Notes on Privacy

From PlebNet Wiki
Revision as of 17:34, 3 February 2022 by Itsneski (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Important Notes on Privacy

Before you jump headfirst into running a lightning node, you must ask yourself

  • What is your objective to operate a node? (making payments to friends and family, receiving payments, merchant node, routing node, any other?)
  • How much of your privacy you are willing to give up in order to pursue your objective? Remember it is your own choice.

The notes cannot be comprehensive and you must be willing to do your own research. Do not trust. Verify. Internet is full of dangerous people and not all advice you receive is comprehensive however "expert" the person providing it appears. Listen to all, decide for your own.

Learn not to rely on outside 3rd party apps

We tend to rely on 3rd party apps in our day-to-day lives, whether it's Twitter, Facebook, and other apps. In Lightning, your ultimate goal is to become an independent economic actor where your decisions are made entirely based on the data collected by your node, nothing else. Your lighting node contains information about all of your node's transactions, whether it's payments, forwards, or payment probes. By using this data you can figure out what nodes to connect to, what nodes are expensive/cheap, what nodes frequently show up in your payment routes, etc. In other words, your node's data is sufficient for you to function as an independent economic actor on the lightning network.

There are two types of apps that node operators tend to use: apps that are installed directly on their node and that rely on node's data, nothing else; and apps that reside outside of their node. Examples of the former are Ride The Lightning and Thunderhub. Examples of the latter are amboss.space, 1ml.space, lnrouter.app, and other apps.

Apps like Ride The Lightning and Thunderhub present much less of a privacy risk than the outside apps, since they act based on your node's data. When you access those apps, either via ethernet or tor, you access them directly on your node without intermediaries. The story is very different with outside 3rd apps. When you access say amboss.space from clearnet, assume that your IP address will be tracked, recorded, and associated with your node public address. This may have the unintended consequences of having a record that associates your node with your actual identity. Same with apps like 1ml.space, lnrouter.app, and others.

In summary, learn to rely on your node's data for any decisions you need to make, not on outside 3rd party apps. If you do need to use outside 3rd party apps, take extra precaution to access those apps via VPN or a tor browser. At least then there is less of a chance for you to dox your identity to those apps.

SOME LIGHTNING PRIVACY NOTES/REFERENCES

Remember some of these might not use practical if your intention is to run a routing node. As always, do your own research.

Telgram:

If your Telegram account is tied to your phone and legal identity, then if you announce your node publicly on telegram you are tying your node to your phone and your legal identity, You can change your privacy settings in Telegram to mask your phone number and use nym. However, governments can still get this data. There are also risks to communicating about your particular node on all public channels as well regarding the metadata you leak. For example, a particular way of writing

Cheeserobot: Resolves IDs to TG handles. There are privacy risks when TG is attached to a real-world identity, online pseudonym, or IP. Cheeserobot is also a closed source service, so it’s not public information everything that Cheeserobot does.

Privacy Suggestions For senders 

1. One UTXO per node on a private channel. Ideally mixed and for the complete amount. Pick a well-connected node to route THROUGH them.  
2. Do not send directly to your desired channel partner. Pick a well-connected node to route THROUGH them.  
3. When done, deplete your channel completely and close it out.
4. Given enough time, this channel would be known to the network and probe-able, so do not keep these disposable nodes for long.
5. Send payments in small increments.

Privacy Suggestions For receivers 

1. Never open a channel with a UTXO you own. Get others to open a channel with their UTXO or source a UTXO to open a channel with. Some sources could be Bitrefill Thor, Lightning Lab’s Loop Out, LNBig, Yalls, etc.
2. If you want to send some funds on-chain, either use a service like Loop Out or close the channel and mix your funds first.
3. Use Tor only and do not use any sort of alias. Also use a VPN as Tor does not encrypt all data. 
4. Do not share invoices publicly.
5. Do not tell others you own a particular node.
6. Do not create invoices with memos that have revealing information.

Resources

Current State of Lightning: https://abytesjourney.com/lightning-privacy/

Retrieved from "http://plebnet.wiki/index.php?title=Notes_on_Privacy&oldid=2264"