@Layers announced today on SN a new service which gives "insights" gleaned from publicly available data.
LNRouter and similar services have existed for over a year now.
Mempool.space merged this GitHub PR which attempts to identify the addresses of public LN nodes. It will be freely accessible on their site.
This is commercial-grade surveillance software. You can bet your private keys that similar tools have been available to tyrants and compliance bros for a while now.
It's good to see products like Layers offer access to anyone who pays the fee (or for free). Not just exclusively governments like ChainAnalysis has for years!
As surveillance techniques gain popularity, it helps to point out the obvious flaws in LN privacy and give the network's operators a new goal: make the surveillance tools obsolete!
First, understand the problem:
You can identify net payment flows between nodes because...
  1. When a channel closes, it spends to two address (one for each node).
  2. Typically, nodes will open new channels with these channel closing outputs.
  3. Software can monitor the LN gossip network for new channel points which spend the UTXOs from a previous channel close. (Common input ownership heuristic).
  4. Software can identify which node received the majority of the channel's capacity. The address and closing amounts of both nodes has now been doxxed.
Nodes can thwart this kind of surveillance by...
  1. mixing their UTXOs after closing channels.
Explore using a tool like nolooking which creates a PayJoin batch channel open transaction. Would love to see more wallets with custom channel transactions or implement privacy-aware coin selection.
I remain long-term bullish on LN privacy. The incentive for node operators is to keep their payment flows hidden. Else, they risk revealing their most profitable channels and loosing revenue to competitors.
The solutions to these growing pains don't build themselves!
Be aware. Use the tools. Fuck the snoops. Carry on!
I didn't know about the mempool.space one but it's really trivial to detect. Wrote about it almost two years ago at https://abytesjourney.com/lightning-privacy/
Also don't forget about the recent amboss surveillance project, which they said they would walk back but continue to grossly collect. https://ambosstech.medium.com/lightning-balance-sharing-and-network-statistics-32e687a4db25
Unfortunately I feel like the incentives are for unprofitable nodes (which I'd wager is most) to give up their data (which mostly comprises of OTHER people's data) for money or additional services.
There's still so much to improve for lightning to be more private so still bullish, but it is pretty bad at a mass scale currently. Check out on going research at https://lightningprivacy.com
reply
IMO the unprofitable noderunners will either shutdown, become profitable, or seek privacy/sovereignty. Unprofitable operators willing to snitch on their peers for sats are a growing pain.
But the faster we make snitching unprofitable, the faster we grow out of it.
reply
Why do you need Layer 1 privacy when there is Layer 2 privacy? Lightning network is as hard as Tor to crack. Never mind. We need it to hide channel open and channel close.
reply
L1 privacy when necessary L2 privacy when convenient
Tor when necessary SSL when convenient
reply
This is commercial-grade surveillance software
Not really. This is some basic aggregation and processing of data that's advertised by nodes. The "good stuff" are things like running multiple well-connected and well-capitalized nodes to correlate HTLCs across multi-hop payments. Geolocating node IP or making a dashboard out of data gossiped to the network is useful, but its not som huge privacy invasion: that dat was public already.
@layers and (I think) LNRouter have opt-in tools to share data about payment flows so that the service can aggregate liquidity distribution across the network. Some services (and analysis companies) also actively probe to try to determine liquidity distribution on channels
reply
Thanks, this is correct - @Layers provides a window into public data available to everyone. One of the biggest challenges to LN is that the data is an evolving graph (not a blockchain). We provide infrastructure to provide deterministic, time series based data (that anyone could also collect) - and provide analysis and reporting on specific aspects of the datasets that can be valuable.
reply
Is the thermal radiation that your body emits also publicly available? Anyone with a thermal imaging camera and a drone can see where you are sitting in the privacy of your own home.
Elon's private jet transmits it's coordinates in a publicly available radio band.
Just because the information exists, doesn't mean I want people to have easy access to it.
Anything that helps others access information about someone against their will is surveillance.
reply
The mempool PR and these articles are great links, thanks for sharing. And the opening/closing channels and re-deploying liquidity - and the privacy required - are great background.
The privacy considerations of Lightning should always be taken into account.
However, there is a spectrum between surveillance and auditability. Without auditability, Bitcoin (and Lightning) does not serve its purpose.
  • When JP Morgan manipulates the metals markets, we want auditability
  • When FTX (or any entity) fractionalizes or rehypothecates assets, we want auditability to identify and prevent this
  • When sending or receiving a bitcoin tx, we need a way for everyone to verify that it occurred
  • If someone says that have N Bitcoin and wants financing or to carry it on their balance sheet, we want a way to prove this
Without auditability, Bitcoin loses its value.
Lightning offers the best of auditability and privacy. The tools and platform that @Layers or any others provide are a window into public network data. If the network is to continue its growth, and become material in the financial world, this kind of data is table stakes for any decision making.
If we want material capital deployment onto Lightning, it has to be audited. There may end up being a small "private" Tor based network running a fully decentralized manner - but some enterprise nodes are already subject to specific financial regulations.
Unlike a Bitcoin node, running Lightning - as you all know - requires an always-on, sophisticated setup. And to do this at scale is a professional operation. And to do anything at scale, requires capital investment.
Visa processed 192.5 Billion transactions in 2021. Per their report, River processed 115k LN transactions in September.
Extrapolate it out and compare it, and it shows just how early it is.
There are many technical challenges to run LN - again as you all already know. And there are also many legal and compliance challenges as well - for LN to reach material success, many things need to happen. The ability to audit and corroborate data that is private to a node is just one necessary piece.
reply
Privacy is the ability to selectively reveal oneself to the world.
If I'm running a business, then my customers should demand my node is audited and I should consent to the audit.
If I'm hosting my own personal bank account on my node, my employer or ex-wife shouldn't be able to audit me against my will.
reply
I found this article about LN privacy and how to avoid surveillance: https://abytesjourney.com/lightning-privacy/
reply
Nice, I think this deserves a post of its own.
reply
Yes, indeed can be a surveillance tool. But why nobody ask the REAL question: Who the fuck is that gov that wants to know my node operations and from where is coming ANY authority of them over my node?
Because THERE IS NO AUTHORITY if I do not consent to that authority. Why people are still chicken shit and obey all their orders and shit papers (laws), BUT NEVER question the authority?
Is so fucking simple to say it: I do not consent, fuck off, is not your damn business what I do with my own money, my own node.
Even if they know my UTXOs I don't give a shit. They can't do shit without my keys.
reply
I do not consent
Since when has that stopped surveillance? Sorry, but the sovereign citizen shtick doesn’t stop them from showing up with a swat team
reply
There's no such thing as "sovereign citizen". That, right there shows that you know nothing. You are just a pathetic statist.
reply
Your words can’t stop a bullet lol
reply
Good luck.
Minute of self-promotion. Valet generates fake node ids when receiving LN payments. That means there are no actual node on the network and receiving public key as well as final hop are artificial.
I should say that OBW as well does that since both wallets are forks of SBW.
reply
outputs can be also swept to L-BTC which is confidential via services such as SideSwap
reply
узлы просвечиваются. пипец...
reply