Privacy is one of the core pillars of a free society that has been slowly being eroded over the years. Laws like the Bank Secrecy Act (BSA), the Patriot Act and the EU’s MiCA have effectively made financial privacy in particular, borderline illegal while granting legal cover for the state to monitor every transaction. Banks and other financial intermediaries like Paypal that we rely on, are legally obligated to collect and store our personal data in their centralized databases thus increasing the risk of that data being compromised. After all, trusted third parties are security holes. In the Cypherpunk Manifesto, Eric Hughes defined privacy as the power to selectively reveal oneself to the world, however in today’s world where online surveillance is the default, many have had this power severely compromised.

The launch of Bitcoin kickstarted the journey towards achieving full financial privacy. While Bitcoin doesn’t offer full privacy by default, it’s possible to remain anonymous by not pairing your real world identity to a Bitcoin address. The Lightning Network (LN), Bitcoin’s layer 2 scaling solution for off-chain cheap and fast transactions, is now synonymous with the future of Bitcoin. One of the most common misconceptions that a lot of Bitcoiners have is that the LN offers private off-chain transactions. This is not exactly the case and in this article I will highlight some of the privacy issues with the LN. The idea isn’t to spread FUD but to educate by openly discussing trade-offs and scenarios where the LN isn’t great for privacy. Furthermore the lens from which we will be looking at privacy, is that no third party should have the ability to trace the origin and destination of a payment.

At first glance the LN seems more private than conducting transactions on the base chain, by executing these transactions off-chain, the privacy vulnerabilities are better understood when the mechanism of how the LN takes payments off-chain is grasped.The LN consists of a set of connected computers that route bitcoin payments to one another. In order to route the transactions, these computers have to be able to locate each other over the internet, so when a new lightning node joins the network, it announces its address and its node ID via the gossip network. Even though this process leaks user information, it’s necessary for building payment routes. It’s the information that potential adversaries can exploit to know the approximate location and internet service provider for a given IP address.

For simplicity’s sake we will classify the potential adversaries into two groups; namely global network eavesdroppers (GNA) and intermediary adversary nodes (IAN). Global network eavesdroppers have the ability to see as well as analyze traffic on the internet and these include internet service providers, intelligence agencies, chain analysis companies, and internet exchanges to name a few. Intermediary adversary nodes are compromised parts of the payments routing path. Although they aren’t able to identify the original sender of the payment or its final destination, they are still able to see the predecessor node, successor node, payment amount and time sent. These two attack vectors make it possible to reduce the anonymity set (i.e this is a set of identities that, from an adversary’s perspective, an action could correspond to) of a user. In other words unmasking the identity of the original sender as well as the receiver of a payment becomes very much possible.

The LN uses the Bitcoin blockchain to anchor its payment channels thus creating an on-chain footprint for every channel that’s opened or closed. By analyzing your on-chain activity it’s relatively easy for a GNA to deduce that you are either opening/closing a channel. The biggest area of concern with this is when the Bitcoin used for funding the payment channel has been purchased from a KYC exchange, as this makes it possible to deanonymize the identity of the user by linking it to a real world identity on the KYC exchange. Armed with your lightning node address the exchange or any other GNA can easily deduce:

• The amount of Bitcoin you have locked in payment channels
• Your IP address and approximate location
• The node ID of all your channel partners

To guard against this leak, it’s always a good idea to coinjoin before using Bitcoin bought from a KYC exchange, as it will conceal from the KYC exchange the destination of the funds after the coinjoin has been done. The same applies when closing channels if the funds are being sent to a KYC exchange.

Levels of privacy on the LN differ depending on whether one is sending or receiving a payment, with senders generally enjoying better levels of privacy than receivers. When payments are made on the network the receiver is unable to know the origin, because the identity of the sender is concealed by onion routing thus nodes along the path don’t know the origin of the payment. Receivers are more exposed as they have to give out information in order to get paid. The invoice is where most of this information is leaked out as it has the public key of the receiver embedded in it and therefore discovering the node associated with it, IP address, aliases, and unannounced channels becomes trivial. Anyone with access to the invoice can decode this information. As a rule of thumb, it’s usually never a good idea to publicly post invoices on social media or anywhere online; except if you are a merchant.

Linking payments to senders and receivers is possible in multiple ways. An IAN can control multiple nodes in the network and use “seen payment hashes” as an attempt to correlate payments to senders and receivers. Timing attacks are another method an adversary can use to deanonymize payments. This is done by measuring how much time a successful transaction took and analyzing it against the known topology of the network and average delays between hops. Accurate deductions can be made about the destination of a payment based on this information. Users of mobile wallets have greater vulnerabilities because of the way the nodes operate in the network. They’re usually offline, don’t have a stable IP address and they aren’t routing payments; not to mention the fact that they commonly also have one payment channel open with a lightning service provider (LSP). The LSP can easily identify senders and receivers that are directly connected to them, especially if an adversary becomes the LSP.

While this list isn’t exhaustive, it does give an overview of some of the common attacks and ways in which a user’s privacy can be compromised. The LN is still evolving and many privacy improvements are in the works, and privacy at the protocol level may eventually be rolled out. That being said, it’s prudent for users today to be aware of some of the pitfalls and mitigate against them as much as possible. Privacy is not a crime but it’s a human right, upon which our very civilization is built on.