Oh so maybe we’re misunderstanding each other. We thought you were talking about spark <> LN payments and LN <> Spark payments. Not Spark to Spark payments.
"So does Phoenix LSP. If they go down users can’t make payments." Sure, if you are using Phoenix Wallet, and their infrastructure goes down, you can't make payments. Same for lots of other providers, I agree here.
"They also know where you send to and when you receive." This is horrible misinformation, where did you get this idea? Please check this simple explainer on privacy in Lightning (generously authored by myself): https://docs.megalithic.me/the-lightning-network/how-private#lightning-is-very-private
Phoenix does NOT know who you are sending to. At best, they have a node id (public key) of the final hop --but that really provides NO provable data about where the payment goes to -- Phoenix has NO IDEA where you are sending to.
Not only that - when you RECEIVE a payment, Phoenix has NO IDEA where that payment has come from.
The amount of misinformation floating around about this is just horrible.. to some extent I blame Roy @ nostr:npub1jugar2agq6369p0l86razavs9shj2p6pscxecevs8j94ap37hkqsjlfc28 -- who previously was a proponent of Lightning and now goes around making totally dangerous claims about how proprietary APIs like Breez or LightSpark could somehow be used instead of the Lightning network.
Regarding "Any LSP that does the route finding for a user knows the destination of the payment." -- This isn't how it works. Lightning is "source-routed". The PAYING node constructs the route, not the LSP.
And even if you use a proprietary service like Phoenix, again, that service only know the public key of the last hop.
Compare this to the dire situation of one Blitz user sending a payment to another Blitz user, using LightSpark's token and API..... LightSpark sees the entire transaction, the transaction never touches Bitcoin, LightSpark sees BOTH the ENTRY and the EXIT IP address, entirely within their own token ecosystem.
Fucking terrifying.
At any time, David Marcus could export a spreadsheet of Blitz users, their IP addresses, the IP addresses of other Blitz users they made payments to... it's like Chainanalysis but 1000x easier for spying!
Discussion
Yes spark to spark payments are very bad.
Also, one more thing: For the sake of argument, let's say Phoenix had surveillance power over its users, like LightSpark does.
Phoenix is still VASTLY superior to any service that uses Spark as a back end.
Phoenix runs one (1) out of 16,000 INTERCOMPATIBLE Lightning Nodes on the network, and one (1) out of hundreds of INTERCOMPATIBLE wallet services on the network.
the Lightning Network is DECENTRALIZED.
Anyone can spin up a Lightning Node. Anyone (with some tech skills) can build a wallet service.
If you are building technology to interact with Bitcoin, the only ethical way to do it is to use PUBLIC standards which are INTERCOMPATIBLE with other users, so you can help build a DECENTRALIZED system.
If you're not doing that, just use the Stripe API or something.
For anyone reading, we hope this has been an informative discussion.
In short, Spark payments have a few important privacy nuances. Transactions that stay entirely within Spark, Spark-to-Spark, aren’t private and reveal a link between users. When two Spark users pay each other over Lightning, the connection on a Spark explorer is obscured, but timing analysis can still expose the receiver. If you send from your Spark wallet to an external Lightning wallet, Spark only has the same level of visibility as any other LSP. When receiving from an external Lightning wallet into Spark, Spark similarly knows only what an LSP would about the sender. However, the receiver isn’t completely private either, timing attacks can reveal the receiving address and wallet balance, making it less private than a standard Lightning receive.
Let me translate, if I may:
"Spark payments have a few important privacy nuances."
Only use Blitz, or other Spark wallets, if you want your IP address to appear in David Marcus' personal database, along with your transaction history. Oh, and David loves to kill Palestinians. Does that bother you at all?
"timing analysis can still expose the receiver "
Noting "timing analysis" as a danger when you are using a fully centralized API run by LightSpark is like saying that a machine gun is dangerous because you might drop it on your foot. It's totally irresponsible to divert people with this.
"If you send from your Spark wallet to an external Lightning wallet, Spark only has the same level of visibility as any other LSP."
Fully incorrect. LSPs do NOT know the originator of a payment. Yes, they can see the entry node and exit node, but they do NOT know if the entry node is the actual "originator" or if the exit node is the actual "destination". Please educate yourself on how the Lightning Network works. The Lightning Network is DESIGNED for decentralization and privacy. Spark is not.