pull down to refresh

It would appear that Amboss Technologies is collecting personal information about the Lightning Network and its users and selling it to third parties as chain analytics software (or for the purposes of "Risk Management" in their own words). This is according to their very own Privacy Policy
The amount of information they have collected and want to collect should alarm all users of Lightning, even those that have not given Amboss or Thunderhub (the wallet they collect data through) access to their node information. They have claimed 30% of the Lightning Network has registered for their services, which is dangerous considering their power to deanonymize the network.
By now, you might be wondering, what does this comprehensive data gathering mean for the privacy and security of Lightning Network users?
To put it simply, it undermines user privacy at its very core. What makes the Lightning Network unique is its dedication to providing privacy and anonymity to its users. The Lightning Network is designed in such a way that transactions are only known to the involved parties, making it more private than traditional financial systems. With Amboss' aggressive data collection policies, the fundamental privacy of the Lightning Network is at stake.

Collection Procedures

Third-Party Collections

One glaring concern is how Amboss collects user information.
For example, we may collect information from advertising networks, and data analytics providers. This information may include your name, email address, and phone number. Additionally, if you create or log into your Amboss account through a third-party platform (such as Telegram), we may have access to certain information from that platform, such as your name, telephone number, and profile picture, in accordance with the authorization procedures determined by such platform.
Twitter, telegram, and website/email are some ways that Amboss lets you link your account, which allows them further collect, store, and sell that data according to their policy.

Source of Funds

Not only is the collection happening, but they go further to try to link everything you provide them with, such as analyzing the source of funds:
We will also use vendors that provide background information about social media profiles we collect and information about the source of funds from the transaction IDs referenced above.
The language used here is very intentional. They are trying to figure out the source of funds. Now why would they want to do that? Because they are a chain analytics company selling this data to interested parties such as Chainanalysis, governments, or highly regulated entities.

KYC-Level Identity

Even more alarming, the information they want to collect doesn't stop there:
We may also work with identity verification vendors to conduct "know your customer" or "know your business" checks. You may be asked to share information with such vendors (e.g., name, address, social security number, and driver's license) so the vendors can tell us whether you have successfully completed the check and are authorized to use the Services.
Why does Amboss need KYC information such as name, address, and social security numbers? Combined with all the other data collected, this allows them to link the source of funds, transaction ids, node ids, etc., with your social media persona and your entire government identity, which is later sold. It's one thing if this was an exchange, but this is YOUR self-custodial funds they are infringing on and sharing with parties that do not have access to this information otherwise.
And for what? So you can sell liquidity on their centralized platform or have a "verified" node? Congratulations, you doxxed your whole stack on your node, in addition to weakening the privacy of all the others on Lightning.

Lightning Network Collection

Certain information is publicly broadcasted on Lightning, which Amboss collects and sells, which might make sense, given that there should be no expectation of privacy. However, lightning information is temporary, unlike the Bitcoin Blockchain, which is permanent. That breaks down when a well-funded information collector decides to persist and sell this data, which Amboss is doing.
There's some basic stuff like this:
  • Node Information: We collect information about node(s) on the Lightning Network, including the alias, color, features, public key, balance information, and size of the backup. Nodes may also independently share other information with us that is hosted on the nodes platform, such as social media information, community information, or other identifying information.
And more intrusive information like:
  • Channel Information: We also collect information about the channels on the Lightning Network, including the fees, response times, transaction IDs, and peer ratings associated with the channel.
  • Transaction Information: When you engage in a transaction through the Services, we collect information about the transaction, such as the date, time, and amount of the transaction.
  • User Reported Information: we also receive information from users about transactions on the Lightning Network to which Amboss is not a party, including payment forwards, failed forwards, node online status, history, and balance.
"Response Times" is pretty ridiculous, considering deanonymizing attacks depends on analyzing the response times between each channel.
"Transaction on the Lightning Network" means that they are taking individual transaction information from each node that is routing (and "voluntarily" giving to Amboss) and collecting in mass. That means that a transaction routing through multiple nodes participating in Amboss data collection will allow Amboss to determine the source and destination of the payment, which is assumed that they will sell according to their policies. This is NOT public information. Amboss has historically stated their innocence by hand-waving that node operators are "voluntarily" giving them this information when linking their node to Amboss and "voluntarily" running the wallet software for which the cofounder is conveniently the maintainer.
You've read that right. Amboss is the data collection monetization arm for the wallet they created called Thunderhub. Would you use a wallet that Chainalysis created? Well, you are by running Thunderhub. Did you know the amount of data that you are "voluntarily" giving to chain analytics companies? Is that even considered voluntary if it is without your knowledge?

Balance Sharing

Let's also look at one of the controversial "features" they provide users, which is to, again, "volunteer" channel balance information to Amboss for your benefit somehow?
One of our features is called Channel Balance Sharing. Through Channel Balance Sharing, we present the current state of channel balances and the aggregate flow of funds through the Lightning Network ("Channel Balance Insights"). To present Channel Balance Insights, we collect raw channel balance data. We do not use the raw data to identify any individuals or transactions. As soon as we have generated the Channel Balance Insights we delete the underlying raw data. (This typically occurs within 24 hours.)
This feature, as described in their privacy policy, indeed seems innocent. However, upon close inspection, several questionable aspects of this feature emerge.
The feature collects "raw channel balance data," which refers to the unprocessed, unfiltered information about the balances of all channels on the Lightning Network. This includes the size of the channels and the flow of funds within them. Although Amboss claims they do not use this raw data to identify individuals or transactions, the mere fact that they have access to such data is concerning. In the wrong hands, such data could infer patterns, analyze user behavior, and deanonymize users or transactions.
Amboss' claim to delete the "underlying raw data" within 24 hours does not fully assure user privacy protection. The interval between collection and deletion provides Amboss ample time to generate Channel Balance Insights, which, although aggregated, could be analyzed to infer patterns about the flow of funds within the Lightning Network. More importantly, the policy does not explicitly state if and how they ensure secure data deletion, leaving ambiguity around the integrity of this process.
Amboss doesn't clarify if the deletion of raw data includes all copies and backups. If backups are kept and not securely deleted, this sensitive information can be exposed or misused.
Amboss' policy doesn't clarify whether third parties have access to these "Channel Balance Insights." Suppose these insights are made available to other entities. In that case, it broadens the potential for misuse, potentially creating a secondary market for data analysis that could compromise the privacy and anonymity of Lightning Network users.
Even if Amboss does not misuse this data, the company becomes an attractive target for malicious actors. Cyberattacks could steal this valuable trove of information before it's deleted, possibly leading to a significant breach of privacy.
While the "Channel Balance Sharing" feature might seem innocuous as per Amboss' privacy policy, it raises serious concerns regarding the overall privacy and security of Lightning Network users. It is another tactic for Amboss to amass a significant amount of sensitive user data, and the lack of clarity in their privacy policy only amplifies these concerns.

Use and Sharing

We share personal information in the following circumstances or as otherwise described in this policy: We share personal information with vendors, service providers, contractors and consultants that access personal information to perform work for us, such as companies that assist us with web hosting, identity verification, fraud prevention, customer service, email delivery, and marketing and advertising. We reserve the right to make the information described above publicly available on our Services (including through our APIs) and to sell certain of that information to our customers. We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Amboss, our users, the public, or others. We may share personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests. We may share personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. Personal information may be shared between and among Amboss and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership. We may share personal information with your consent or at your direction.
The 'Sharing of Information' clause in Amboss' privacy policy is rife with ambiguities that could allow for extensive and unrestricted sharing of personal information. Their policy offers a broad range of scenarios in which they may share personal information, and it's crucial to take a closer look at each.
The policy starts by mentioning sharing information with vendors, service providers, contractors, and consultants performing work for Amboss. While this may seem ordinary for a technology company, the scope of 'work' and the kind of companies involved isn't defined, potentially allowing any entity they work with to access personal data.
Amboss's "Sharing of Information" policy provides broad leeway to share, sell, and disclose personal information they have collected, with few restrictions. This effectively means that any personal information shared with Amboss could be distributed to virtually anyone — from their vendors to business partners, law enforcement, other companies, and even the public. This raises serious questions about how user privacy is protected under their policy.

Conclusion

There's a certain point where privacy policies are generic enough that say something along the lines of "The information you have provided us may be used to provide services to you in return" and may even feature some language such as third-party software providers that might have access to that information as well. However, all the language here is very much catered towards what they are trying to do, which is to over-collect as much as they can to sell your financial data and identity. And it is working. After all, they have recently raised $4M to carry out these goals.
Amboss has tricked users into signing up for their service to sell their information to third parties. They have been targeting Lightning Service Providers to collect their routing information and have gone after communities to collect general user information. Privacy is only as strong as the ability to hide amongst a crowd. If the entire crowd has been fooled into giving up their information, nothing is left but the illusion of privacy. It is up to us to stand up to malicious data collection and stop using services like Amboss.
This is not surprising in the slightest. I spent an hour of my time talking to them privately last year when the balance sharing feature was released. Completely dismissed. The data selling is consistent with the rumors I have been hearing too.
I may have to build in a feature into Mutiny to avoid all nodes that are verified and data sharing on Amboss. I figured the Lightning Network would split up eventually into a KYC'd network and non-KYC'd network.
reply
Hi Tony, we deeply valued the time you spent talking with us, which was a primary driver in developing the channel balance data deletion scheme.
We're obsessive about considering user feedback and I'm sorry that you felt we dismissed you. We didn't and used it to inform our backend development, specifically so that we can protect transaction-level privacy in the event of a subpoena.
Even if you built that feature into Mutiny, we'd gladly supply you with information so that you can make better decisions about whom to connect to, or not, in this lightning network ecosystem.
reply
Maybe Ambos want that meaningless IRS bounty of $625k for breaking LN. https://beincrypto.com/irs-offers-625k-bounty-to-break-monero-or-lightning-network-privacy/
Instead they should get a grant from HRF or Opensats to make it even harder to snoop in.
reply
We definitely do not want to break lightning's transaction-level privacy.
reply
Thank you for the thoughtful and in depth analysis of our privacy policy.
Our main objective is to contribute to the longevity of the Bitcoin Lightning Network's development as the main financial payments system of the future. For enterprises and holders of large amounts of bitcoin to adopt LN, assurances about payment reliability and risk mitigation need to be in-place. This is what we are providing at Amboss. For the purposes of improving LN performance, we crowd-source information from LN operators and users. For data that is not publicly available, this information must be requested; in other words, the data owner opts-in to provide it.
To help lightning network mature, we operate a data analytics company that helps users make thoughtful decisions about whom to connect to. We have taken many steps to ensure that we are being thoughtful about the development of the lightning and our design decisions to help the lightning network's long-term growth. This, in many ways, is achieved by opt-in, transparent data collection to create ways for users to manage risks as well as improve payment performance. All feedback is welcomed; this helps us make better design decisions.
I'm happy to hear that privacy is a priority for you and I hope that our policy can help guide development of better privacy tools for users and more ways for users to consciously decide what information they would like to share. This is the essence of privacy: the right to choose which information to disclose.
reply
sure whatever
reply
Concerning that you didn't deny you are selling user personal identifying data. At least not to 3 letter agencies.
Think we can all presume there is benefit to providing metric-level data that owners and users are anonymized from. It's a value-add to many businesses, if you can categorize that data. But just stating that users are consciously giving you permission to creep on them and not 'clean' that data, is pretty inflammatory.
Surely you can do better, whilst still running a successful company and serving the industry. Or are we missing something behind words, which have likely been vetted by a legal pro?
reply
To be honest, this was the first thing that went through my head when I saw Amboss for the first time.
The only thing I would use here is accessing the publicly available features in a private browsing window over VPN, and even that has its risks.
You should post this in the Plebnet Telegram since they are pretty big on amboss over there.
reply
I've heard rumors their main business model is selling to chain analysis companies. Would stay as far away as possible from them
reply
This is completely false. Our main business model is providing data analytics for the lightning network to improve the operation of the network. This informs whom to connect to and routing fee market analysis.
reply
Good to see the plebnet amboss telegram channel nuked.
reply
I used to visit Amboss for network information such as what new channels should I open and nodes uptime. But since I saw the Ordimint ad in their website, I stopped. I know they need revenues, but IMHO that is going a bit too far.
reply
Why people run public nodes? Run a private node. Oh you didn't know that you can do that? That means you have a lot to learn about LN.
reply
#DeleteAmboss
reply
most retarded post of the week. would say of the month but there is some braindead shit posted here
reply
Thank you for the thoughtful and in depth analysis of our privacy policy.
Our main objective is to contribute to the longevity of the Bitcoin Lightning Network's development as the main financial payments system of the future. For enterprises and holders of large amounts of bitcoin to adopt LN, assurances about payment reliability and risk mitigation need to be in-place. This is what we are providing at Amboss. For the purposes of improving LN performance, we crowd-source information from LN operators and users. For data that is not publicly available, this information must be requested; in other words, the data owner opts-in to provide it.
To help lightning network mature, we operate a data analytics company that helps users make thoughtful decisions about whom to connect to. We have taken many steps to ensure that we are being thoughtful about the development of the lightning and our design decisions to help the lightning network's long-term growth. This, in many ways, is achieved by opt-in, transparent data collection to create ways for users to manage risks as well as improve payment performance. All feedback is welcomed; this helps us make better design decisions.
I'm happy to hear that privacy is a priority for you and I hope that our policy can help guide development of better privacy tools for users and more ways for users to consciously decide what information they would like to share. This is the essence of privacy: the right to choose which information to disclose.
reply
apologies for the duplicate post! The original "freebie" reply wasn't showing. Leaving this to preserve links to the post elsewhere.
reply
Amboss Technologies, a chain analytics software company, has been collecting and selling personal information about Lightning Network and its users, according to its privacy policy. Even if users have not given Amboss or Thunderhub access to their node information, they have still claimed that 30% of the network has registered for their services, which could undermine user privacy. Amboss has been collecting data via third-party platforms such as Twitter and Telegram, and through Thunderhub, which they created to monetize and sell user data. They have been collecting raw channel balance data and using it for marketing and analytics purposes without explicit consent. In addition, they have plans to work with identity verification vendors, which could include KYC information, to link the users' social media persona and government identity. Amboss has been raising funds to achieve its goals, recently raising $4M.
reply
Please see our response here: #182446
Any data collection we do is either public or is explicitly opt-in. We do not collect data without consent.
Our goal is to help the lightning network become a high-performance, sustainable payment network. Destroying lightning's privacy features would be counter-productive to our goals. Lightning's flourishing is essential for our small startup to survive!
reply
That's my bot for summarizing posts :)
reply
If you forward to me I can’t zap.
reply
All good I zapped on your behalf
reply
no worries
reply
Who needs amboss? My LN node is 4+ years old. Works pretty well without amboss help
reply
First Ledger now this. Say it ain’t so.
reply
reply
Your smooth brain can't read 1 page of explanation?
reply
50% of American Adults can't read above an 8th grade level. Just helping them out.
reply
No. That is not helping them. You are dumbing them down even more.
reply
Channeling my inner DarthCoin:
That's not my problem.
reply
No, you create the problem, by using that bot. If you don't care about their education, fine, but at least don't push that idiotic bot.
reply
What's my incentive?
reply
deleted by author