Trying to understand the difference between zcashd and lightwalletd.
Is lightwalletd a separate piece of software your run ‘on top’ of zcashd to allow wallets to sync similar to electrum in Bitcoin?
Can wallets connect directly to zcashd instead (remote wallets, I’m not talking about a wallet on your desktop connecting to zcashd on your desktop)
What information does the lightwalletd server learn about the users addresses/transactions?
Does lightwalletd store any type of xpub or view key or does it just return information to the wallet that’s syncing and then forget everything (this is the way electrum works).
The Lightwalletd server architecture was adopted way back before the shielded-on-mobile times and it just relays info back to the wallet. Attaching directly to a node is possible with Zkool and Zebra nowadays, but that’s about it. Zallet will still require a lightwallet node after zcashd with the internal wallet deprecates. At one time there was a zecwallet companion app that connected via wormhole to a zecwallet fullnode app, presumably back at your house or wherever it happened to be. But, it was buggy and the lightwalletd+light wallet method was adopted over it. There is a method using Tailscale to allow for connecting to your stack remotely in a similar way with a light wallet.
The lightwallet server handles various sorts of requests to the server. The server knows at least one ip address, the call request and the returned info. The call and return from the database are somewhat generic regardless of it’s encryption: it’s data in a public database. What’s important is the ip that calls it because then you could maybe say from where it derived.
A couple wallets now have Tor built in. You can also use your own vpn and just run your wallet through that. I don’t think LWD stores that stuff but it’s certainly possible all of that traffic info can still be intercepted and logged alongside the server. All transparent Zcash tx data is transparent and so yes.
Makes sense the lightwalletd server knows about the t-addresses you are asking about, but does it also know which shielded addresses belong to your wallet?
When syncing with monero the server does not learn info about your addresses.
The threat model applies to the internal ECC reference wallet, and should apply to any Zcash wallet built on top of the ECC SDKs,
can’t make the user send funds to the wrong address.
can’t tell what the user’s current shielded balance is (aside from it being zero when the wallet is created).
can’t learn information about the value, memo field, etc. of shielded transactions the user receives.
can’t learn information about the value, memo field, etc. of shielded transactions the user sends.
can’t learn who the user is sending/receiving funds to/from in fully-shielded transactions as long as the other user isn’t using the same lightwalletd service provider and there is no collusion between the adversary and that other service provider.
can’t learn information about the user’s shielded balance over time (aside from the assumption that it must be nonzero after they’ve received transactions).
No, shielded addresses do not appear on the blockchain.
Basically, when you describe the transaction types that zcash has, such as z2t, t2u, z2z etc., you can theoretically substitute all z’s and u’s (sapling and orchard) with question marks e.g. ?2t, t2?, ?2? etc. This does NOT mean that the type (sapling or orchard) is not known, but the address itself is not known. The type correlates to their respective z and u prefix and so it may be necessary to clarify this metaphor.
If someone sends you funds from a shielded address to your shielded address, and if the senders address was not included in the memo field, there is no way for you the receiver, nor anybody else, to recover it.