reply on: Running a fully private LN node - recommendations \ stacker news ~bitcoin

pull down to refresh

383 sats \ 2 replies \ @Hakuna 1 Jan 2023 \ on: Running a fully private LN node - recommendations bitcoin

This is a lot to dig into. It's late in the night, so I'll throw some pointers, but it's not addressing all of your very well founded questions.

implementation doesn't matter that much. LND as well as CLN and Eclair are open sourced, and there is a somewhat certainty that with a larger community of users, security is hardened. But since LN is a hot wallet, funds are never 100% safu
same with LN management tools. with LNDg and command line, you should be sufficiently setup to manage properly, as well as balancing risk using 3rd party software. Since LNDg is open sourced, you can control and verify what is shared with other parties (none at this point, but you can doublecheck before each update)
funding non-KYC is a keypoint. @Darthcoin has a tremendous amount of great guides about this. You may want to read this longer guide, a list of kycnotme providers, How to consolidate UTXOs and listen to this talk about LN Privacy.
Hybrid is key for successful routing nodes. Most if not all VPN providers expect you to KYC, so this is a no-no. Tunnel⚡️Sats addresses exactly that usecase - no KYC VPN for your node
Swap out options are growing every day. As long you keep your node BTC UTXOs clean and switch addresses, you should be fine with trustless and custodial options. But this may change over time, so keep connected with the community what the best options are (I'm not well versed on this topic)
Darthcoin had a guide once to build a dark / hidden / shadow node, which has only private (read: unnanounced) channel(s) to his "public / front" node. This way, you can mostly keep the dark one behind. but note, that invoices from the dark node will reveal it's path. I can't seem to find that guide anymore
Node runners come and go. I think you can only be successful if you keep connecting to the community. Use lnvpn.net to buy a mobile number. Use this to sign up with telegram or use matrix. Build your own email server or at least use proton.me for a new, anonymous email address. Keep the social network interaction to a bare minimum. Amboss will collect your IP address when you claim your node, but without it, your marketing exposure is gone. I know many node runners who only open to channels where they can reach / talk to the runner. So it''ll always be a tradeoff
keep updating your node OS. Many runners forget about this

That's it for now, hope it's useful, even though it's a bit erratic.

0 sats \ 1 reply \ @south_korea_ln OP 2 Jan 2023

Thanks. I'll definitely dig into @Darthnode's guides. Forgot about them when I wrote the post. His ideological recommendation is usually not to care about possible regulators, but if at least, one can make it harder for them to intervene, one should do it. And his guides provide exactly such information. And indeed, before caring about any LN privacy, I should first work on my online privacy in general. What about updating the OS is related to privacy specifically? It sounds like good advice, but not sure in the context of privacy.

100 sats \ 0 replies \ @Hakuna 2 Jan 2023

Yes, the social souroundings of your node need to be tight as well, to ensure your identity is anonymous and protected. Recalled a couple of options I forgot yesterday, wanted to mention them since they are important:

don't use public mempool sites to look up tx's. this could allow malicious sites to relate your identity (IP) to tx. Better always use your local mempool instance from your node
don't use umbrel. Better go for a bare-metal setup, where you only install what you need, and everything is validated by the open source community. Raspibolt is a key here, and has most of the apps you may be used to use as install guide (including mempool, see above)
you may ditch twitter and telegram completely, and go full #nostr. It's a vivid bitcoin and lightning community, and helps you to stay completely anonymous and away from centralised social media services

On your last question on OS updates: This was more about security, not about privacy per se. But if your security is weak, it creates attack vectors to expose your identity, too. So keep a natural habbit keeping your OS up-to-date secures your stack and your identity. One more thing: #raspiblitz has everything Tor'ed (even OS updates), so your ISP basically doesn't know shit about you

running bitcoind
running a linux system
transacting with lightning

The drawbacks are speed and reliability as @1fatmess mentioned further below. But as long speed is not a key factor, tor is a great obfuscation method.

Hope this helps and adds to your research list