Privacy is one of the secondary benefits of how the Lightning Network works as a scaling solution. It's by no means perfect or foolproof privacy, but it's better than using the base-level blockchain itself. It is also not completely fair. The sender learns a lot of information about the receiver, but the receiver learns nothing about the sender.
For casual payments it is a huge improvement for users over on-chain payments. There is one big problem though, which is not specific to Lightning, but a problem for all systems with onions.
Global Passive Opponents. That means an actor who is able to passively monitor all Internet connections between everyone involved in a network like Lightning, or Tor. When a message crosses the network, the adversary can see a message moving from one node to a second node, and he can also see that a message went from the second node to the third immediately after receiving one from the first.
If there is a global adversary, then even though they can't see the specific details of a message across the network, they can see where it came from and where it came from. That's enough information to define a payment system like Lightning, where the most important thing after all is who pays.
This is the real basic shortcoming, Lightning can be very private for senders from their buyers, and soon with improvements to come for receivers from the person paying them, but it is very weak against a truly powerful global enemy.
This can be mitigated though. Payments stand out to a global enemy because that is what sends most of the traffic nodes, and the time relationship from A to B to C to D, etc. These heuristics can be broken by nodes sending fake traffic to each other regularly.
Fraudulent traffic could take the form of a constant barrage of fake packages, only to replace fake ones with genuine messages when payments are routed. This would make it impossible to connect anything. Other options would be to add fake messages that continue after your payment is completed, or to make payments fairly when these fake messages reach you.
Different strategies would have varying degrees of success in creating privacy, but something has to be done. A number of improvements have been made, or are coming down the pipeline, in the form of BOLT 12 and blind route invoices, but the bigger picture remains the same: completely transparent to a powerful enemy.
Given Bitcoin's rapidly growing importance, perhaps it's time to rethink the bigger picture of privacy and not just incremental local developments.
This article is a Take. The views expressed are entirely those of the author and do not necessarily reflect the views of BTC Inc or Bitcoin Magazine.
