pull down to refresh

Hey! Long time lurker first time poster. I've been doing Bitcoin and Lightning development for startups for several years now and have started to get more into consulting and research through the Bitcoin Dev Shop. My focus is on Lightning applications and especially the intersection of Lightning and Privacy.
You may have seen my privacy report last year or some of my Citadel Dispatch episodes 21, 53, 69, 70, and 72 where I chat about Lightning and/or Privacy.
I'm typically not online in much places anymore so those are some of the things I'm most known for on the web. Socially I spend most of my time in the bitcoin space in Austin, currently at Pleb Lab now before I head to Bitcoin Commons tonight for Bitdevs. If you haven't made your way to Austin yet to check out the scene, I highly recommend. There's more stuff to do than I can handle.
I have a lot of fun things in the works since I have just recently started working for myself, but here's some of the things I would love to chat about if you had any questions:
Other than that anything is free game!
Hey Tony! If Lightning has an OWASP Top Ten, what would be at the top of the list?
reply
Good question, For one, I think ensuring some of the existing CVE's are not possible, which is mostly solved by having your node up to date. Cryptographic randomness when creating preimages is another requirement, there's been some improper preimages generated before flowing across the network. Also, auth access is important.
Those are a few things that come to mind about operationally deploying a node implementation and doing development on it. Things that an end developer can simply do. For the most part there's not been too much non-standard things I have had to do when deploying and using nodes. There's some somewhat advanced things like denying channel open requests to peers you don't know and I'm sure a few other config options that I haven't looked too much into.
And then there's things that are still outstanding on the protocol side that are the real concerns. Channel Jamming being a major DoS concern. Balance probing is another concern that people don't seem to care enough about. On <0.15 LND nodes, DB bloat is also a DoS concern. Seems to be fixed now. I'm sure there's other DoS concerns that have not been thoroughly stress tested before either, I hope to be able to explore this more in the near future.
reply
Hey Tony! Love the probing work you are doing. Are there any visualizations or graphs that are created on top of the raw data? (asking for a friend ๐Ÿ˜ˆ) Could be a cool graph on https://fred.stlouisfed.org/
reply
Thank you! I completely forgot about listing that in my post. I have a very basic table on https://bitcoindevshop.github.io/hidden-lightning-network/ that [mission-bitcoin(https://twitter.com/mission_bitcoin) made for me. Someone else had done some initial graphs for me but I had them pause while I collected more data. Im unsure of how far I want to continue with that to be honest. I think I highlighted the concerns and some of the fixes are getting in place, though require education for everyone to close their existing unannounced channels.
So far I have found near 100 BTC across 10k channels, mostly from ACINQ's node which makes sense because they are an LSP. I don't think I have the latest data set on the site but I mostly finished probing them I think.
reply
How was this made? Are these private channels?
EDIT: There is a github link on the bottom of the absurdly large page - https://github.com/BitcoinDevShop/hidden-lightning-network
reply
What does the end goal / dream of munity wallet look like?
reply
Great question, my dream is that it ends up providing a similar lightning wallet experience that everyone knows and loves while still protecting the privacy of the user as much as I can. There's a delicate balance I think between allowing the user complete insights and control vs making sure they can't screw up and not needing to worry about all the privacy tradeoffs on Lightning.
There's a cool concept we're wanting to experiment with Mutiny too where we inform the user of certain edge cases and teach them about what they should do or allow them to proceed anyways.I hope we can educate and allow the user to know their own threat models to proceed accordingly while hopefully still providing a simple send/receive UX. https://github.com/BitcoinDevShop/pln/issues/30
reply
Lightning Privacy: When I make a LN payment. Who/what can see I made the payment? Who can see and know from which UTXOs the payment come from? How is the privacy different depending if I am the sender or the receiver?
reply
The hand wavy answer with Lightning is supposed to provide enough anonymity on the sender side through the onion routing aspects, but there's tons of nuances there. Absolutely worst case scenario, the actors routing the payment know that it was you that sent it and the destination (very common in single/double hop scenarios and especially with LSPs - some LSPs like Muun or Phoenix would know everything about the payments you make).
Some of the recent protocol changes fix some of the issues regarding UTXO's in unannounced channels (that my project https://bitcoindevshop.github.io/hidden-lightning-network/ highlights). But otherwise, your channel partner will always know the UTXO that is used to fund the channel.
Receivers have almost no privacy currently on LN, while in general scenarios, senders have pretty good privacy. If you're paying just a normal person on LN that's not a direct channel partner (if you have other public channels), there's pretty good assurances they won't know who it came from. It's just that it gets tricky with LSPs or bad actors.
reply
Very good question with a very good answer. Thanks!
Tony, do you think Anton's (SBW wallet) private routing proposal could help in some way if could be introduced/adapted in more LN implementations? https://www.youtube.com/watch?v=qw0NP8EHheI
reply
I have not looked at in awhile. Is that the same or similar to Immortan? If it works like the way I assume it could work, I was always a fan of it in concept. I am not sure how difficult it is to accomplish on the UX side, and I believe you're seeking privacy behind a third party, which is an improvement than everyone knowing when you're also wanting to be a routing node. But in general, I like the concept of non-custodial "community nodes" which is probably not marketed that way but in my head that's the way I have thought about the problem I think they are trying to solve.
reply
Yes, private routing is part of Immortan implementation. Some kind of trampoline channels. Definitely worth looking into. Maybe @fiatjaf could help with more insight here.
reply
It was never released. The code is there but I am not sure if it works and the details are nebulous to me. If you happen to be near Ukraine you could go ask Anton.
reply
283 sats \ 1 reply \ @kr 15 Sep 2022
If you could implement one change to the Lightning Network to make it more private, what would you do?
reply
Route blinding ASAP! (which luckily is in motion)
reply
Tony Giorgio, one of a kind Proof-of-Work, has to be mined Your transaction is invalid, unless it is signed Sounds money for all, the incentives aligned!
reply
Thanks for all of your work in Bitcoin and Lightning and taking time for an AMA. Throughout all of your research and work in this space, and assuming Bitcoin continues its adoption trends... is there any reason you believe Lightning will not be the future payments layer of the world? Or any reason Lightning will fail/not become adopted/etc?
reply
Sometimes I really worry about the attack vectors on Lightning, but more about the potential solutions than the attacks themselves sometimes. For instance like Channel Jamming mitigations, but there's others too. Potential ideas like reputation based routing, prepayments, and trusted debt-based solutions really worry me if we were to go down that route. To be honest, I don't think any protocol dev is in love with any of them. On one hand, we have not felt the pain yet and so it has not been prioritized, so I hope that changes in order for us to grow. On the other hand, it does give us a chance to think of even better solutions.
The reason why those ideas worry me is that it stops being about a trustless decentralized/distributed based network and more about major hubs and high fees. I worry that small payments will die off and large payments cost more than on chain fees.
My saving grace, at the end of the day, is that we resort to satoshi's original vision of payment channels between two parties. No routing, no gossip, no threat vectors. Just an IOU that settles on chain between two parties, even if it's just a user->merchant one way solution. That can still be an improvement to bitcoin today. Or friendship channels as @futurepaul likes to talk about them.
reply
Thanks for your insight here. Should we continue down this path of hubs with high fees and the associated large barriers to entry and centralization aspects this poses... what sort of incentive models do you see for smaller routing nodes to stay active given the costs and maintenance?
Do you see limits to these friendship channels? Or limited blockspace for everyone to open a channel with "Amazon" or "JP Morgan Chase" and then keep it balanced?
(I apologize in advance if you have already outlined some of these answers in your work - and would love to read more on any links you recommend)
reply
Yeah the other concern is definitely if people think they will make any sort of profitable returns running a normal lightweight routing node. I think we should throw those expectations out the window. And you're right, at the moment there's some chain space issues if everyone wanted to open a channel with all the places they wanted to interact with, but that's kind of what I'm alluding to with it's worst case scenario, it will be more selective but still benefitial for certain use cases if we got to the point where routing is problematic at scale.
reply
outside of your own work, what is the most exciting thing in the lightning space you see on the horizon?
reply
Great question. It's kind of related to the things I hold high in regards to Lightning Privacy, but in general I really want to see Route Blinding, Trampoline payments, and splicing become a thing. If we can get those 3 things, I would say we will be in a really good place.
Outside of privacy and protocol work, I hope to see more teams experimenting with LDK-based solutions and I hope to see the distributed LSP marketplaces grow, something along the lines of what Magma has been going for. We need more reputable LN nodes providing more advanced services that are themselves not mega hubs. Which, related to that, I hope to see some really cool LN integrations with smaller fediment federations.
reply
what is it like being named after a pizza company
reply
better than being the face of http://thebitcoincompany.gay
reply
๐Ÿคฃ
reply
That's-a spicy meatball!
reply
What positive/negative impacts have you seen from removing social media from your life?
reply
So many. I was really worried at first and I wasn't sure if it was going to be temporary or forever, but I consider it one of the best things I have ever done. I didn't like the person I was online, I didn't consider that me. But eventually you are your actions no matter how much that truth hurts or you fight it. The personal introspection aspects of it was reason enough to be glad I did it. Other than that, the endless breaking news cycle combined with overall anger and hate did not do play well with me mentally. I keep joking with @k00b that I would love to see a stacker.olds that only shows the top posts after 3 days would be really interesting to me. That way I don't get sucked into the latest, breaking news knee jerk reactions.
If you're curious more about my thoughts on leaving twitter, I wrote a blog about it here: https://abytesjourney.com/leaving-twitter/ . I really enjoyed writing that so I recommend reading if you're curious and I would love to hear thoughts!
reply
Thank you for sharing! This paragraph really hit home and I will think about this for a while.
โ€œ It became the biggest source of darkness in my life. The biggest drain of productivity. The biggest representation of myself that was not true.โ€
reply
stacker.olds is a great idea!
reply
We need to enable more fine grain control of time, but that's like a lagging homepage.
reply
For newer readers, this link is now https://stacker.news/top/posts?when=week
Breaking changes and all of that :) Maybe we should have a versioned API
reply
Appreciate the thoughtful response, will check out the blog post ๐Ÿ‘Œ๐Ÿป
reply
Tony thanks for doing this SN ama! Have two questions for ya!
What do you think is the most pressing problem in lightning wallets today?
What is your favorite burger in Austin?
reply
I think overcoming UX issues while still holding on to some of the trustless / self sovereign nature that Bitcoin is ideally about. There's trade offs to everything, and looking at how each Lightning wallet solves certain aspects to provide a decent UX is interesting. Some are very trusted, some are very unknown publicly, etc.
But that's also what makes Lightning such an interesting place to work in. We all get to experiment with different models and see what works and we all gain that knowledge and can improve.
Kyle's burgers are the best in austin!
reply
Quick question, what tools and readings do you recommend for people who want to start developing apps/websites that seamlessly integrate with the lightning network?
reply
The builders guide by LND is pretty good: https://docs.lightning.engineering/
Other than that, it gets even easier if you were to use integrations like LNBits or some of the WebLN stuff that pop open an extension for users to easily pay. I also like what Mash has bee doing to make it easier for content creators to get paid for their work more seemlessly on the readers side. Other than that there's also probably some other integrations I'm missing. But if you're trying to do it yourself, the LND builders guide is a great place to learn.
I think some of the struggles come down to if your app should connect to the users node. If it's your own node, it's a lot easier to deal with, you would just need a backend that connects to your LND node that does something simple like make a payment or get an invoice.
reply
Appreciate the shoutout Tony! Jared here from Mash, big fan/appreciate what you do. If you ever want to chat lightning, we're keen. And next time Austin will follow your burger recommendation!
Gotta shill ourselves โ€“ apologies. Here are some links for those interested! + Website https://getmash.com to learn more (it's confusing... working on it) + Start Earning: https://wallet.getmash.com/earner (alpha!) + Guides https://guides.getmash.com (lots more coming) + Platform Plugins shhhhhh (reach out for early access, share what you want)
reply
No problem! Really enjoyed the demo you shared with me during BBB, keep up the good work there and I'm sure we'll chat again!
reply
That week was such a whirlwind, can't believe I didn't recognize that I was demoing it to you! Or maybe I did and memory is fall-able! Cheers. Appreciate the support!
reply
who is your favorite Ben?
reply
all bens suck
reply
Uncle
reply
reply
Where the best burgers in Austin are at
Where?
reply
Kyle's van by the river! The end of an era but I'm hoping to have his burgers again soon!
reply
@the_bitcoin_bum we still have that brisket in my freezer and I have a meat grinder. Brisket burgers?
reply
lets go!
reply
204 sats \ 1 reply \ @om 15 Sep 2022
What do you think about LN over Liquid? I think it makes a lot of sense for a send-only wallet like Mutiny because receiving on-chain is basically free, at least for now.
reply
I do like that it's technically possible to do cross chain LN payments and routing between liquid and bitcoin. Unfortunately though, liquid continues to disappoint in terms of user-level adoption. It would have to feature both bitcoin and liquid support and building that out for very little use might be a big time sucker. Though from a privacy perspective, confidential transactions are nice. But that's a big lift that I would also have to push adoption for Liquid too and that's not a hill I think I want to die on.
reply
If a user wanted to run both a private node (for spending) as well as a public routing node (to minimize decentralization) with the objective of maximizing overall privacy, what do you think of this setup?
  1. Public routing node on a Thinkpad or whatever exposed via tunnelsats
  2. Private spending node with one public channel with low outbound liquidity and one private node with high outbound liquidity. The private channel would be funded by a mixed UTXO say 1M sats. The public channel would be funded with a second mixed UTXO say 100k sats
My understanding is that it's not possible to reveal the UTXO of the private channel in this case, and it avoids single hop scenarios.
Can you see any flaws with this setup or does it sound good from a privacy perspective?
reply
Yeah for one I like the idea that you're separating your spending from your routing. That's a great idea, and you can even take the initiative to set up your routing node to either not use any of your own UTXO's at all (by buying/leasing channels) or you set it up with a few coinjoined UTXO's (just keep in mind there's some consolidation happening there).
As far as the spending node, I think that would have been a good solution because of the "not possible to reveal the UTXO of a private channel hidden behind a public one" case. Great job on that! Though the good news now is that I believe all major Lightning implementaitons support SCID Alias so you can open up a single unannounced channel with that flagged turned on (the other channel partner also needs to support it) and then now it's not able to be probed. In both cases though, your channel partner will be aware of the UTXO, but not anyone else which is a great improvement.
I really like the idea of spinning up a new node for each UTXO and spending down that balance completely. Though it's hard to do in practice which is why I'm prioritizing that in Mutiny.
reply
What is the privacy benefit of separating your spending from your routing?
reply
Seperation of concerns for one. You'd probably want to just open unannounced channels ideally on your spending nodes. For routing, they need to be public. So you need to be more careful about what UTXO's you use and how you create the node in general (no alias, no ip address, etc).
reply
Oh cool, I'll check out the SCID Alias thing, thanks!
reply
Would lnurl auth be a good feature for mutiny? Or is that not "private" somehow.
reply
For paying, it would be fine as long as the network requests go through Tor. Even better if the LNURL itself was an onion address.
For receiving, it comes down to receiving on LN not being private. So once we get route blinding and if LNURL integrates route blinding, it would be a good solution as long as network requests go through Tor.
reply
what about simple auth, like on stacker news?
reply
Yeah one of the things I like the most about LNURL auth is that it has almost nothing to do with Lightning lol. It's just normal private/public key pairs for signing in. I almost thought about using one of the LNURL auth tools to do it without using your node at all when signing up on SN today
reply
What is your Favorite book?
reply
The Bible, I don't read much other books besides programming books. Though I did read Snow Crash for the first time this year and that was cool. Any recommendations?
reply
Based on your previous reading history, you may also like:
The Talmud
reply
Favorite Sci-Fi novel?
reply
To be honest, I haven't dove much into sci-fi novels much but I hope that changes. Notable, I think Snow Crash was really interesting, read that this year. I also want to read Moon is a Harsh Mistress but it wasn't at the book store last I went. Picked up Stranger in a Strange Land instead by the same author and hope to read that soon. Do you have any recommendations?
reply
Coincidentally, I got Snow Crash in my possession yesterday. The Moon is a Harsh Mistress by Heinlein (Starship Troopers) I read, it's definitely a good read for Bitcoin and is still relatively contemporary and has some thoughts on money and AI.
I would highly recommend reading Dune and Neuromancer and the Wizard of Oz.
reply
Whatโ€™s the #1 thing youโ€™d like to see happen with the lightning network and Bitcoin as a whole?
reply
More privacy on LN, which I hope to help with. You must be the change you seek afterall.
reply
Sounds like receiver privacy on LN is harder than sender privacy. What is the best way currently for a receiver to increase LN privacy?
reply
I would say there's a couple ways currently (which will get better soon with Route Blinding).
  1. Open an unannounced channel with the new SCID alias flag, spend down from it some, and then you may receive through it by providing route hints. They won't know your UTXO information.
  2. Have a liquidity provider or even a friend open a channel with you that way you don't have to reveal your own UTXO information.
reply
High level thoughts on Web5?
reply
Big believer in the ideas behind it, I have been in the Self Sovereign Identity W3C space since around 2018, which "Web5" is just a remarketed vision of that packaged in a couple tools. I would say Decentralized Web Nodes is the most intriguing part of their vision since only that is really a new idea, the rest is just a rehash of what people have been talking about and building for 5+ years. To be honest, I know we're moving in the direction of doing more P2P interactions on the web, it just does not matter to me how we get there. Someone's got to build a popular app utilizing the ideas or we are all just larpers playing around. I think some of my thoughts were also expressed here if you were interested in listening.
reply
How do you decide which Bitcoin startups to work for? What do the good ones get right and what do the bad ones get wrong in your view?
reply
Good question! I feel like my answer to that is mostly around the fact that I enjoy new challenges and working on new things. Most of the time, I stay for just a year or two, do amazing work, then move on to the next problem. Typically not at the fault of the startup. Though some of the things I look for when joining a new one is if it's aligned with my own personal values and if I think the work I will be doing will be enjoyable and I have the ownership of it.
Though all that said, I think consulting now is a great middle ground for me since I can do what I love about having new challenges without the bad feeling of leaving in what some would consider a "short" amount of time.
reply
What's the craziest or most contrarian thing you believe about Bitcoin and its future?
reply
I try not to have "beliefs" in regards to Bitcoin but more "hopes" and "worries", given that all things could change and it becomes a human nature / society reaction problem more than technical. And putting beliefs in humans as a whole will always let you down and is unpredictable.
That said, the thing I try to fight to avoid the most is government clamp downs and control. The "and then they fight you" threat is absolutely real.
I guess if there's one "belief" I have is that I do not believe Bitcoin fixes everything.
reply
Why did you change your name from what it was before to "Tony Giorgio", I remember it being something else. Anthony something. What was it?
reply
What can you tell me about lightning network stress testing? I've got this Bcash shill who comes to bitcoin brunch every week fuddings lightning and he keeps asking about stress tests so I'd love any resources I can shove in his face. thanks.
reply
It has been researched at an academic level many times since it's origin and has about over $100+ million up for grabs. I think that speaks for itself, though it could definitely undergo more analysis and stress tests.
reply
Was it difficult making the leap to working for yourself? What would you say is a good first step for a software engineer looking to leave a corporate job and become self-employed?
reply
I would say it was/is kind of difficult, at least mentally. I don't know if it'll work and for how long, but I'm going to try anyways because I've been working at startups non-stop for like 5 years in addition to multiple jobs back to back for years before that too. So I'm going to try.
I'd say reputation in this space before making that leap will definitely help the most.
reply
Is LN being used by miners or mining pools yet? If not, why not?
reply
Only one I'm aware of is Nicehash that has it as a lightning payout option though I don't hear much about that still to this day.
I would imagine because miners more than anyone else probably don't want to nor need to move fast and break things. There's already on chain liquidity management they need to worry about, adding the complexities of LN from accounting to securing to automation to unreliability on the receiving end is probably not something they see being worth the cost. Plus the volume they are dealing with is probably beyond something that needs to be on LN for many reasons, including routing fees.
reply
Thank you for your reply and thoughts on it. Maybe there is a market for a hodler to run a lightning-first mining pool?
There are two additional challenges related to this which come to mind:
  1. receiver privacy (something you are working on, thanks!) is important for miners, so until this is improved in lightning, they might be hesitant to adopt).
  2. an individual miner wanting to receive mining payouts via lightning would, naturally, need to have some in-bound receiving capacity.
I wonder if there is some sort of protocol which could be constructed such that a hodler can step in and solve #2.
reply