-
@ Super Testnet
2025-05-01 09:35:12
> I trying to understand lightning privacy more.
Great! I hope I can help.
> When I provide someone with a lightning invoice do I not reveal to them my lightning node?
No. Lightning invoices only contain a pubkey, they do not tell them which node is yours, for which they also need an ip address, and lightning invoices do not expose ip addresses. If, however, you run a routing node on clearnet, then they can look up your ip address, because routing nodes gossip that information along with their pubkey and their channels.
Also worth pointing out: if you opt to use blinded paths in your lightning invoice, the pubkey in that invoice does not belong to you. And the use of blinded paths is undetectable, so there's no way to know if a particular invoice is using it, meaning there is no way to know if the pubkey in any lightning invoice belongs to the real recipient -- it may just belong to one of the routing nodes and there is no way to find out.
> if I have even been sent sats from a KYC exchange or have otherwise linked my lightning node to myself for example through displaying a LNURL am I not doxed?
No, for the reasons pointed out above: there is no way for the service you used to know if the pubkey in your lightning invoice belongs to you, and even if they did know that, it is not linked to your node, because to link it to your node they also need to know your node's ip address, which is not shared when creating an invoice or when making a payment. Though if you are running a routing node on clearnet, then they do know it.
> Not just the current transaction but all future invoices can be linked to me?
No, because they don't know if the pubkey in your lightning invoices belongs to you, and moreover, you can use blinded paths to make it a different pubkey every time. If your wallet does not support blinded paths, you can use lnproxy.org to do it manually.
> From a node ID I can see all channels as well as a list of any closed channels and see all of the on chain BTC associated with that and follow their flows on the base chain
No. Only routing nodes gossip their channels. If you're running a regular node, your channels are not gossipped, and your node is also not gossipped, so someone with that invoice cannot map your node to your channels. They cannot find your node, and although there are techniques to find ungossiped channels, I am not aware of any techniques for finding ungossipped nodes or mapping ungossipped channels to them.
> Is my understanding correct and if so that makes lightning seem problematic to me for privacy.
I hope this clarification has helped.
> Is the point I am missing that the node ID in the invoice could be set up to just forward the payment to someone else? Is there a special way to create an invoice that does this?
Yes, many wallets do this by default:
- if you use Voltage LSP, it does this by default
- if you use Zeus wallet, you can enable it in two ways: either toggle the Zaplocker option, or toggle the Blinded Paths option
- if you use Coinos, you can enable it via the bolt12 option
- if you use Phoenix, you can enable it via the bolt12 option
- if you use any other wallet and it doesn't support bolt12 or Blinded Paths, you can use lnproxy.org to do it