Replying to Avatar Hanshan

if your threat model is a global passive adversary they clearly know where payments begin and end.

his (unexpressed) point is "the second and second-to-last nodes on a route can't be sure they are second and 2nd to last"

but it totally depends on the level of collusion between large nodes. a global passive adversary isn't required, if enough large nodes (particularly in a hub-and-spoke design) collude they can have *reasonable certainty* where payments originate and end up.

Add mapping via channel probing and consider.

not saying it happening now,

but I AM saying,if it was happening you wouldn't know.

which is why we have L1 systems designed to function in the open.

That is the advantage of using a blockchain and not an L2.

everything is tradeoffs.
Avatar
Super Testnet 7mo ago 💬 1

> if your threat model is a global passive adversary they clearly know where payments begin and end

they don't know which of your messages are real and which are decoys

they also don't know the contents of your messages

> they can have *reasonable certainty* where payments originate and end up

they can "say" they have reasonable certainty about that, but in many jurisdictions they would have to prove it in court, and that's often a pretty tough standard

how do you know the person who *looks* like the sender (or the recipient) isn't just another routing node? Even mobile phones can route payments and are incentivized to do so, so you just don't know

Reply to this note

Please Login to reply.

Discussion

Avatar
Hanshan 7mo ago 💬 1

yeah fair enough.

so what?

I'm concerned about users being able to make accurate threat assessment.

not being able to establish plausible deniability in court if their threat assessment is wrong.

"they could collude but you can just argue the payment came from somewhere else" isn't compelling.

Avatar
Super Testnet 7mo ago

If every routing node colludes the best they can do is point to a node and say "that one was the next hop back and did not collude with us"

It might be your node, it might not be -- either way, they have no proof of wrongdoing

Avatar
Hanshan 7mo ago

and thats usually good enough for normies.

but plausible deniability in the event they miscalculate or dont have all the information is not enough for most people with strong threat models.