pull down to refresh
1105 sats \ 1 reply \ @endothermicdev 8 Jul 2023 \ on: How private is lightning? bitcoin
There's a lot of nuance required to answer this question. I'll try to break the privacy concerns into a few broad categories with their high level issues:
Information you broadcast as a public node (gossip)
This could include an IP address and anything you put in the node alias.
The mitigation here is either to not be a public node (open only private channels and be okay not routing payments) or to connect only via Tor and announce an onion address.
Linking your channel funding transaction to your node.
Mitigations: mix your utxo first, don't announce your node.
The combination of taproot channels and an updated gossip protocol will likely help with this in the future by breaking the 1:1 linkage of on-chain utxo to channel announcement, but this is an issue now.
Spending
Spending is fairly private by default. Issues are when outsourcing your routing you dox your payment. If you run your own full node, this shouldn't be an issue, but mobile wallets may try to do this for an improved UX. For users of phoenix, multiple trampoline hops could help here in the future, there just aren't enough trampoline nodes currently.
Probing is also an issue - monitoring changes in channel balances by periodically trying to send payments through. These payments are designed to fail, but depending on where they fail, some information about channel balances is leaked. Reducing htlc_maximum_msat can help here. Also, this only applies to public channels.
Receiving
This is the worst privacy aspect of LN currently - BOLT 11 invoices pretty much dox your node. Blinded paths (a default feature of BOLT 12) will help here. The BOLT 12 specification is fairly well fleshed out, but still needs wider usage and formal adoption.
Why is taking so long to adopt BOLT12?
reply