The Lightning Network at its core is a very complex protocol. But like bitcoin itself, you don’t have to know everything about Lightning to use it and benefit from it. With that said, there are privacy implications when using Lightning that you as a general user may not be aware of.
This article will go through some common privacy situations and mistakes. We will not cover every possible scenario, but this should serve as a good starting point to understanding the privacy implications of using Lightning. Nothing mentioned in this blog should be considered necessary for users to accomplish.
The goal is to educate on what common actions may inadvertently disclose information that you may otherwise not want to be known.
General Lightning Apps
First, let’s talk about simply spending from a mobile wallet. Apps such as Muun, Phoenix, Blue Wallet, Wallet of Satoshi, and Breez serve this function well.
Besides the assumptions that your OS provider Google/Apple knows what you download, and your service provider knows your IP address, you now have to know that the app devs themselves may be keeping track of your activity.
This is especially possible if the apps are closed source. Closed source means that the code is not available to be audited and verified that it is in fact the code that is running on your device.
As for spending using these apps, very little privacy is lost short of what is mentioned in the previous paragraph. When paying a Lightning invoice (also known as BOLT 11), the receiver does not see the origin of the payment. And if they did, they would not be able to tie the lightning payment to you directly.
If receiving a payment through these apps, you will also maintain privacy as the invoice you generate will have no information that will tell the sender who you are or where you are.
Networking on Your own Node
Should you choose to run your own node software, manage your own channels, and route payments as a participant of the overall network, you should be aware of various privacy implications. The first and foremost is your IP address.
If you are operating your Lightning Node at home, your IP address will be immediately tied to your connection string, known as a URI. This consists of your node public key, a socket, and a port. The socket would be your IP address. This URI will be known to the whole network, and your IP address will be forever tied to that pubkey. That IP address can now be used to find you if capable parties or your ISP wanted to.
The most common solution to this issue is to avoid using an IP at all, and instead use the TOR network to be your node’s access point to the wider network. This is the default for most node-in-a-box solutions such as Umbrel. While TOR is not as reliable as clearnet, it protects your location.
As a note, keep in mind that your ISP will know that you are using tor in some capacity. They will not know exactly what you are doing on tor, but they will be aware of tor traffic you are producing, and how much of it you are producing.
Another option is to use a VPN proxy such as wireguard hosted on a VPS that your node can connect to as a relay of sorts. Your IP address will now be the VPS IP address instead of your home IP address which will preserve the anonymity of your physical location to other lightning network users and databases.
Every Lightning channel that is opened and closed has an on-chain footprint. As you may know, the base bitcoin network is an openly public system. It is possible for people to know that you are opening and closing channels strictly from your on-chain activity.
For example, if you buy 5,000,000 sats on a kyc (Know-Your-Customer) exchange (coinbase, cashapp, river, etc.), withdraw to your Lightning Node on-chain address, and then open a channel, the kyc exchange can be quite sure you opened a Lightning Channel.
This is because the on-chain data will show a 2 of 2 multisig transaction, which looks much different than a normal single sig transaction on-chain. If you open a channel with a unique amount of sats, such as 4,325,212, it is now possible for that kyc exchange to find your node’s alias and pubkey and more information. They can do this by searching new channels in the network with that balance in a certain timeframe, and then tie that node alias/pubkey directly to your name.
Some ways to solve this problem are to use coinjoin before you open channels using sats from a kyc exchange. A coinjoin collaborative transaction will not erase any history of the bitcoin, but it is able to prevent the kyc exchange to know where the funds go after the coinjoin is performed if done properly. It is easy to mess up a coinjoin collaborative transaction so please engage the community and learn about best practices before attempting it.
If a channel is closed, the on-chain funds could be tracked to your node and thus your identity tied to your node if you send the on-chain funds from a closed channel directly to a kyc exchange. Again, best practice is to coinjoin collaborative transactions before and after interacting with any kyc exchange or entity.
Receiving Payments Using Your Node
When you pay an invoice from your own node, the receiver will not be able to know the origin, similar to the case of the mobile apps. However, if you decide to receive funds, the invoice you generate can easily be decoded to show what the final destination node is.
If you are seeking payment from someone that knows your name, and give them an invoice from your node, they will know your node’s pubkey.
With this they can access public lightning databases such as Amboss, and see all of your channels and their total capacities. It is important to note that they will NOT be able to see the amount of funds that you specifically control.
They will only be able to see the total of your node and your peer’s node. If you do not want to expose your node’s public key to those who may attach your name to it, it is suggested that you run possibly a smaller node to receive payments.
To put simply, do not send an invoice to a payer unless you want them to know what your node alias is. Other ways to hide your node alias is LNURL or BOLT 12. You could also use a mobile app to receive payments, and then after you receive, send the payment to your actual node yourself to prevent the sender from knowing your node’s information.
A typical bad-idea scenario:
You advertise your node on twitter in hopes that people will open a channel to you. You have now tied your Twitter handle to your node.
You then start a BTCPayServer and try to sell something that you don’t want the world to know about.
Someone goes to your store, generates and decodes an invoice to see the node’s pubkey and then google searches the pubkey.
They then find your Twitter account, and now know who it is running the BTCPayServer shop even though you never directly advertised the BTCPayServer shop anywhere.
The Lightning Network is still fairly new but as you continue to learn more about it, keep these basic privacy principles in mind and think through all that you do and what possible implications they may have. As always if you have any questions or feedback please join our discord and let us know at https://voltage.cloud/discord.