It's worse on monero than on LN. On monero, if I send coins to pubkey X, I know that pubkey has unilateral control over them for about 20 minutes (10 monero blocks) before they can possibly forward them to some other destination. If they do forward them to someone else, I can credibly accuse them of knowingly doing so and I can provide cryptographic proof that they had the coins at some point.
Not so with LN. Thanks to atomic swaps, if I send coins to invoice X, I don't know if the pubkey therein ever has control of those coins. If he is a routing node, the amount of time he has control of those coins is 0. I cannot credibly accuse him of knowingly forwarding those coins to someone else, because he too does not know the destination, and moreover, once the swap was entered into there was no way he could possibly stop it. Once you create an htlc, you no longer control whether it gets settled.
So it's very different. On LN, intermediaries have plausible deniability. On monero, mixers have no plausible deniability.
not the point at all
on LN the sender sees the node pubkey
just like a stealth address on XMR
IOW
according to YOUR moronic inaccurate definition it is "traced to the recipient"
> on LN the sender sees the node pubkey
...which might be a decoy
> just like a stealth address on XMR
...except that does not support decoys due to the lack of transaction chaining on monero. If Jimmy sends money to a monero "public address" he can cryptographically prove that the pubkey therein controls the money. (Btw, that is the first step of every trace, unless the tracer can find someone who already sent money to whoever they're looking for, which has the same result.)
Not so with LN: if Jummy sends money to a lightning invoice he does not know if the pubkey therein ever controls the money even for a second. It might be a trampoline node serving as a decoy recipient, because every lightning has built in support for this. It's part of the protocol design to allow this: thanks to how HTLC forwarding works, the recipient can always put a decoy recipient in the bolt11 invoice without the sender being able to detect it, and if the recipient does that, the decoy recipient looks like the recipient but never controls the money.
and the monero user might churn their output at some point.
the ONLY difference is your point about cryptographic verifiablity.
which is a legit advantage to transacting on a L2.
> the monero user might churn their output at some point
And the tracer might be able to detect that
In the attached chainalsysis video, between 34:51 and 36:44, they observe that the user sent some of his xmr and they identify the "main" recipient as either a self custodial wallet (Exodus) or a mining pool. After logging that, they follow the change output and watch to see where *that* goes next. Churning (i.e. sending to yourself) clearly helps but since there's a public record of the tx and what happens next, it is not foolproof. LN is better on this front: there's no public record of the transactions and not even the sender knows where his money goes.
https://v.nostr.build/D4Nzp22vRF35IRnz.mp4
Thread collapsed
Thread collapsed
Thread collapsed
Thread collapsed
>Not so with LN. Thanks to atomic swaps...
you say "Not so with LN", then proceeds to mention how it's an added workaround
that means if it's not default with LN, then xmr wins by default since every output is always a proxy output, not so with LN. Knowing if they have control or not over coins is useless because I want to know where they end up. If I know the coins I sent to you end up at "node X", I concluded my goal. And it's the same as you knowing the xmr you sent went to "output 123abc"
seems to me his point is just "the blockchain is forever"
ie there is cryptographic proof that address controlled those funds forever.
which is a legit concern.
he's just misrepresenting it.
Thread collapsed
> then proceeds to mention how it's and added workaround
The nice thing about this "added workaround" is, it's undetectable. Consequently, the sender cannot know if you're doing it. They don't know if the node that looks like the destination is the real destination or a decoy. Monero does not have this feature because it is sender-traceable by design.
> every output is always a proxy output
Zero monero outputs are ever proxy outputs if by that you mean "they hide the real recipient from the sender." They cannot be because the sender creates them in monero. He necessarily knows exactly where the money goes because he picked the destination and did not create a decoy.
> if I know the coins I sent to you end up at "node x"
This is the fundamental difference: with lightning, you never know that. The destination might be a decoy and you as the sender have no way of detecting that.
Thread collapsed
Thread collapsed
