This PR is not related to user privacy. That already exists by default on lightning since even a node operator can by definition never know the first hop or the final hop of any payment. They only know what passes through their node. They cannot know the sender or final recipient. This PR is meant for node *operators* to be able to purge internal node data— ie, amounts forwarded and number of transactions forwarded. This information could potentially be used against the operator, for example to assert tax liability, AML non compliance, unauthorized money transmitter, etc. TL;DR intended to improve privacy for node operators, not LN users— since users already have excellent privacy by default. View quoted note →

Replies (4)

This truly violates user privacy, since a state actor could create many nodes and carry out probing attacks, just like in Tor. There are many ways to improve Lightning’s privacy, and this is certainly not one of them. LND couldn’t care less about privacy; it’s only interested in promoting stablecoins and obeying the WEF.
Probing attacks very likely already exist on the network. Quite probable even that one of the large ‘trustworthy’ nodes on the network is a honeypot. But still, the reality is that first hop / last hop of any tx can never be known by any intermediary node.