Upstream surveillance has operated for more than 20 years, but no public court has ever ruled on whether it is constitutional. Instead, the courts have repeatedly dismissed lawsuits asking judges to decide whether the warrantless mass surveillance of Internet communications complies with the Fourth Amendment. They have often done so citing “state secrets,” despite numerous government disclosures. - The Supreme Court Needs to Rein In the Surveillance State

The Light

Escalating surveillance states are all the rage these days. It is no longer enough to debase our currency but to actively monitor all upstream surveillance. While a few privacy-focused initiatives have been started, far fewer are doing anything about it.

Within the bitcoin space, the privacy scenario unfolds with another shade of grey. We are battling an all too familiar battle around framing "the use of blockchain analysis countermeasures as criminal."

These outside factors affect the bitcoin landscape as a whole, but there is some light in this overwhelming darkness. 

Mutiny running on a single Chrome Browser tab. It’s built on top of LDK and BDK, written in Rust, and compiled into WebAssembly.

Mutiny Wallet has emerged as a beacon of hope in the browser. Unsurprisingly, the mission-driven team is meticulously constructing every element from the ground up, safeguarding user privacy and making the necessary tradeoffs for a secure user experience.

Built-in Lightning - Lightning Everywhere

So how do we do better? We make it so Lightning can run anywhere because Lightning should be everywhere!

Part of the reasoning for Mutiny running on the web was to get around app store censorship, which will get worse over time, not better. People have theories about how it'll end up, but until things change, it has only gotten worse.

The other reason is that if we can get a Lightning node to run on the web, we can argue that Lightning can run anywhere. In fact, it only took 5 days for me to build the Android version, and I mostly did that with some spare time at night. Should you store your life savings on the web app version? Absolutely not. But can we be better than custodial? Yes, from both a privacy perspective and ease of onboarding. We can even inform users to move to the mobile apps after they acquired enough sats.

We built the web wallet specifically to dogfood our own node implementation, called mutiny-node, which can run anywhere. So any web app or native mobile app dev can import it into their application to take their hands hands off user funds. If we can solve the offline receive problem, and incorporate federations for smaller amounts with the same UX and API calls, then applications can truly flourish. You shouldn't need to be a lightning dev to incorporate Lightning, and you shouldn't need to be a bank to include it, either.

There are many ways it can play out, but I think one of the end goals is to have a single "login" with just twelve words to access your funds. You may want to manage your wallet and funds on the Mutiny mobile app. Still, when you want to link your non-custodial wallet to a website like Stacker News, you can get the same exact balance and Lightning state there. We recently incorporated Versioned Storage Service (VSS) as an encrypted data store that can restore your lightning state with just your seed words, making the restore process simple.

I acknowledge that restoring seed words onto just any site is a bad practice. Still, Mutiny specializes in being a spending wallet, not a life savings wallet. If you're worried about how much is on there and what might happen if you restored your seed words on a bad site, then you've put too much on there for how you use it. Mutiny is also a lightning-first wallet. All lightning wallets are hot, so if you're putting too much on a hot wallet in the first place or have a problem with it being treated as hot, you need to reevaluate what you know about Lightning and what standards to compare it with.

The alternative here is to have multiple Mutiny wallets. It's just seed words that power the wallet's identity, authentication, encryption, and funds. So if you don't want to risk the funds from the Mutiny Wallet mobile app, create a new wallet for each app you interact with and deposit sats as you go.

This removes applications from being a custodian while having a better risk model than before, where you were logging into your wallet (or application's wallet) with an email and password to access your funds. In the future, Validating Lightning Signer (VLS) is something we could incorporate to keep the keys off of the user's device or browser too.

And topping up all the application wallets you may have should also be seamless. We support Just-In-Time channels that create a lightning channel for you whenever needed. So a brand new wallet (or new account on a lightning-enabled app) should be able to receive their first lightning deposit within seconds of creating it.

This week, I talked with Ben Carman, the co-founder of Mutiny. If you're looking for a glimpse into the current bitcoin wallet space, check out the pod. 

Why an Open LSP Model?

Voltage is a specialized Lightning Service Provider (LSP) with a wide array of offerings in the Lightning Network stack. When a Mutiny Wallet user configures a Lightning Service Provider (LSP), which by default is the Voltage LSP, all invoices created by the user will have Voltage's pubkey. From the sender's perspective, they are making payments to the Voltage LSP. The arrangement is akin to a VPN, where your interaction with websites originates from the VPN's IP address, not your home IP.

Mutiny is making some tradeoffs. One of them employs a collaboration with Lightning Service Providers (LSPs) by default and utilizes a new node for every transaction, enhancing transactional privacy.

As Voltage opens a channel to the user, they lock up their Unspent Transaction Outputs (UTXOs) in the private channel. Thus, users only expose their UTXOs when receiving or spending Lightning if they manually open a channel. The private channels also take advantage of the Short Channel ID Alias (SCID Alias) privacy feature, ensuring that neither the user's nor Voltage's UTXOs are revealed in the payment channel, even if someone could inspect the private channel details (which is highly unlikely). - How the Voltage LSP Enhances Privacy for Mutiny Wallet Users

Mutiny Wallet's planned collaboration is to work with various LSPs, who would take on the mantle of handling liquidity and channel management, ensuring the wallet's optimal functionality on the Lightning Network.

Theoretically, you could string a series of LSPs to create a semblance of LSP onions. Nevertheless, Voltage's knowledge about you is limited to a node pubkey and specific payments they are routing to you.

Mutiny Wallet my initial thoughts...

Mutiny running on Safari Browser on iOS


Mutiny stands out as the most intuitive bitcoin wallet experience available at the moment, a simply stunning and engaging user interface. While it exhibits several bugs, such as failed payments and payment reliability, my outlook remains incredibly bullish on the team figuring this out.

It could potentially become the defacto 'bitcoin wallet' app for the general public.

This is a good thing.

The wallet distinguishes itself by not requiring personal information such as email or phone numbers, a common practice among other wallets.

With its recent hackathon test of Fedimint, the team will continue to explore and innovate.

This is another good thing.

And finally Mutiny stands out for its commitment to user privacy and intuitive design (this should be no surprise from its earlier tests last year and again at the end of 2022.)

At the end of the day, getting a highly intuitive bitcoin wallet on the open web is the light the world needs right now.