Hi everyone,
noob here.
Which privacy trade-offs do I have by using Phoenix?
If I understood well only the amount and next hop (but not final destination) are known to ACINQ node right?
Same if I am receiving a payment, right? Only previous hop and final amount?
Metadata and everything else is unknown to ACINQ, right?
Hello,
Trampoline routing delegates route calculation to the ACINQ node, which is how it learns the amount and destination of BOLT 11 payments.
With BOLT 12 and the support of blinded routes, ACINQ doesn't learn the destination node anymore. However, only a handful of wallets support BOLT 12 at the moment.
For backwards-compatibility, we need to keep allowing paying wallets with BOLT 11 invoices, which is why we left the privacy notice as-is. Once the whole ecosystem migrates to BOLT 12, then this privacy issue will be fixed for good.
ACINQ doesn't know the origin node. It knows the destination Phoenix node and the amount.
Finally, note that a Lightning node id is much less persistent than an on-chain address, except for routing Lightning nodes with publicly announced channels.
source
Not sure if that’s up-to-date but I assume it’s so.
How do you imagine this would work? Of course they know the next and final hop when you receive payments since they need to forward it.
I think this is out-of-date information as you now run you own node with phoenix on your phone. Your quote is from 2019 if you look at the comments here:
I think Phoenix was always running a node to be self-custodial. However, to the extent of my knowledge, it doesn’t calculate the full route on your device but uses trampoline routing and I think it only uses @ACINQ’s node as the trampoline node for now (and not multiple) since the trampoline routing specs are still WIP. This would mean they know everything about your payments.
Again, not sure if that’s still the case. I’ll send them a mail to clarify here. I don’t expect them to check their SN notifications.
I wonder if there's a difference in terms of privacy while using BOLT12 in Phoenix in 3 different scenarios
(I also wonder if there are privacy differences based on how you use the BOLT12 in Phoenix, because there are 3 formats - human readable address (the thing that looks like lightning adress), the payment code and full URI)
Good questions, hopefully @ACINQ will see my email and reply tomorrow during business hours
Since everything is passing through their side of the channel I'd bet it's not the best privacy focused wallet.
For everyone in this thread: not sure if you saw, but ACINQ replied in #866536
It's possible to hide the destination with trampoline routing but I think amounts would still be revealed.
You could also calculate the route on the device but that requires more resources:
Privacy of receiving payments in such a setup is an issue though afaict.
none
wrong again 👀
please find me using a phoenix wallet
Please find my bank transfer. Oh you can’t? Must be private then.
bank transfers have attwched real names.
bitcoin wallets don't.
is kind of stupid to compare them.
Point taken
Ask @DarthCoin
Even today, ACINQ acknowledges that there has to be "some degree of trust" when working with the Phoenix wallet. It even explains that if you want to connect to a node other than ACINQ, you must use a different wallet since Phoenix is not intended for advanced users.
You can find all the answers at this link
https://phoenix.acinq.co/faq