(1) Monero doesn't have transaction chaining, so if you want to "reroute a payment" you can't do it atomically. The best you can do is wait 10 blocks and then send some or all of the money to other people, and if the sender is relying on you to do that, he'd better pray you dont exit scam. Lightning is way out in front on this because it natively supports atomic transaction chaining and amount forwarding. It just works.

(2) If someone does the "wait 10 blocks" workaround mentioned above, the sender cannot see where the rerouted portion has gone unless he does some blockchain analytics, and even then, the most up-to-date techniques do not always successfully track monero payments. But they sometimes do.

What has better amount privacy, monero or lightning? My answer is nuanced and may surprise you!

Right, there are tradeoffs:

- monero unnecessarily exposes the full amount received to the sender. This is none of the sender's business and is harmful to receiver privacy. Monero also exposes the fee in plaintext on the blockchain, which is bad because analysts use the fee data for wallet fingerprinting.

- lightning unnecessarily exposes part of the amount to each routing node on the path. This info is in encrypted packets and does not get published, and the routing nodes can't know if it is the full amount or a shard. The fee is also encrypted and no one but the sender knows the full fee paid, though each routing node knows the portion of the fee they received. The sender also doesn't know how much the recipient receives, which is good, he shouldn't know that.

So which has better amount privacy, LN or XMR? I'm not sure, but certainly neither is perfect. I think lightning protects receiver privacy better in regard to the amount, but monero protects it from third parties better, unless the sender colludes with them.

I point out that the sender knows the recipient's address in monero

Grinder thinks "what a ridiculous observation, of course he does"

What grinder doesn't realize is: (1) that's bad for receiver privacy, especially when the sender is your adversary or colludes with your adversary (2) it has led to multiple arrests in monero when the sender colluded with the police (3) it's completely preventable (4) it's fixed in lightning

Just because you're a nostrich you don't have to stick your head in the sand

The problem with your argument is, the sender knows which email address received the money, and that is bad for receiver privacy. Tor fixes this: if the receiver runs a tor hidden service, the sender does not know which node receives his message. Lightning does for money what tor does for messaging. It lets you run a "monetary hidden service" -- a lightning node hidden behind proxies -- and if you do that, no one can know where your money ends up, not even the sender. Unlike monero, which tells the sender that info for free, which has led to multiple arrests when the sender colludes with one of your adversaries.

> Or you're just saying that each sender can see the address they are sending to?

I'm just saying each sender can see the address they are sending to and that is bad for receiver privacy.

> Wait, isn't Bitcoin and literally everything else the same?

No, the lightning network is different. Invoices do not reveal what node or channel received the money. This is much better for receiver privacy.

> what's the issue with people who send you money knowing your wallet address?

Knowing the recipient's address gives the sender something to watch on the blockchain to see what happens next. Does the address show up in a subsequent transaction? Does it sit there unmoved for 5 years? All of that is useful info, sometimes incriminating info, and monero gives the sender that info for free. Lightning protects that info -- it protects receiver privacy way better than monero.

I don't think it is dumb. Why should the sender know what amount the recipient received? Why is that any of his business? What if the sender wants to keep half of it and forward the rest to someone else, prism-style?

Should the sender know that he sent $20 for the latest album but the merchant only got $10 of it, and the rest went to the artist and the producer, etc? I don't think so; it's none of the sender's business, the only thing he should know is that he sent $10 and the recipient gave him his product. He should not know how much the recipient received.

On lightning, thanks to multipath payments, the sender does not know how much the recipient received. On monero, he does. Monero is bad for recipient privacy in this respect and lightning does better.

Monero bros: Monero protects your receiver privacy!

Monero: tells the sender the recipient's pubkey and amount received, lets the sender see/analyze all future txs involving that pubkey, & gives the sender a cryptographic link between the pubkey & the recipient's actual address

https://x.com/SuperTestnet/status/1930757971731992736

> Lightning doesn't technically encrypt amounts at all

Yes it does. It uses the Sphinx encryption standard specified in bolt4. You can see in the bolts what the encrypted payload includes:

```

payload format

...

tlv_stream: payload

types:

type: 2 (amt_to_forward)

data:

[tu64:amt_to_forward]

```

source: https://github.com/lightning/bolts/blob/master/04-onion-routing.md#packet-structure

You can also see the code for this in LND, starting at line 13 here:

https://github.com/lightningnetwork/lnd/blob/fc906f2a65518606f9a3100e5005b3241d73f35d/htlcswitch/packet.go#L13

Notice what that packet includes on lines 42---47:

```

// incomingAmount is the value in milli-satoshis that arrived on an

// incoming link.

incomingAmount lnwire.MilliSatoshi

// amount is the value of the HTLC that is being created or modified.

amount lnwire.MilliSatoshi

```

And notice that this information is encrypted per lines 52---54:

```

// obfuscator contains the necessary state to allow the switch to wrap

// any forwarded errors in an additional layer of encryption.

```

It speaks of an "additional" layer of encryption because "this" layer (the htlc packet itself) is also encrypted so that the only people who can read it are the sender, the recipient, and the routing nodes.

Also, thanks to multipath payments, the routing nodes do not know if the amount they see passing through their node is the full amount or just a shard of the full amount.

I haven't looked into Aqua Wallet's privacy features, if any

In my experience, privacy on a mobile device is very hard

Your keyboard is probably logging every thumbstroke

Your apps are probably reporting every swipe

Even if the Aqua app is designed with perfect privacy in mind, you get compromised anyway because your OS *is* surveilling you and the app can't stop that

For decent privacy I recommend not using a mobile device

"if" you are careful

you'll get rekt if just pick up Wallet of Satoshi or a similar custodial LN wallet and expect good privacy out of it

for serious privacy, remember to use rendezvous routing (available via bolt12, Zeus wallet, or lnproxy) and guard your ip address via tor or a vpn

context: https://x.com/SuperTestnet/status/1930427180791566548

> Why is this a problem if they lose it when it moves?

Because on monero, the sender knows which of your pubkeys he sent money to and can watch the blockchain to see *whether* it moves

For example, if the pubkey he sent money to never appears in a future ring sig, the sender knows the recipient still has that money -- he knows it hasn't moved

That's bad for receiver privacy. What if you don't want him to know? Why *should* he know? What if, at some point in the future, you claim you sold all your monero, but an exchange proves that they sent money to your pubkey, and the monero blockchain proves it hasn't moved since then? That's a serious privacy defect.

And that's not the only defect. You say "they will lose it when it moves" but some blockchain analysts have managed to track what happens to monero after it's sent by eliminating some or all of the decoys used in monero's ring signature scheme. Chainalysis even offers a paid service where they brag about their ability to do this, and law enforcers have used this service to arrest monero users. So your claim "they will lose it when it moves" might *sometimes* be true but monero provides no guarantees here.

That's why *omitted* information is better for your privacy than *obscured* information. Monero *obscures* details about the transaction. Lightning *omits* those details altogether by (1) not posting anything to a blockchain (2) actually encrypting all parts of the transaction (3) using HTLCs and (sometimes) rendezvous routing to ensure that the sender can't even be sure he knows the recipient's public key

> since the sender has my public node ID, can’t he just paste that into 1ml.com and get my IP?

Not unless you're a routing node. Nodes only announce their ip address if they want their channels to be available for routing. If you don't have any publicly announced channels, your node won't appear on 1ml.com or any other lightning explorer, so no one can get your IP address from there.

Regarding lnurl, lnurl servers do have to get an invoice from your node, and so *that server* probably knows your ip address (though see the next paragraph). But that ip address doesn't show up in your invoice or in gossip unless you run a routing node i.e. you have at least one publicly announced channel. So if you're not doing that, the sender won't get your ip address; only the lnurl server will (probably -- see next paragraph).

Hmm...I said a moment ago that the lnurl server "probably knows your ip address." But I suppose it's possible to communicate with an lnurl server using methods that protect your ip address, e.g. tor or nostr. Which means now I have a new project idea! An lnurl server that talks to your node via nostr and thus *doesn't* learn your node's ip address. Thanks for prompting the idea!

the sender only learns the recipient's IP address if the recipient's node is a routing node. And even then, he only learns it if the recipient (1) isn't using bolt12 AND (2) isn't using blinded paths AND (3) isn't using lnproxy AND (4) isn't using tor

Using any of those mitigations fixes this. You can also just create a separate node for routing, if you want to run a routing node.

Monero users don't like to hear this, but ideally, the sender of a transaction shouldn't know what address belongs to the recipient. But monero can't work unless the sender first gets your XMR address. On lightning, the sender almost never learns your BTC address. It's way better.

Unfortunately I use my phone in kind of a self destructive way

Part of that is spending far too much time on it

If I had service on my phone, then I fear I would start spending 95% of my time on it instead of the current 75%

yep, I'm hoping someone at the meetup on Friday will have that feature on their phone so I can pay with bitcoin

Unfortunately I use my phone in kind of a flself destructive way

If I had service then I fear instead of spending 75% of my time on my phone it would grow to 95%

Did a bit of research today to prep for Friday's meetup

Good news: the local Steak n Shake proudly accepts bitcoin and looks forward to our event!

Bad news: they don't have wifi so if you don't have service (my phone doesn't) you have to pay with fiat

nostr:nevent1qqsxf0vcxy0ay4z7e040u5ccaj8fqvt44h2c35rkvn8yyxly8m00w0cpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgszrqlfgavys8g0zf8mmy79dn92ghn723wwawx49py0nqjn7jtmjagrqsqqqqqpj4fj4x

I was born and raised in Ohio

Wanna come to the meetup?

I made this flyer yesterday and distributed it all over Des Moines today. 5 people already RSVP'd for the meetup. Plus, the local visitor center said they will announce it on their social media pages. Anyone can start a bitcoin meetup! Don't be scared, do it!

Idk. Any thoughts nostr:nprofile1qqs9myundyk6v3jmnc4zjs3rvfazjlnx3kc55cn6zktsyaj4h9320usppemhxue69uhkummn9ekx7mp0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9uq3qamnwvaz7tmwdaehgu3wd4hk6tc5kzw8n?

Hmm, if you're a fan of SlipKnot, remember to slip Knots onto your computer! It helps with self sovereignty and keeps bitcoin pure!