Basis of privacy on the Lightning Network
What are the basic aspects of privacy when dealing with Lightning transactions?
The are many aspects of privacy on the Lightning Network and they are more complex compared to transactions happening on the base layer (on-chain transactions).
The first important aspect to understand is the use of onion routing. This mechanism is designed to provide different levels of information to the participants in a payment route. In fact each payment is routed from the source to the destination through the channels network and onion is used to perform such an action.
Onion Routing at work
Here's how:
For the sender (origin node) and the recipient (final node):
Typically, only the sender and the recipient are fully aware of the source, destination, and amount transacted in a particular payment.
The sender knows the entire path of payment channels chosen to route the payment.
In a standard invoice-based payment, the recipient provides the invoice, containing the payment hash and their node ID, to the sender. So a certain amount of information are revealed to the sender node.
For intermediary nodes (routing nodes):
Due to onion routing, intermediary nodes are only explicitly aware of the one node immediately preceding them and the one node immediately following them in the route.
They do not know who initiated the payment or to whom the payment is ultimately destined.
Intermediary nodes see the payment amount for the specific HTLC traversing their channel, as well as Timelock deltas. This is necessary for them to create the outgoing HTLC to the next hop (on the chosen path).
Features like fixed-length onion packets and padding are used to prevent intermediaries from determining their position in the path or the total length of the path, further enhancing privacy from these nodes.
The end parties (sender and receiver) possess full knowledge of the transaction details (in a different way) and path (for the sender), while the intermediate routing nodes are intentionally blinded to the origin and final destination, seeing only the immediate previous and next hop, along with the amount and timelock for their specific segment of the route. This architecture allows payments to traverse the network while minimizing the information available to third parties involved only in forwarding.
What if a LSP is involved?
If you use a Lightning Service Provider (LSP) – which can be described as third-party or central hub nodes that wallets connect to or rely on for services – they can gather certain information about your node and its activity.
Here is the type of information a third party, such as a central hub node that a wallet connects to, might gather:
When you connect your node or wallet to the LSP's node, the LSP learns your node's public key and your network address (e.g., IP or Tor address). This permanently links your node identity to your network location for the LSP.
If your wallet relies on the LSP's node for routing payments, the LSP (acting as an intermediary or hub) can know the sender of a payment.
The LSP can potentially know the recipient of a payment, especially if they are involved in constructing the payment route on your behalf.
They will observe the payment amount for payments routed through their node.
If the LSP is providing channel management or is the node you opened a channel with (as discussed in relation to wallet types using third-party nodes), they would have knowledge of the details and state of that payment channel, although the channel balance distribution between you and them is only fully known to the two channel partners.
Relying on a "hub" node for functionality simplifies the user experience but reduces user privacy. Outsourcing wallet components or functionality to a third party means you give up some privacy as that third party will learn some information about you.
So, finally, by connecting your node via an LSP (a third-party hub), you are diminishing the privacy benefits typically offered by Lightning's onion routing for those specific transactions.
As you can see there are no definitive recipes for getting the best privacy. There are always trade offs and everything must be evaluated for your specific case.