Replying to Avatar Hanshan

yeah that's my basic takeaway as well.

i gave up supposition as to his motives. he seems to genuinely believe its in everyone's best interest for him to misrepresent the risks to encourage LN usage 🤷

but I dont think LN is theoretical. you can spin up nodes and pay for inbound liquidity to receive without kyc. ie, move sats around trustlessly.

but you'd never know if the routing nodes were conspiring against you.

nuance and tradeoffs...
Avatar
Bass 5mo ago

I say it's theoretical simply because it's dependent on optional setup. Out of box lightning isn't what super is arguing for. I agree that Supers setup is superior. That doesn't mean that everyone else's ln setup inherits his level of privacy by default. The way it's being argued is as though it's simple, feasible, and done by the majority of ln users as though this isn't a systemic issue. You have to be actively controlling and operating at a high level of opsec going into it:

-Use non-custodial wallets

-Open channels non-publicly (ideally via Tor)

-Route over private peers

-Avoid third-party/invoiced-based interactions

-Never publish node info to network directories

Mind you, Nostr bros are on the higher end of tech savvy, and yet this is beyond most of us. Are we to argue that the best option for the world today is to educate them into perfect opsec on LN, or to give them an option they can get default, high level privacy while they learn how to do it perfectly on lightning?

Reply to this note

Please Login to reply.

Discussion

Avatar
Hanshan 5mo ago

what does "route over private peers" mean?

you just have a fat unannounced channel with a major node.

also I don't think items 4&5 ate particularly difficult unless youre a total normie

Avatar
Bass 5mo ago

Yeah, maybe I should have rephrased that a bit. "maintain unannounced channels and limit your peer set to non-gossipy, privacy-preserving nodes (or your own routing infrastructure)."

So yesss, I guess it's not to difficult but you still have to know what you are doing. Most people don't know what they don't know and assume privacy by default.

Regarding point 4 and 5, default settings on mobile wallets like WoS or even phoenix don’t do this out of the box, and most users accept bolt11 invoices from custodial wallets, run nodes that automatically gossip their presence, and don’t prune their pathfinding table or limit exposure.

these privacy measures are still opt-in, not default

If we are going to be honest with people, we should be telling them to keysend, trampoline, or bolt12 instead of bolt11 invoices, ruun their node in private mode --announce-addr=none and avoid gossip propagation.