiver can sign statements with the generated addresses to fuck over donors. And sweepint all received funds in one TXN can allow adversaries that have dusted the address to link all donors as well.\nIn any case, senders should expect no privacy by default.\n\nSolving the problem of having to manage separate sp addresses, just using payment targets provides significantly better security (nsec handling separate from funds) and changes nothing in the UX.\n\nYou can’t tamper with the sp on the payment target unless you have the nsec.",
"sig": "3fa80e0575bcbbca3786133215db9c712e2b5e1b97091d0b387530423b922ff5c0598956ade9a1f71972402d9eb7e8f3039a1fc87b1175a5329373115f4c08f6"
}