When engaging with Bitcoin skeptics, it is important to define our vision & our why.
If we each have different goals & values, the conversation should focus on these first.
Otoh, if we share goals & values, and disagree on how to get there, a fruitful debate can be had on how
“Non-custodial” is not a security model on Lightning.
Because signing must be online, the real question is:
If your node is compromised, what can the attacker do?
Your keys are not your coins if your signer does not validate.
Blind signing is shared custody with two failure points.
Read about the four Lightning custody models and how VLS enables secure, non-custodial Lightning:
https://t.co/VNbk4QCosy
A Lightning wallet is only really self-custodial if:
1. The node runs on your device
or
2. You connect to your own node
or
3. You're using VLS
If it’s using the provider’s node, your keys don’t protect you.
The provider's node can tell your wallet to do anything.
A wallet that blind-signs but calls itself “non-custodial” is like a bank claiming it’s non-custodial because they don’t know your online banking password.
A hardware wallet that blindly signs any request without checking if it is legitimate would be laughed out of Bitcoin.
Yet that’s how most "non-custodial" / "self-custodial" Lightning setups work today.
VLS fixes this.
Holding user funds means you’re a custodian.
Custodians face licenses, audits, and liabilities in every jurisdiction they touch.
With VLS, you can serve users without ever touching their sats.
Every transaction the node proposes must pass a protocol-correctness exam.
VLS wrote the exam and grades on an unforgiving curve.
No bell curve. Not on our watch.
"Non-custodial" Lightning wallet is cool.
But not if it achieves that by blindly signing whatever the node asks for.
That’s only "non-custodial" in theory, not in practice.
We don’t make the rules.