After reviewing the bolt12 spec (https://github.com/lightning/bolts/blob/master/12-offer-encoding.md) I find that bolt12 offers are less private than I thought. The spec says a bolt12 offer "MUST set offer_issuer_id to the node's public key" unless it is "connected only by private channels." This design seems like a misguided specification for anyone whose goal is to conceal their node id. I recommend against using any bolt12 generator that reveals your node id. But the spec seems to *want* nodes to do that, so I'm not sure there are any that attempt to conceal that data. Not sure what to recommend here except maybe just don't use bolt12 until its privacy protections improve, or an implementation comes out that avoids revealing your node id.
Discussion
Apparently I misread the spec. Someone highlighted this set of phrases:
```
if it includes offer_paths:
MAY set offer_issuer_id.
otherwise:
MUST set offer_issuer_id to the node's public key to request the invoice from.
```
Then they pointed out the direct implication: if you include an offer path (aka blinded path) you do not have to set offer_issuer_id at all
So the spec does not say the only exception is if you are connected only by private channels; a broader exception is there: use blinded paths.
Related lyrics, I asked if Eclair's implementation of bolt12 hides your node id when creating a bolt12 offer with blinded paths, and the docs seem to say it does:
```
If you specify blindedPathsFirstNodeId, your public node id will not appear in the offer: you will instead be hidden behind a blinded path starting at the node that you have chosen. You can configure the number and length of blinded paths used in eclair.conf in the offers section.
```