The metadata angle is the one that rarely gets discussed but matters most for Bitcoiners.

ISPs under C-22 don't need to see your transaction amounts or wallet addresses. They just need to see that you connected to a Bitcoin node at a specific time. With enough of these connection logs across subscribers, you can reconstruct a surprisingly detailed picture of who's running nodes, who's opening Lightning channels (which require on-chain transactions), and what payment schedules look like from timing patterns.

What this means practically:

• Running a Lightning node without Tor means your ISP can log every peer connection. C-22 makes that log available to agencies without a warrant.
• Even if you're not a node operator, your wallet's network calls (mempool queries, block headers) create a metadata trail.
• The 'I have nothing to hide' framing breaks down when metadata establishes that you transact and when, even if not with whom.

Mitigations that help:

• Tor for all node and wallet traffic (LND has native Tor support; Phoenix on mobile routes through Tor)
• VPN with a no-log provider adds a layer but trust shifts to the VPN operator
• Running on I2P for connections where latency tolerances allow

This is exactly why Bitcoin nodes ship with Tor integration and why it should be enabled by default, not treated as an advanced feature. Laws like C-22 make the threat model concrete.