Monero users don't like to hear this, but ideally, the sender of a transaction shouldn't know what address belongs to the recipient. But monero can't work unless the sender first gets your XMR address. On lightning, the sender almost never learns your BTC address. It's way better.
Discussion
know a lightning, to can't sender Monero transaction your sender It's your sender the don't learns the like gets But ideally, unless BTC users monero never to the belongs of address recipient. what the shouldn't hear better. On address. but work address. this, almost XMR way first
Lighting is the most private way to pay for goods and services. Monero bros get rekt.
"if" you are careful
you'll get rekt if just pick up Wallet of Satoshi or a similar custodial LN wallet and expect good privacy out of it
for serious privacy, remember to use rendezvous routing (available via bolt12, Zeus wallet, or lnproxy) and guard your ip address via tor or a vpn
Would Aqua Wallet not be good for privacy as well?
I haven't looked into Aqua Wallet's privacy features, if any
In my experience, privacy on a mobile device is very hard
Your keyboard is probably logging every thumbstroke
Your apps are probably reporting every swipe
Even if the Aqua app is designed with perfect privacy in mind, you get compromised anyway because your OS *is* surveilling you and the app can't stop that
For decent privacy I recommend not using a mobile device
that depends a degoogled phone like grapheneOS, linageOS, calyxOS. Are responsibly safe
just run you own self-custodial LN stack and be sure theres enough liquidity along the route to the payee and you're great!
(as long as your routing nodes arent colluding, which you can't know)
I agree that sender wonât know my BTC address with Lightning, and I love that I, as the receiver, I canât see anything about the sender. My beef though is that sender can see the recipientâs IP address. I had to go to great lengths to anonymize the IP of my node. I could use Tor of course, but I get a lot of timeouts doing that. I wish there were a way to easily obfuscate the IP of the receiver but I havenât really figured out a good way to do that yet.
the sender only learns the recipient's IP address if the recipient's node is a routing node. And even then, he only learns it if the recipient (1) isn't using bolt12 AND (2) isn't using blinded paths AND (3) isn't using lnproxy AND (4) isn't using tor
Using any of those mitigations fixes this. You can also just create a separate node for routing, if you want to run a routing node.
Hmm⌠Iâll have to research this. I have no interest in routing so thatâs not an issue. I just want to send and receive. Maybe I misunderstand how it works but I think since the sender has my public node ID, canât he just paste that into 1ml.com and get my IP? Also, I think if someone wants to send me money, letâs say to nyname@nydomain.com, the LNUrl protocol has to talk directly to my node to tell it to create an invoice, etc., doesnât it?
> since the sender has my public node ID, canât he just paste that into 1ml.com and get my IP?
Not unless you're a routing node. Nodes only announce their ip address if they want their channels to be available for routing. If you don't have any publicly announced channels, your node won't appear on 1ml.com or any other lightning explorer, so no one can get your IP address from there.
Regarding lnurl, lnurl servers do have to get an invoice from your node, and so *that server* probably knows your ip address (though see the next paragraph). But that ip address doesn't show up in your invoice or in gossip unless you run a routing node i.e. you have at least one publicly announced channel. So if you're not doing that, the sender won't get your ip address; only the lnurl server will (probably -- see next paragraph).
Hmm...I said a moment ago that the lnurl server "probably knows your ip address." But I suppose it's possible to communicate with an lnurl server using methods that protect your ip address, e.g. tor or nostr. Which means now I have a new project idea! An lnurl server that talks to your node via nostr and thus *doesn't* learn your node's ip address. Thanks for prompting the idea!
That would actually be really helpful! As it stands, I have to set up a Cloudflare-hosted redirect for a specially crafted LNurl for my domain. The redirect points to a LNUrl implementation hosted at Alby, so presumably at least Alby knows my IP. It would be cool to cut Alby out of the loop and, like you said, have the negotiation thatâs required to create the invoice take place between the sender and receiver via some anonymizing intermediary like NOSTR.
Why is this a problem if they will lose it when it moves? It doesn't matter if they know your address when you receive, if they can't see where you spend it.
> Why is this a problem if they lose it when it moves?
Because on monero, the sender knows which of your pubkeys he sent money to and can watch the blockchain to see *whether* it moves
For example, if the pubkey he sent money to never appears in a future ring sig, the sender knows the recipient still has that money -- he knows it hasn't moved
That's bad for receiver privacy. What if you don't want him to know? Why *should* he know? What if, at some point in the future, you claim you sold all your monero, but an exchange proves that they sent money to your pubkey, and the monero blockchain proves it hasn't moved since then? That's a serious privacy defect.
And that's not the only defect. You say "they will lose it when it moves" but some blockchain analysts have managed to track what happens to monero after it's sent by eliminating some or all of the decoys used in monero's ring signature scheme. Chainalysis even offers a paid service where they brag about their ability to do this, and law enforcers have used this service to arrest monero users. So your claim "they will lose it when it moves" might *sometimes* be true but monero provides no guarantees here.
That's why *omitted* information is better for your privacy than *obscured* information. Monero *obscures* details about the transaction. Lightning *omits* those details altogether by (1) not posting anything to a blockchain (2) actually encrypting all parts of the transaction (3) using HTLCs and (sometimes) rendezvous routing to ensure that the sender can't even be sure he knows the recipient's public key
(2) isn't accurate. Lightning doesn't technically encrypt amounts at all. Every hop knows how much is being forwarded, but Monero does conceal amounts (except for fees). Also, for (3) the sender being unsure seems like obscured information. Because it still *could* be the recipient's public key, but maybe it's not. Just like you can't be sure a recipient is spending just because you see their stealth address in a ring sig. Maybe it's not.
> Lightning doesn't technically encrypt amounts at all
Yes it does. It uses the Sphinx encryption standard specified in bolt4. You can see in the bolts what the encrypted payload includes:
```
payload format
...
tlv_stream: payload
types:
type: 2 (amt_to_forward)
data:
[tu64:amt_to_forward]
```
source: https://github.com/lightning/bolts/blob/master/04-onion-routing.md#packet-structure
You can also see the code for this in LND, starting at line 13 here:
Notice what that packet includes on lines 42---47:
```
// incomingAmount is the value in milli-satoshis that arrived on an
// incoming link.
incomingAmount lnwire.MilliSatoshi
// amount is the value of the HTLC that is being created or modified.
amount lnwire.MilliSatoshi
```
And notice that this information is encrypted per lines 52---54:
```
// obfuscator contains the necessary state to allow the switch to wrap
// any forwarded errors in an additional layer of encryption.
```
It speaks of an "additional" layer of encryption because "this" layer (the htlc packet itself) is also encrypted so that the only people who can read it are the sender, the recipient, and the routing nodes.
Also, thanks to multipath payments, the routing nodes do not know if the amount they see passing through their node is the full amount or just a shard of the full amount.
"only people who can read it are the sender, the recipient, and the routing nodes."
Routing nodes are third parties. Ideally only the sender and recipient should know.
With Monero no third parties know the actual amounts being transacted between sender and receiver - not even part of the amount
I take your point that routing nodes don't know for sure if that is the full amount because of multipath payments, but it's still a partial privacy leak
Right, there are tradeoffs:
- monero unnecessarily exposes the full amount received to the sender. This is none of the sender's business and is harmful to receiver privacy. Monero also exposes the fee in plaintext on the blockchain, which is bad because analysts use the fee data for wallet fingerprinting.
- lightning unnecessarily exposes part of the amount to each routing node on the path. This info is in encrypted packets and does not get published, and the routing nodes can't know if it is the full amount or a shard. The fee is also encrypted and no one but the sender knows the full fee paid, though each routing node knows the portion of the fee they received. The sender also doesn't know how much the recipient receives, which is good, he shouldn't know that.
So which has better amount privacy, LN or XMR? I'm not sure, but certainly neither is perfect. I think lightning protects receiver privacy better in regard to the amount, but monero protects it from third parties better, unless the sender colludes with them.
Sounds like fair enough breakdown
Loving the commentary on privacy!! Keep it up
wow.
good job, I'm proud of you.
I like to hear all things privacy related whether bitcoin Monero lightning anything that helps with privacy is good.
Hey man I love seeing your challenges on Twitter, like the recent one with Vlad. Keep it up!
Wait. I think that's wrong. You can get the node id from the lightning invoice and then from that you can see what utxo funds the channel right?
You CANNOT Derive the UTXO that Funded the Channel from the Invoice A Lightning invoice has no information about which channel the payment will go through nor which UTXO funded that channel. There's no public link between a Lightning invoice and the funding transaction. A node can have many channels funded from different UTXOs. Payments are routed through multiple nodes, the sender often doesnât even know which node will receive the sats either, for example when using bolt12, or when using a lightning router service
Okay, but lets say you know it's not bolt 12 or a router service, then you know the node id.
Can you get a list of channels from a node using the gossip network? I think yes. Especially because you can see it on an explorer. A random node example: https://1ml.com/node/039a3b0b2c86bb2b9fd5cf2c8ba52672b7fbd4b09de0031b9b7f5d76391f498f89
From that, you can see a bunch of channels and their outpoints. Those are the utxos.
Okay, so maybe you don't know WHICH one is the one you paid, but you know ALL of them partially belong to the recipient.
Bolt 12 is not so common yet, and I don't think many people think to use proxies.
Oh, I guess your best option is to have a private channel for sure.
why does it matter if I share a LN invoice, my LN URL, or 8ADfMgmgeC34F3nHocbdLmakyxFKy74AuGYdHJ6ZEFPvHoMDPAMg8rgJ6HYkRZtCEpLLCBYJZfwHEX9HAYaonQm1V38rRyG if when that goes in the ledger, that's not the address that the tx. is recorded with thanks to stealth addresses? is it convenience? you can send XMR to me using rottenwheel.xmr.
are you stupid?
Guys just donât buy Monero yet. When I have some, just in case it catches on, you can go buy it đ for now I am fine with hating on it
According to the first web page I checked, Monero users are recommended to generate a new subaddress for every transaction, so that someone can't tell both addresses are from the same person even if money is sent to both and even though both subaddresses send to the same wallet. https://docs.getmonero.org/public-address/subaddress/
This is different than the standard address, which was the old way of recieving transactions.
None of this matters unless you have multiple identities associated with the same wallet. Even in the past it was always possible to just create a second wallet in that case.
But but but but but but but but monero is going to zero against bitcoin, its so edgy!