Author: armdxxi 2022-02-01 16:22:05
Published on: 2022-02-01T16:22:05+00:00
In a recent Lightning-dev forum post, user armdxxi raised concerns about KYC Node Verification and Payment Reason Aggregation in the Lightning Network. Bottlepay was cited as an example of a company that forces users to verify their node by creating a specialized invoice with personally identifiable information (PII) in the description field. This information is then stored and shared with third parties, regulators, and governments. The post argues that this practice could have lasting effects on the reputation-based system of the Lightning Network if it were to become more widespread.The concern over payment reason aggregation is that it can reveal personal information that could be collected by third-party analytic aggregators. This could lead to censorship problems and shared transactions with malicious parties. To address this issue, the suggestion is made to clearly communicate to users that the information put in invoices can be verified by third parties and ideally remove descriptions completely.There are also concerns about exploitation in Bolt11 invoices and the need for increased security measures. One suggestion is to add a salt to descriptions to prevent guessing of common payment reasons. While description hash is better than description, there are UX considerations that may not solve the problem. The recommendation is to save the description to the wallet database instead of putting it in the invoice, providing both users with the ability to conceal the real reason even if their wallet is a custodian.Finally, the lack of description support can help hinder mass surveillance in the Lightning space. For those interested in learning more about Bitcoin and the Lightning network, links are provided for further reading on related topics.
Updated on: 2023-06-03T07:26:00.984815+00:00