Illustration via storyset.
Wallet privacy
Privacy is a highly complex topic, so on this page, we will just look at some of the real-world privacy challenges unique to the scope of the daily spending wallet. For an introduction and more general information, see the page about wallet privacy in “How it works.”
The daily spending context
Imagine this scenario. The user is in a public place, and they need to make a payment using their bitcoin wallet. They open the wallet on their phone, but they don’t feel comfortable having their payment and balance information clearly visible to strangers who may be looking over their shoulder, persons lurking, or video surveillance. Hence, by giving users the ability to hide sensitive information in their wallet, but only when desired, they gain an added sense of physical privacy and security when using the app in public.
Quickly hiding balances
Home screen with a hidden balance and a quick reveal toggle.
The button to quickly hide sensitive information is displayed within close reach of the balance itself. One tap hides it, and the next tap reveals it again.
This is an easy and convenient way to switch between revealed and hidden states. On the downside, it makes it relatively easy for anyone else to reveal user information if they have access to the device.
Unhiding the balance requires tapping and holding for a few seconds to prevent accidental reveals.
Entering a PIN to reveal information
Users can enable PIN entry before the balance is revealed.
To prevent this problem, users can optionally enable an additional setting to require PIN entry for unhiding sensitive information. This reaffirms the identity of the wallet owner for extra security. Making this optional allows users to find their own balance between convenience and security.
An application-wide setting
Hiding sensitive data can be toggled in the settings.
Both settings, whether sensitive information is hidden and whether PIN entry is required, are accessible from the privacy section in the application settings.
Alternative designs
An alternative design approach is to make the show/hide toggle only available in settings. Having it right on the main screen makes things quite obvious for someone who has access to a user’s device. If it is only available from settings, a third party who has access to the device may not immediately know how to reveal information. The downside is that a user cannot quickly hide their information if the need arises.
Hiding when inactive
A timer counts to zero before automatic balance reveal.
Another solution is to invoke the wallet’s hidden state as a default when the app is opened to protect against prying eyes during initial display. The pre-hidden state can be unveiled after a tap, PIN entry, or perhaps a short 5-second timer.
This gives users some time to assess their environment before their info is displayed but could leave them frustrated, having to wait for their information to be revealed, especially in an urgent situation.
Other privacy aspects
On-chain address re-use is a common privacy problem due to the traceability across transactions. Addresses this wallet uses are swap addresses generated by a lightning service provider. This lifts the responsibility for address management out of the hands of the user. More on the requesting page.
Just like any other application, privacy can be impacted by the use of third-party services (analytics, currency exchange rates, etc.) and data transfer itself, as well as any services provided by the application developer. For more on this, view the wallet privacy page.
Next, we look at settings.