pLN is a new wallet project that aims to make it easy for users to follow the “happy path” of making bitcoin payments privately on Lightning.
Tony:
“There’s a fine line between educating and being doom and gloom. People need to be educated that it’s not perfect and there’s a lot of holes in Lightning privacy and Bitcoin privacy as well. It’s not a lost cause. I like to tow the line between breaking privacy and fixing privacy. Breaking privacy to educate people that it is kind of broken and you need to be careful. But then also trying to educate and make it better at the same time. The reason I do this is so we can get privacy to be better.”
Matt:
“To fix problems you need to be aware of problems first.”
It is still very early on in the project, but the use case is very clear, considering all the pitfalls in trying to spend bitcoin over Lightning in a privacy-preserving way.
The main goals for the minimum-viable product (MVP) launch of pLN are to enable users to:
And, importantly, at least in the initial version:
To understand why receiving payments will be disabled at the outset, it’s important to understand some of the major pitfalls in Lightning as it exists currently:
The root node takes care of the heavy lifting: listening to gossip messages, building the network graph, computing routes and so on. The individual channel nodes only track their own channel state and nothing else.
The Bitcoin backend can be either a connection to bitcoind or a personal Electrum server. For mobile, Electrum would likely be the best choice as it is designed for secure remote connections.
Given that direct payments to channel partners betray information about your node and make it clear that payments came from you, you should be cautious about making them, doing so sparingly at best.
The concept of plausible deniability comes into play with a greater number of hops between you and the final recipient. The more hops you make along the way, the greater your anonymity set.
The app would eventually allow you to override the built-in protections and make a payment to a peer, but only after loud-and-clear warnings about what this entails and what information you may be leaking, if you choose to proceed.
For example, you could choose to make a direct payment to your friend who’s also running pLN if you wish. (Imagine you don’t care or it doesn’t matter if they know what channels you have open, since you’re paying them in person and you trust them.)
But the app would encourage you to try to make a payment with multiple hops if at all possible. (Defaults would be likely to opt for more than a couple hops at least, I assume.)
It would also warn you if you try to open a channel with a major public hub (like in ACINQ’s or Breez’s nodes). Ideally, you should open channels with unknown/smaller nodes whenever possible.
Large payments can be made to appear to be partially-completed atomic multipath payments (AMP) payments (AMPs that are halfway done), with liquidity flowing out from a number of your individual channel nodes, as needed. The sats all converge on the final destination in the end. Pretty cool!
I think this is an exciting new wallet and project that should help both with educating users about privacy and allowing them to use Lightning in a straightforward manner.
This is a guest post by Adam Anderson. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
