Another monero user took up my LN v. XMR challenge! I successfully traced my XMR payment and doxed his stealth address. Let's see if he can trace his LN payment and dox my channel!
Discussion
👀
I'm honestly not an expert on lightning, but maybe this is a bit naive?
Let me explain: you're challenging him to find information that is not publicly available (the routes after the last hop). While he cannot get that information, doesn't mean law enforcement couldn't subpoena large node operators (?).
Yea, the challenge is a bit deceptive.
For Monero he's basically telling us the amount he sent (duh) to the stealth address he created (duh) as if any of us said that was impossible and was some difficult feat to achieve (no one claimed either of those. I sure didn't.)
But instead of keeping things similar and asking the amount sent on the Lightning side, he slips in "total balance" (he can't do the equivalent of this with Monero either). And instead of asking for the public key of the node it was sent to, he's asking for a final destination (he can't do the equivalent of this with Monero either)
I answer most of these criticisms in the attached post.
One that I don't go over there is this one: "he slips in 'total balance' (he can't do the equivalent of this with Monero either)"
I can. The total balance of a "one time pubkey" on monero is never higher than its initial balance. It can get lower, but only if that address has shown up in a ring sig later. When I made that post, it hadn't shown up in a ring sig yet, and I know this because it didn't have 10 confirmations yet when I made the post, and monero doesn't let you spend an output til it has 10 confirmations. I have not checked to see if it has been used in a ring sig yet, but if it hasn't, then I know its balance is still the amount I put in it.
nostr:note1pjsqetvr45nklmz9el4a4fk0excg2hv63cp4m9le6fzksqdg3zlsemzvem
didn't this idiot try calling a clearnet website with nothing illegal on it a DNM yesterday?
stop arguing with people who change definitions and goalposts all the time and switch to ridicule
> doesn't mean law enforcement couldn't subpoena large node operators (?)
They could *try* to subpoena large node operators, but thankfully, routing nodes do not know the destination either. This is because the onion protocol lightning uses is designed so that routing nodes don't know their position in the route. Consequently, they do not know which node is the last hop, and cannot identify the recipient, who is the node after that.
But yet they do at least know the previous and the subsequent hop of the route (?). You could walk backwards with the information from each node.
Let's suppose Dave wants to pay John, and passes through these nodes: Edna, Filbert, Gena, Harry, Isabella, John
Harry decides he wants to collude with the other routing nodes to find out who sent the payment. So he walks backward: he contacts Gena, and says, "Did you initiate the payment?" Gena says, "No, I forwarded it from Filbert." So they both go to Filbert, who says, "Wasn't me, I forwarded it from Edna." So they both go to Edna, who says, "Wasn't me, I forwarded it from Dave." So they both go to Dave, and ask him, "Did you initiate the payment?"
Dave has a few options. He can, for example, say nothing. Silence doesn't prove he initiated the payment; it only proves he doesn't want to answer. Maybe Dave is a routing node with a good privacy policy.
Here's another option I just thought of: it would be fun to write some software that makes it easy for Dave to spin up a perfectly valid node for Carol, who is a fake person who Dave invented out of thin air, and make it look like she forwarded the payment to Dave. Then Dave could say, "Wasn't me, I forwarded it from Carol." Then, if they go to "Carol" (who is really Dave, but they don't know that), he can spin up a node for Bob and just keep doing that, leading them on a neverending goose chase.
Suppose that the bad guys give on on trying to find the source (Dave) and seek the destination (John) instead. Harry can ask Isabella if she forwarded it to anyone, and she might say, "Yes, I forwarded it to John." Then he and Isabella might ask John and he lie and might say, "Yes, I forwarded it to Kelly," and spin up a node for her so Kelly (who is really John) can "prove" it, or he might just not answer. Either way, the colluding routing nodes have no idea who the sender or the recipient is: they just know that at some point people stop answering, and that might be for a variety of reasons. Refusing to answer a cabal of routing nodes does not prove you are the sender or the recipient.
By the way, since routing nodes are run by a variety of people and most of them do not have contact forms or any sort of formal policy about how to contact them if you want to collude with them, I think it's very unlikely that Harry would get an answer in the first place from Edna, Filbert, Gena, Harry, or Isabella. But even if he somehow did and every routing node colluded, they still can't identify the sender or the recipient.
Fine work 🤙
This "experiment" is so deeply flawed. I'm a lightning enjoyer, but this is painful to watch
Care to explain?
In practice Lightning is much more private than Monero.