How privacy works in monero versus lightning
Discussion
Here is what a monero transaction looks like:
You can see a list of people who might have sent the transaction on the left under "ring members" -- one of them did it!
Now...can anyone show me a lightning transaction?
Anyone?
I'm waiting...
Seems like an apples to oranges comparison, but okay. Discounts the fact that 95% of lightning use is custodial... But okay
Your lightning address is literally coinos.io
Try responding without memes or I'll start calling you darthcoin.
It's unclear what your critique is. I run a LN node... What exactly is your argument?
Do your best to use LN in a self custodial way and maintain your privacy. By all means. But again, please don't argue onchain Bitcoin is more private than onchain monero...
I've used LN long enough to lose tons of sats trying to work with something that's a fair headache at times... You seem like an ostrich about that.
I don't trust or respect people that can't see LN's drawbacks or shortcomings for self custodial use.
> But again, please don't argue onchain Bitcoin is more private than onchain monero...
I don't. Onchain bitcoin is less private than onchain monero...unless you use coinjoin + stealth addresses, in which case, I think it's about the same, though sometimes better (due to coinjoins sometimes having larger anonymity sets).
If anything coinjoins are worse. They don't hide amounts. Since amounts are visible it leaves you more open additional heuristics that can reduce/undo obfuscation.
Some coinjoins may have a larger anonymity set for a single coinjoin, but I doubt that is true over time and over multiple transactions since they are optional. Very few transactions are coinjoins and the few that do are likely not for every spend. Additionally your anon set shrinks over time as those prior coinjoin peers make mistakes or send those funds to be KYC'd by exchanges and there is nothing you can really do about that.
Strong default privacy is important.
You are conflating anonymity with privacy.
Onchain bitcoin is NEVER private, as amounts + sender + receiver are always recorded onchain.
It can be pseudonymous (you don't know who the addresses belong to) at best, but never anonymous, as you can always see the addresses.
And over time, because of this, the pseudonimity tends to turn into certainty.
What are you going to say by the end of the year when FCMPs++ are activated, Monero has zcash-style anonymity of 1 in 100 million AND FCMPs++ allows tx chaining which will enable Lightning-like L2s? will Monero be simply superior by then, or will you just join the other maxis and say "monero bad because price go down"?
I am honestly curious what will you think of it and how will bitcoin remain superior for you
Everytime super strawman posts about Monero, I become more convinced of its viability. 🤣 I have to assume he is purposely reverse evangelizing at this point. Everytime someone makes a valid point, he rewards them with an ad hominem meme, and everyone who asks a valid question gets a monero sales pitch.
He can't handle to have a response for your question 😅🤣
Are you there nostr:nprofile1qqszrqlfgavys8g0zf8mmy79dn92ghn723wwawx49py0nqjn7jtmjagpz4mhxue69uhkummnw3ezummcw3ezuer9wchszyrhwden5te0dehhxarj9ekk7mf0qy88wumn8ghj7mn0wvhxcmmv9uynmh4h?
What you have to say about FCMPs? 👀
Some times is better to not talk when you haven't any arguments 👀
I'm a huge fan of the FCMP idea and I look forward to seeing them implemented
It will make the fight much more fair
Will that require yet another hardfork on monero?
Yep. And Bitcoin still remains the same surveillable blockchain it was 15 years ago.
Yes skipper, that means the majority of all node runners will voluntarily upgrade their nodes to get the latest features that benefit them and improve the protocol
Hard forks are not a moment for a major community political mental breakdown in more focused projects.
No one holds their life savings on that hotpotato (due unlimited total supply & non-auditable current supply) so it makes sense that you guys don't care about hardforking every few months.
Gold has an unlimited total supply and is similarly non-auditable. We will never know how much gold exists for certain the way we do bitcoin, and yet gold has been a SOV for centuries.
I know you know all this already, because others have tried to communicate these facts to you for a year if not two on Nostr.
Haven't heard of this so looking into FCMPs++ at the moment, seems pretty epic so far
I use the best tool for the job based on my needs for any given transaction. If want to cloak my transaction and my identity as much as possible, I use Monero. If I don't care about ironclad privacy and need to transfer a large amount, I use on-chain BTC. For day to day transactions that don't have a high privacy requirement, I use Lightning. I think they all have their uses, it just depends on your specific requirements which one is best suited.
You're comparing on-chain vs L2. Lightning is built on a transparent blockchain so still leaks data even if you do everything perfect.
Also, since most lightning users are custodial, they might be private to the general public, but they are naively surveillable by the custodians and any government that forces them to record that information and could do it covertly with a gag order. Basically the same trade-off as a VPN. You're just shifting who can invade your privacy for most Lightning users.
When Monero upgrades to FCMP I'm curious would you use it? Also would you use Monero when it has an L2? Since both things would alleviate your problems with it in regards to private transactions.
Worse some of the most convenient lightning hubs could be run by the government.
That on chain data it supposedly leaks is useless. Monero is equally bad in terms of who can spy because in practice most people reveal view keys.
I'd consider Monero if it was pegged to btc and had an L2.
If on-chain data is useless why are best practices before opening and after closing channels to coinjoin? Although better than purely transacting on Bitcoins blockchain, that is an obvious drawback of building a privacy layer on a transparent blockchain. That's one of it's weak links. For best possible privacy you would build a privacy L2 on an encrypted blockchain.
Not sure what you're implying with the view keys thing
It's not best practice universally. E.g. if you got your coins completely anonymously CJ before LN channel open is useless. Similarly, if you're going to open another channel with the closed UTXO CJ won't help you much. The key thing here is you could transact billions in Bitcoin inside $1000 channel and after you close it noone would know.
View keys in Monero allow anyone posessing them to see the entire transaction history. Popular Monero wallets used by random people simply leak them to centralized server.
Anything I've ever read or listened to go over basics of privacy on Lightning always recommends CJing before opening channels. And presumably if you're running your own LN node, the most private way to use Lightning, you would be doing that.
I feel like all this is moot though because thats not how the vast majority use it they're all on custodians like WoS that see everything.
The view key thing already assumes you're protecting those keys the same way you would protect your xpubs or private keys for Bitcoin/Lightning. Unless you think that applies to those as well for any wallet and crypto?
What popular wallets are leaking view keys?
The most popular wallets are all non-custodial and your wallet syncs the chain (Cake, Monerujo, Stack, Feather, CLI/GUI, etc)
Even if using someone elses node they can't see your view keys so no clue what you're talking about
If best practice is to coin join before opening a channel, and after closing your channel, what about things like boltz.exchange swapping out btc to and from your channel?
Genuine question - is lightning really that private? I had read previously that there are ways to track the transactions but I know very little about lightning and this was a while back
It is more private than monero, but you should not use it for serious privacy needs without additional defense-in-depth strategies. E.g. you should only connect to the lightning network after hiding your ip address via something like tor and you should not open channels with nodes who openly state they log all transactions that flow through their node in order to report them if necessary. (E.g. binance's privacy policy mentions that they do this.)
Most people aren't using Lightning through Self-Hosted means, the vast majority of users are using custodial services.
Shame cause it's kind of fun. But then, it takes a pretty deep maxi or very curious hobbyist to end up self-hosting.
I mean let's be honest to properly set up lightning takes anywhere between $500 to $5,000 dollars depending on the equipment used, how many channels you open, their size, and more.
True and I ended up facilitating Nostr for myself on accident in my pursuit of self-broadcasting on layer 1 - I just happened to stand up the lightning node too and realize how awesome Nostr is once you have all your toys
> to properly set up lightning takes anywhere between $500 to $5,000 dollars
you can properly set up lightning for $0 if you already have a laptop or an android device -- except for channel opening fees, each of which costs 1 btc transaction, i.e. 44 cents at current feerates
Well, yeah but the $500 was implying channel, and or hardware costs.
Usually having a dedicated setup for this would be ideal.
Just download electrum and open some channels
wait no, don't "just" do anything -- if you want decent privacy, you have to do more than that
Well, if you have well documented guides I'm all ears because so far I've explored Alby Hub/Alby Go, and Zeus.
But if there's something even better than those like electrum of course I'm open.
Unfortunately for me electrum, and stuff like that might take me some time to learn how to navigate.
I want to be as puritanical with lightning as possible as someone like nostr:nprofile1qqs9p3kw9e5u7za00x6jfz9jqsvvffheefaaptr9fdrzf4wqyh840kcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcegpufl perhaps, or others but it seems like the upfront set up can be somewhat problematic.
For me it's plausible but for the average person 80 to 100 iq person self-hosted lightning is an unrealistic ask.
Just install Zeus Wallet (it's a LN node that runs on your freaking phone), open 2-3 channels of 1M sats each to (good quality)peers and you are set. There's nl upfront cost besides few sats in tx fees for opening channels. You don't even need to let the app run 24/7.
I paid 700 sats in fees for 3 channels, the node runs on my phone.
nostr:nprofile1qqsrf5h4ya83jk8u6t9jgc76h6kalz3plp9vusjpm2ygqgalqhxgp9gpz4mhxue69uhk2er9dchxummnw3ezumrpdejqzyrhwden5te0dehhxarj9ekxzmnyqyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueq555fk2 LN node takes 1 minute to setup, and it runs on your fucking phone. No excuse to run custodial services unless you are lazy.
Yeah, I've been fiddling with Zeus unfortunately I force closed a channel since I was learning the ropes of how it worked, and my on-chain is in Bitcoin purgatory.
Hopefully they come back next week 🙃.
If my On-Chain comes back to me then I'll give Zeus another go but for now I have Alby set up.
Better documentation/guides would help 👍.
Check nostr:nprofile1qqs0nt9skq6vfsgh06v979rrnuchau87mmnk2lqxpv2xaeusqfp30mqpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qgwwaehxw309ahx7uewd3hkctc9ad278 guides. He has a bunch of good ones about running LN nodes and Zeus Wallet.
https://darth-coin.github.io//2025/01/05/zeus-node-advanced-usage-en.html
Don't open small channels. Don't RBF. Don't drain all outbound liquidity of your Olympus channel or they will force close it.
you are the meme
but forgot to say "be sure you open your channel with a conjoined utxo"
also minus several thousand points for the "more private" overgeneralization.
"send XMR to address"
that's what these folks did, and they got arrested:
The finnish guy: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack
The 18 japanese people: https://cointelegraph.com/news/monero-transactions-japanese-authorities-arrest-18-scammers
"Just sending xmr to an address" is also bad advice when the most popular monero wallets (cake wallet and monerujo) are known to have been unwittingly giving a list of nearly all their users' xmr transactions plus your ip address to Chainalysis: https://www.digilol.net/blog/chainanalysis-malicious-xmr.html
It is very easy to leak your personal info, especially your ip address, so do not "just send XMR to address" -- even the Monero website warns against this stupid "just use xmr" meme:
bullshit.
you are smart enough to know that there is NO deterministic way to identify the true spend in a ring.
and it's not particularly useful even if you do.
even your own "tracing tool" doesn't do much (if anything) except for a couple of heuristics.
the Japanese and Finnish stories are law enforcement FUDing good privacy tools, plain and simple.
as if they broke long established cryptographic primitives themselves and the ENTIRE FUCKING crypto community didn't hear about it.
do better.
BTW
there 90 minutes of STNs pedantic quibbling about why he thinks LN is better than monero on nostr:nprofile1qqsqxf440czzuzyjswddcumcg6yafpdll55958wvl6w94kk6g7dp6nqpr3mhxue69uhkummnw3ezuur0wf6x2mt0dejhymewvdhk6tcpzemhxue69uhkummnw3ezu7rdwgh8ymmrddej7qghwaehxw309aux6u3ww4ek2mn0wd68ytn0wfnj77a2vxg s pod
if anyone can listen to him splitting hairs to rationalize his ideas for that long.
I encourage readers to listen to the podcast and draw their own conclusions
also this one with me and Luke Parker (monero dev): https://x.com/super_testnet/status/1824431745443279044
exactly why I posted it.
they don't need to break "long established cryptographic primitives" because monero doesn't encrypt the sender or the recipient
and the entire crypto community *did* hear about these busts, hence the highly visible articles in very popular crypto news outlets
just stop.
the "recipient" is a one time address which doesn't correlate to anything.
it's more bullshit pedantry to say "its not encrypted"
all a 3rd party knows is it a *possible send somewhere.
but has no idea if it appearing on the chain is a possible decoy or not.
and yeah i wrote a breakdown of the original Nikkei newspaper article when it broke.
I know you know this stories break every year or two and they have NEVER been because LE has made any technical progress in "tracing" monero.
they told us most of how they traced the Finnish guy's monero. After arresting him, they sent an information request to a swap service which knew precisely what address they sent the monero to (because monero does not encrypt the recipient address), and then they sent another information request to binance, who knew that address showed up as a "ring member" in a transaction to their exchange. So they knew it was him. Didn't require breaking any cryptography. Just following the trail through monero's public ledger.
Of course, if the guy had used lightning instead of monero, the Finnish technique wouldn't have worked. The swap service wouldn't know what address received the money (because lightning hides the recipient's address from the sender) and binance would not know what address sent it to their exchange (because lightning hides the sender's address from the recipient)
People *actually understanding* the trade-offs they make is important.
You are actively working against that understanding by spreading bullshit.
Lightning *probably* does provide *some* privacy guarantees.
mostly unquantifiable.
because it depends on a lot.
mostly outside the end users control.
Monero already does provide provable reliable privacy. for all users of the network.
You,
trying to twist every little thing you can
to fit your desired narrative,
works against the security of end users 💀
> Monero already does provide provable reliable privacy. for all users of the network.
Except the ones who keep getting arrested
cope harder bro
Could you give examples?
The only point bro has it about your IP address. Definitely would recommend using Tor or I2P for your Monero wallets or better yet just make some paper wallets.
These people getting busted is not XMR's fault. It's the fault of the users for practicing proper opsec skills!
and he knows it.
it just suits him to walk right up to the edge of outright lying.
and meme when you call him out 🙄
As someone who isn't in the know on all of the technical aspects I have a question. Are you saying that there are, in fact, steps beyond "send monero to monero wallet" (as suggested in your meme and paraphrased) that are required to actually maintain privacy?
Or is it just a matter of using a VPN or TOR to hide your IP?
it's a matter of using Tor or a VPN.
also best if you connect to your own node,
or a trusted one at least,
if you send through a malicious node it can identify the real spend (although nothing before that).
TLDR
it CAN see IP address, last block synced, and potentially manipulate your decoys (reducing your sender privacy)
it CAN'T see amounts, receiver addresses, balances, and transaction history
If you don't run your own node there are practical things you can do to reduce/eliminate what little malicious nodes can see be using TOR/VPN + changing the remote nodes you use for every transaction or at least periodically switching them. But of course the best privacy is always to use your own node.
"potentially manipulate your decoys" part will soon be remedied and be one less thing it can see when Monero upgrades to FCMP
Good resource on what a malicious Monero node can and cant see:
Finnish busts: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack
Japanese busts: https://cointelegraph.com/news/monero-transactions-japanese-authorities-arrest-18-scammers
Chainalysis explains how they trace monero: https://cointelegraph.com/news/chainalysis-leak-monero-traceability
Ciphertrace claims to be able to trace monero but does not provide an example: https://news.bitcoin.com/ciphertrace-enhanced-monero-tracing-capabilities-governments/
you would link the actual video of CAs "monero tracing" techniques
if you were interested in actual facts.
but the video is basically a commercial for #monero
so you won't.
Ok, I've been replying to you in good faith here, but now I see you actually have NO IDEA what you are talking about.
Go to a monero block explorer and find me ONE monero address (starts with 4 or 8) there. Go on, I'll wait.
An address shows up on a ring signature? lol! Again, go to the same block explorer, look up a random tx, and see if ring members look like addresses to you.
You clearly have no idea about what you're talking about buddy.
the sad thing is he *does know.
he just thinks he's smarter than everyone else and it's ok to lie.
"Monero doesn’t encrypt any of those things. It perfectly hides the amount, it perfectly hides the recipient (more akin to hashing than encryption), and it obscures the sender - but in future it will perfectly hide the sender too.
Anything encrypted can be decrypted, and Monero simply doesn’t encrypt anything because its users value privacy and can’t take that risk."
wow these make me miss being on twitter
"Amount and receiver are ZK. Sender is ZK within their ring. That ring is a subset of all outputs."
Also for the reader
This guy has no way of knowing how many IP addresses chain analysis was able to get (if any) as a result of the Moneroworld reverse proxy malicious nodes.
To sum up:
CA is running malicious nodes.
They had succeeded in compromising and redirecting DNS records of a trusted but poorly maintained service to point to them. The above wallets listed those some of thiser nodes as options in their default node list.
Users sending a tx through those malicious nodes had the true input (a stealth address) to their transaction identified. And if they weren't connecting through a proxy their IP address.
Obviously less information then what would be leaked if you were connecting to a malicious Bitcoin node.
heres the video where CA breaks down the data. its good to be aware of the dangers and see their capabilities.
which are frankly minimal.
just use a proxy and connect to a trusted node.
You do realize the remote node never learns who you are sending to, or where from (other than IP address, but again, that's not a Monero issue, it's a TCP/IP issue), right?
What it does learn is that you own a certain utxo, if you immediately retry a tx on the same node after the node maliciously rejects it (there will be one ring member that doesn't change between txs, that's the real one).
LOL Monero idiots saying people don't need Tor with Monero 😂
No one is saying that. It's simply bad opsec. Nothing Monero can fix.
The author of the meme does.
Who is saying that?
It is true though that if you run your own Monero node you have better default network protection because of Dandelion
Whoever made that meme.
What meme?
the one Kanzan posted in this thread: nostr:nevent1qgs0npwnpyvheqz7zuvuwvv9k460c0hyqlturds40hhfn34vufvehwcqyzmedf9x4a7ga33dtjk88s0n0nw9yspkfgdna2xsv23wchfr7jddjx63xau
it puts "use tor" as an example of the gymnastics you have to do to gain financial privacy if you don't use monero
of course, if you're not using tor on monero, it's a lot easier for sybils to collect your ip address and link them to your transactions
Dandelion helps prevent this too, but it's much better with tor
I will say, I'm not surprised the XMR people put "use tor" as a non-monero thing
Monero isn't made to integrate with Tor according to its github
Monero is meant to be used with Tor and i2p.
I'm sure that's why its github explicitly says, "Monero isn't made to integrate with Tor" source: https://github.com/monero-project/monero
Read my other note. Also there have been many discussions about Kovri, a Monero i2p implementation. It has been abandoned for different reasons.
There are follow up projects that seek deeper integration.
> Read my other note
Can you link to it? I don't know which note to look for
Also I doubt that the Github page you are citing is reflecting the current state of understanding.
It's a good thing you bring it up so we can discuss and create more clarity.
Most wallets have Tor and Tor nodes available in the wallet like Cake, Feather, Monerujo, Stack
Fully agree.
Monero should go all-in on anonymity networks or at least make it the default. That will result in less opsec failures.
So far people are still happy with being able to run Monero nodes over anonymous VPN/VPS and there are a couple of points made that scarcity of ipv4 addresses protects the network from sybill attacks via ipv6 , onion or i2p addresses. It's something I read from core devs. Not sure if some of those attacks can be mitigated by now.
LOL yea that meme is not 100% facts, because of course you need to use Tor for either one, but there is a reason why its used so often because it is directionally true. Monero still provides better default privacy without so many hoops to jump through.
nostr:note1qej4qu0uddfqc4mx94aaen4h7xs7499yxetq8mt9qy6g4u48wxhs6tnxap
ecash transaction
:where:
Good privacy. But still in a early state, wouldn't put to much money in it. Biggest downside it's custodial
When blinded amounts? 👀
nostr:nprofile1qqsw8lr88lzln8x92ng073m4v72kglf9edhxvk8eztg3ftny98f46dgpz4mhxue69uhkummnw3ezummcw3ezuer9wchsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshsk9y93w 🤖
currently working on a prototype built from CDK and cashu-kvac.
nostr:nprofile1qqszmxrnkfdl9hdxzstgf4zdt6mk4avlzemc3fvwxcatzeclalhg0uspr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqprpmhxue69uhhyetvv9ujumn0wd68yct5dyhxxmmdqy28wumn8ghj7un9d3shjtnwdaehgu3wvfnsryzw6e aren't they changing the protocol so that the Anon set is every monero transaction ever? Pretty sure this is either out of date or soon to be.
Plus not very nuanced to compare monero and lightning. Lightning is a notoriously heavy lift to do self custodially. Lots of errors and headaches. Monero just works
They are testing whether they can modify monero to use full chain membership proofs, and they hope to get it done this year: https://x.com/MoneroMavrick/status/1856881416987988406
> monero just works
There are definitely dumb ways to use monero. But can be mitigated. Hard to argue that layer one Bitcoin is more private than monero though...
Lol and then has a static Bitcoin donation address in profile... Yeah you're an untraceable super hacker. Nice try. Try using a paynym or monero address if you want to receive donations
He has a point Super. You should change your Bitcoin donation address to a Silent Payment or Paynym address for yours and your donaters sake. Google shows your history, balance, all addresses associated, and all your website accounts tied to it...
In both cases you quote, it was not Monero that was traced.
Spend more than 2 minutes searching for it, and you will reach the same conclusion.
Monero is part of the puzzle, not the whole puzzle. There is plenty of dumb shit people can do to be traced outside of the blockchain.
Is there a ln setup (self-custodial or trusted 3p) that makes transactions private?
I am not a privacy expert. That said, for serious privacy, I would start with this:
- Get a dedicated device
- Install TailsOS on it
- Download a bitcoin node and electrs
- Open electrum (comes with TailsOS)
- Set it to use your node (not electrum servers)
- Set it use tor (probably automatic on TailsOS, but check)
- Send bitcoin to electrum via a coinjoin
- Open channels with privacy focused peers (e.g. ecash mints)
You will need almost 1 TB of disk space for a bitcoin node
TailsOS will be terrible to do any normal web browsing on because of the Tor blocks / CLoudflare CAPTCHAS
since it's a "dedicated device" for lightning transactions, it's not for web browsing
> You will need almost 1 TB of disk space for a bitcoin node
not if you do transaction pruning...though then there is some additional setup to ensure you can get the blocks you need when LN needs them
Ah .... then......just use a regular Linux distro
Tails is not persistent
Me after reading this thread:
This device has to be online 24x7 to keep channels open in lightning right?
No, my node is off pretty much all the time, I just turn it on when I need to make a payment
Though in order not to have to trust my counterparty, I do have to "check in" (i.e. open the wallet) once every two weeks or trust a watchtower
Great theead
Ah, lightning better then.
This isn't really accurate, super
Lightning tx are more private than monero?
Can someone explain this?
It's nuanced. A lot to think about. Lightning is comparable with differing advantages if you use Lightning in the most privately preserving manner perhaps how Super uses it.
I would say Monero offers better default privacy especially for the average user. Definitely better than custodial lightning (no privacy from the custodian) and LSPs (reduced privacy from LSP).
Thank you! That helps
You forget that -if you don't run your node- at least 3 out of 5 of these will be fake inputs because the node is operated by some intelligence agency.
nostr:note1k6zvw7rg3dv8mcmzgn9w0k90g95y8mw04tftm25ke2htfpkmutyqe0h3kr
fucking lol
The meme is hilarious, but aint nobody got the time and patience for that Super except the most ardent of LN devotees.
And apparently most Lightning users agree with me since they're largely using WoS, Strike, Primal, etc...
stop before you get hurt.
Just another twats talks
Lol. There's really a lack of nuance here. Worrying to see how many likes (measured by Nostr standards) this note has got. The Bitcoin space has changed a lot since I joined.
