SparkStalker: Making Spark Wallet Privacy Problems Visible
As I explained in my previous post, I became very concerned after seeing Lightning payments being made publicly visible in Tether Wallet.
The core issue is simple: people may be using these Lightning wallets for privacy-sensitive payments without realizing that their transactions can be made publicly accessible. In some cases, this is not just a privacy issue. It can become a real safety risk, especially for people operating in hostile environments.
To raise awareness, I built SparkStalker, a simple tool that allows anyone to view the transactions linked to a Tether Wallet by entering its tether.me username.
The goal of the tool is not to encourage surveillance. The goal is to make the problem visible. If a human-readable username can expose someone’s transaction history this easily, users need to know. And wallet providers need to fix it.
A Similar Tool Already Existed
Funny detail: only after talking to people on X about the issue did I find out that René Aaron had already built a similar tool.
His tool, Spark Address Doxxer, exposes the issue not only for addresses created by Tether Wallet, but also for Wallet of Satoshi.
Which Wallets Are Affected?
I was not aware that Wallet of Satoshi had the same issue, so this was an important new detail that came to light through the discussion.
During my own tests, I could also confirm something I had already seen mentioned on X: Cake Wallet, Blitz Wallet, Breez and Primal all use Spark, but they are not affected by this problem.
That distinction matters because it suggests that the issue is probably not caused by Spark itself.
What I Found About the Root Cause
After several exchanges with people on X, I came to the conclusion that the most likely cause is a misconfiguration related to existing privacy settings in the wallet module of the WDK.
According to the Blitz Wallet team, Spark has allowed users to hide their Bitcoin balance and transaction history from public explorers since November 2025.
Seth from Cake Wallet made a similar point, saying that it is trivial not to expose users in this way and that Cake Wallet handles this properly.
This is an important point. It suggests that a privacy mode already exists. The problem appears to be that some wallets are NOT changing the default setting, which is disabled for privacy mode.
There Is Already a PR to Fix This
Walter also mentioned that he had already opened a pull request in the public WDK repository, asking the Tether team to change the default setting from public to private.
tethertoThe pull request calls wallet.setPrivacyEnabled(true) inside WalletAccountSpark.at() after SparkWallet.initialize(), so that newly created wallets hide Bitcoin transactions from public explorers by default.
From what I can read in the discussion, there may still be compatibility issues that need to be solved before this change can be merged safely.
Privacy Should Not Be Optional
Yeah, I’ve always been clear that at best this is “VPN-style privacy”, where you trust the operators not to reveal logs.
— Seth For Privacy (@sethforprivacy) March 25, 2026
WoS did their implementation in a brutally bad way for privacy, we did not, and the default for anyone using Breez (most new Spark implementations it seems)…
People using Lightning wallets often assume that their payments are not being exposed in a public transaction history tied to a human-readable username. If a wallet makes that assumption false, users deserve to know.
Even better, they should not need to know. Privacy should not depend on users discovering and enabling the right setting.
Privacy should be the default.