Replying to Avatar Papa Figos

Same with bitcoin, neither one scales at it exists now. There's nowhere near enough block capacity for even 1/4 of people on the planet to open a channel in any timely fashion.

The IP issue is a bit different, in lightning your peer will know your IP, but also your channel id, balance, etc. Compounding that is the fact that the non-custodial lightning wallets (where you don't run a node on the phone a la zeus) that are more widely used, use trampoline routing. So they know who you're paying.

In Monero you have the issue where a malicious node can error out as you attempt to spend, and if you resubmit the tx one of the outputs in the decoys will remain constant, revealing that you own it.

As far as I know that's the only thing. But yes, at the network level, use Tor and to some extent mitigate either scenario (which 99% of users will never do of course).

The LN scenario leaks more info if you compare them side by side.

Regarding the funds potentially being stolen after 2w, it's not about the attacker predicting the future or not. It's about there being a constant risk as well as the incentive to do so.

Since most (99%+) channels are public, and since most user channels are not involved in routing, it is trivial for an attacker to monitor usage patterns and increase their odds.

I don't know about you, but for me I would not risk having on lightning any amount that I would regret losing in the first place, first because it's a hot wallet (pretty much the entire network is, really, which is yolo at its finest), second because a year from now when I check, the funds might just not be there anymore.

There is also the issue of upkeep. I don't run any LN nodes anymore because the hassle simply wasn't worth it.

Finally, regarding edge cases, yes they exist, but the known ones will be going away with FCMP soonβ„’. They're easy enough to work around with, but I agree, it's a weakness. A small one in the grand scheme of things, but it doesn't have to be there - which is why they're going away.

About the catastrophic bug, yes, I am aware. And it was luck indeed.

But don't forget Bitcoin has suffered a catastrophic inflation bug (see https://en.bitcoin.it/wiki/Value_overflow_incident ) in the past, requiring a rollback of the chain (which never happened in Monero), as well as a host of serious bugs that would've ground the network to a halt (could link them here, but they're easy to find).

In other words, software has bugs.

Lightning, incidentally, has had its fair share of trainwreck bugs as well as potential ones (see https://protos.com/bitcoin-lightning-bug-could-jam-and-steal-millions-of-dollars/ and https://protos.com/bitcoin-lightning-network-users-could-have-lost-millions-in-jamming-attack/ and https://protos.com/researchers-discover-critical-bitcoin-lightning-network-vulnerability/ and dozens of others), further cementing in my mind that it's not worth it to risk having a lot of money there.

And because using lightning non-custodially implies opening channels, and each onchain tx is another nail in the coffin privacy-wise.. I end up defaulting to Monero most of the time.

Now, don't get me wrong, it would actually be less friction if I could use BTC privately without all the tradeoffs just mentioned, since I basically hodl zero Monero proportional to Bitcoin.

But I care about privacy as a human right a lot, and unfortunately Bitcoin and privacy rarely go well in the same sentence.

I wish that were different, but it isn't right now, at least not satisfactorily in my analysis, which is exactly why I use Monero.

Avatar
Elephant in the root 1y ago πŸ’¬ 1

It's not that much about block capacity (which is determined by Internet capacity, btw) but more about a computation. In Monero it'd roughly quadratic, in bitcoin it's linear. (I'm simplifying, it's not about precise numbers.)

If you want privacy on LN you need to use appropriately private solution. Complaining about shitty LN wallets is dishonest because shitty wallets exist for Monero too (sending the view key to a server). Side note: trampoline routing was specifically invented to protect sender's privacy. You're confusing it with something else.

Another Monero issue: if you repeatedly (at least twice) get your xmr from the same source that knows your identity (e.g. KYC exchange) and then use it to buy something from the same entity (e.g. dark market) and the data of the receivers leak (feds close the market) then it's possible for your money source (or whoever coerces it to hand over the data, e.g. feds) to track you down with extremely high probability. This vulnerability doesn't exist in LN. (I'm assuming in both cases you withdraw coins to your wallet first.)

The key difference between LN and Monero is if LN leaks only some entities get the information. Monero is stored onchain forever (e.g. the edge case above) which is quite ironic since Monero fans were criticizing Bitcoin for precisely this reason.

The incentive to steal on LN is pure fantasy. The thief is risking loss with quite high probability. And funnily enough, there exists incentive to trick thieves into attempting to steal because that results in reward. Thus it's safer to not steal.

I also don't get the obsession with hot wallet issue. Whether you lose money on LN with some low probability or to Monero inflation with certainty doesn't really matter much.

I don't understand why you replied to me replying to you saying that LN has bugs by pointing out that Monero has bugs too with mentioning Bitcoin has bugs too. You said it already. Everything has bugs, let's focus on design instead.

The irony in LN is that "public" channels are actually private and "private" are actually public. And whoever claims that 99% of channels are public is pulling it out of their ass because nobody sees how many private channels exist. And "public" also means "involved in routing", so you're contradicting yourself.

Monitoring LN is much more costly and complicated than people imagine. The attacker must provide many high-quality nodes that actually provide good service.

Also it seems you've fallen prey to another myth about onchain opening/closing transactions leaking stuff. It effectively doesn't. The information is super scrambled by the time you close channel, nobody can tell shit from it.

Finally, I don't understand your rhetoric. You mention that you want privacy for yourself but at the same time you're mentioning "most people". Which is it? "Most people" will never use Monero anyway, so why bother with them? Better onboard them on LN even with shitty wallets because they at least increase the anonset. πŸ™‚

Reply to this note

Please Login to reply.

Discussion

Avatar
Papa Figos 1y ago

Really enjoying the debate here, but this one will take awhile to reply to, as you raised many points, and given the season, it might take me a few days.

Would you like to keep going? I can schedule typing a coherent answer at a later date.

Avatar
Elephant in the root 1y ago

Right, it took me some energy as well, having a little break sounds good. πŸ™‚

Avatar
Hanshan 1y ago

You don't accurate explain the EAE attack thats possible on Monero.

its NOT "if you get Monero twice from the same KYC source (Eve) and use it with an entity cooperating with Eve"

more information below.

also the possibility of this attack will be eliminated in the next update of the Monero network.

Monero privacy guarantees are actually guarantees.

LN can't provide that and you

or most (all) end users

cant quantity WHAT privacy they have.

https://www.youtube.com/watch?v=iABIcsDJKyM