Stephan Livera | SLP391 Ben Carman — Bitcoin Privacy, Surveillance, LN Vortex, P2P & Austin BitDevs

Link to the YouTube (the timestamps are based on this):

Stephan Livera: Ben, welcome to the show.

Ben Carman: Thanks Stephan long time friends, but now I get to finally come on your pod, so I’m happy to be here.

Stephan Livera: Yeah of course. Love the work you’re doing, and I know you’re doing a range of things — Bitcoin Core contribution, you’re one of the organizers of Austin BitDevs, and yeah, working on a bunch of things. So let’s get into some of this stuff! Let’s just get your view just broadly on what’s going on in the space and what you’re following? What’s exciting to you in terms of Bitcoin and Bitcoin development?

Ben Carman [0:36]: Yeah Bitcoin has been a little weird since Taproot reactivated where now there’s no next thing. Like, CTV had its time in the light but then not so much anymore. And so what I’ve been focused on recently is just Lightning privacy stuff in my open source life. Full time I’m The Bitcoin Company, but when I’m not selling gift cards I try to do some Bitcoin stuff. So me and some friends like Tony Giorgio and Paul Miller have been doing some Lightning research on different privacy stuff and it turned into a couple hackathon projects we did where I made something called TransLND which lets you rotate Lightning pubkeys, and we’re working on other various ideas of trying to figure out how to make your best Lightning node if you could.

Stephan Livera: Gotcha. And so the whole privacy aspect is a hot one right now. There’s a lot of discussion about fungibility, censorship resistance, what exactly is required. So let’s talk a little bit about the privacy aspects just generally, as I think it’s fair to say: if you just use Bitcoin by default without any techniques, you’re not necessarily being private. And I think it’s probably important for people to understand that, but also understand it’s not like there’s zero hope either. So at least that’s how I’m seeing it. Do you want to give us your view? And actually, it would be really interesting for you to answer this question as well: do you believe Bitcoin is fungible?

Ben Carman [2:04]: I think Bitcoin’s fungible. If you can find me some cheaper Bitcoin I’d like to buy it, or if it’s more expensive I’d like to sell it! But yeah I think Bitcoin privacy is a problem. It’s not completely confidential when you give an address, people can see all the transactions that come from that address. And this is spurred chain analysis companies to exist as well as privacy companies to fight it. People just use it for fun, too. You can go to blockchain.info and see if your transaction is confirmed and stuff like that. So it is a problem where with different heuristics and stuff you can weed out what someone’s wallet balance is or if someone’s doing certain things like multisig versus Lightning versus just normal single sig. So there’s problems there, but we have made lots of steps since the dawn of Bitcoin to actually improve this with things like Taproot, [which] was most recent upgrade to Bitcoin that really added a lot of potential benefits that are yet to be implemented, but we’ll have that in the future. There’s lots of other ideas and things as well that don’t need soft forks like Taproot — things like CoinJoin and CoinSwap that makes it a lot better. So it is always an ever-going problem and the hard part is you need to know what you’re doing — at least today — but as things get better it’ll get easier, I imagine.

Stephan Livera: Sure. And so the other aspect with Bitcoin privacy — let’s say the elephant in the room — is the KYC aspect, right? And I’m not saying this from a position of, I’m coming from the moral high ground — obviously, I work at Swan Bitcoin, and many people in the space are working in the industry and many of the companies in the space are having to do KYC on their customers and then as part of that, they’re often having to work with chain surveillance firms who in turn are potentially getting access to some of that data, and that can make it more difficult for a person to be private in Bitcoin. So what are your thoughts on that aspect? The pervasiveness of chain surveillance and the KYC?

Ben Carman [4:23]: Yeah KYC is obviously a problem because it forces the user to upload pictures of my documents, even a selfie saying, I’d like to do whatever. And 1) it’s terrible UX because you have to go through that whole process, but 2) it’s a huge security vulnerability and honeypot where — all the time — things get hacked. I think this week there was a news announcement that a billion people got doxxed from a China hack or something. And it’s not actually really stopping any of these nefarious actors. Most likely it’s just: someone’s gonna upload a document and then it’s gonna get hacked and now someone’s gonna steal your identity. I think something like 1 in 4 Americans have had their identity stolen. People in my family have had their identity stolen before. It’s an actual problem that now you have to get lawyers and it’s just a huge headache. You’re gonna lose lots of money, potentially. So it’s never good, and the touted reason why they’re doing this is, Oh to stop money laundering, to stop child pornographers, to stop drug traffickers — anything, whatever the boogeyman is. And in reality, it doesn’t really stop much of any of this! What they’re actually going to do is they’re going to go find a stolen identity on the dark market and buy that and then do whatever they want. There’s KYC-free versions of how we do most things anyway, so they can just use something like that. So all this stuff will exist and it’s impossible to stop, so if we’re not stopping the bad stuff and just harming the good users, what are we even doing here? So I think that is a problem, and then the chain analysis part just makes it worse where your own wallet probably does a mild form of chain analysis to try to give yourself privacy, where it’s checking like, What are my transactions? How should I make the most efficient transaction? And what kind of change output should I use when I want to spend this? And stuff like that, but the chain analysis companies like Chainalysis, Elliptic, whatever — their secret sauce is they have their view of the blockchain like everyone else, but then they get all these data from Coinbase and Kraken — and maybe Swan, I don’t know — like, all these companies that are KYCing users and they pool them together so they have this huge holistic view of, Okay, User A withdrew to this address from Coinbase and then to this address on Kraken and now I can see, Oh okay, this is their wallet. And then they have a record of this user’s entire balance. And they use lots of these heuristics that they claim to be anonymized but it’s really not because you’re using it from KYC information. So it creates just another honeypot of information, and we’ve seen various problems with that where — I mean, it wasn’t exactly a KYC thing, but when Ledger got hacked and all the addresses of their users got doxxed, there were lots of people at first getting e-mails and text messages trying to hack their coins off their Ledger and just getting them to install bad firmware or something or enter their seed phrase online. But eventually I think there were reports of people actually getting knocks on their front door because they got it shipped to their house and stuff. So that’s actually threatening human lives, which is awful — and that’s just a shipping address! When we’re doing actual IDs and birth certificates — whatever you want — it gets so much worse, and you can cause a lot of harm that way. So, objectively it’s a bad thing and the people that are trying to enforce this — there’s just regulators out in DC or whatever that have no repercussions. They’re just like, Well that’s bad so let’s “do something” that they think makes it better, but it doesn’t.

Stephan Livera: Unfortunately, it seems that the answer is always: do more regulation, do more KYC, do even more surveillance. And yet the more surveillance they’re doing on the world — for all of these costs that they’ve imposed on banks, financial services, Bitcoin companies even — they haven’t got a lot to show for it. And in fact, there is research on this — I interviewed Dr. Ron Pol, and he has spoken about how ineffective the AML regulation is. But anyway, the point is: what should Bitcoiners be doing? Should Bitcoiners be anti-AML laws? Should they be advocating in other ways in the public system? Or is it more about building code, writing code? What are you thinking that Bitcoiners should do about it?

Ben Carman [9:03]: You should do whatever you can. I’m a coder, so my personal mission is: build software that helps you get away from this. But 90% of the world doesn’t know how to code, so you can go and do other things. Like, I don’t think you code, Stephan, but you make a podcast where you bring up these issues and try to get people informed. Or other people can go and talk to their senator and try to get actual laws changed. Or create educational tools and other various things. But yeah, it’s a hard problem, but there are tools to get around this. If you don’t want to buy on a KYC exchange — for obvious reasons we just stated — there’s lots of other ways. There’s things like Robosats and Bisq that’s just an online P2P exchange that lets you do things. There’s also just the good old classic go to your local Bitcoin meetup and shake hands with someone. At Austin Bitdevs here we have a huge meet up and people come here all the time, so there’s lots of times where people are like, Hey I’m trying to get some cash — can anyone hook me up? And then they’d shake hands later and send some Bitcoin. And that’s perfectly fine to do and legal — pay your taxes if you want, but it’s a completely normal thing to do! And it’s not like a total — like, you show up in a mask with three guns and a knife and hopefully you don’t get jumped — we’re in downtown Austin! You’ll get caught if you try to — or we’ll break your knees at the next Bitcoin meetup! So you should be fine. There’s ways to get around it. It’s not the hardest thing in the world. I know [for] many people, their first introduction to Bitcoin wasn’t on something like Coinbase — their first introduction was on Bisq or something, which is supposed to be the advanced Bitcoiner thing, but people are able to do it. So you can guide people through that if you want to help, or if you haven’t done it yourself you should really try because it’s not that hard.

Stephan Livera: Sure, yeah. And look: I don’t have anything against non-KYC acquisition of coins — I encourage people to do that also. I think for me and what I’m thinking about here is also the scalability aspects of it — like, how many people can realistically do that? As an example, I looked at the Bisq volume over the last week — I think I looked up the stat yesterday — that number was about $125,000 worth of volume on Bisq over a week.

Ben Carman [11:27]: So yeah that’s like nothing compared to Coinbase or something — so getting around that’s the harder problem. You can mine Bitcoin — that’s a great solution where lots of people will just buy a lot of miners up front — that doesn’t require KYC. And electricity doesn’t require KYC as well so you could just have a huge mining operation and mine some Bitcoin. It does require other skill sets, but it is possible.

Stephan Livera: Of course, yeah. And to be clear: I’m not trying to FUD Bisq or anything like that — people should be willing to use it. And the other aspect of it is: that volume number might be also down from maybe a few months ago when we weren’t as deep into a bear like we are now. And also, some of that volume might be happening off those platforms, right? People might already meet one time and only do the first trade on the platform and then do other trades off the platform. So to be clear: that volume number is not taken as gospel — it can change, and there are other platforms like Robosats and HodlHodl and peer-to-peer stuff and in-person Bitcoin made up and things like this. But I think in terms of where the industry is going, I think that’s probably also an interesting question: Is it likely that every legal or aboveboard Bitcoin business gets forced and pushed down this pathway? I think that’s probably the tougher question. And is there a way out of that?

Ben Carman [12:54]: I sure hope they don’t! And luckily this is like a gradient — you could have something like Bitcoin Core: that doesn’t talk to any outside servers. It’s just your own thing — they’ll never have to do KYC. But something like Coinbase, where they have custody of your funds and they give you tax records and all that stuff — that has KYC on it because of regulations and because things like, If you died, well who do we give this money to? And the KYC let’s them figure that stuff out — it’s like legal claims and stuff. But as a user, you should have a choice. So there are different services that let do that. And for us at The Bitcoin Company — like, today we sell gift cards, you get sats back in your account and so we’re not like having to sell you Bitcoin. There’s no tax implications that we have to report for you or anything like that. So we don’t take anything — we just have an e-mail and that’s fine because the only things we need to comply with is OFAC compliance, which is like there’s 14 addresses or something we’re not allowed to send to, which most likely our user doesn’t have the private key to so who cares? And so stuff like that’s a lot easier to get around. But as you add in things like you’re buying Bitcoin with fiat money, then it gets harder because then you come under the purview of these other regulatory things and stuff — and that’s where it gets hard! So legally, today, you need to take KYC, but the chain analysis part is always just a hairy thing where a lot of times it’s like they won’t knock on your door and shut down your company if you don’t, but then no liquidity provider will work with you if you don’t have chain analysis or anything like that, so that gets weird. But all these laws are — it’s just: the banks are these fiat institutions that just want to comply with everything because that’s how they make their money with their regulatory moat, so they require all of these things. And a lot of times they’re doing the full — the law will say like, Do the most reasonable thing or something. So they take that as, Oh, we’ll do all the chain analysis possible — because that’s completely reasonable to them! But as Bitcoiners we obviously don’t or hopefully don’t believe that. I personally don’t — I think it’s reasonable to do zero chain analysis! So you have a debate with your lawyer and stuff and find what’s comfortable. But reasonably, it makes sense to — if we’re doing this OFAC, there’s 14 people in the world we’re not allowed to send Bitcoin to — I’ll be fine with that. I won’t send money to Osama bin Laden, but I’ll send a Bitcoin to everyone else. So I think that’s fine. But handling the rest of that is just a gradient you have to do based on what you’re trying to do as a business.

Stephan Livera: Yeah, for sure. And so some of this I think flared up a little bit with some of the recent debates on Twitter as well where you made that comment of saying, Look: if we had to do it then that’s the point I’d be quitting. And I totally respect that, of course. I think the question, from my point of view as well, is: just how pervasive it is in the industry? That, even if you quit one particular employer — because they’re doing chain surveillance and that’s their regulatory requirement and so on — then the challenge is: even if you were to get funding, how many companies or firms in the space are offering developer funding without any connection to KYC and surveillance? Let’s say the Gemini’s of the world, or the others who are doing that? It just is that pervasive, isn’t it?

Ben Carman [16:40]: Yeah, and on that comment too: you can do your own chain analysis without having to go and use these insidious companies like Chainalysis and Elliptic, where in those you’re just pooling all of your data with these other huge honeypots of data and just making it worse for your personal users. But if you’re trusting yourself to take this KYC data, you should be able to trust yourself and you can legally, I think, do the chain analysis yourself which can be whatever you dictate is reasonable. So I wouldn’t quit if we had to do our own personal “reasonable” chain analysis. But yeah in that regard as well with what you’re saying on other companies saying like, You have to use Elliptic and so I go, I quit, and now every other company is doing it as well so you’re shit out of luck: I do like case where everyone and their mother is sponsored by Spiral today where they’re just giving out grants, but there are a few people sponsored by things like Coinbase and Gemini and these other casino-type companies. Those are actually my favorite grants because you’re taking money from the enemy and bringing it to Bitcoin development, so I’m happy to take money from the bad people and bring it towards the light. So I think that’s okay! But you do have that taint of: you’re getting the “dirty money”, but as I said in the beginning: I think Bitcoin’s fungible so that’s okay.

Stephan Livera: Yeah of course. And so firstly, there’s that point that you made which is: if we’re thinking of the gradient, the worst is to create the massive globalized honeypot of Chainalysis and Elliptic who, if they can — again, we’re speculating a little bit here, but presumably this is what they’re doing, is they’re able to pool the KYC data and the chain data of many customers across many exchanges — whereas what you’re saying is that in a gradient sense, in a less bad sense, if you’re doing your own personal risk analysis of coins, of customer coins, where they’re coming from, where they’re going, and things like this, then that’s less bad because at least you’re not creating the honeypot aspect. Now of course the privacy purists would still object to that! They would say, No, hang on — you’re still trying to surveil your customers. But in this world where we’re dealing with government and regulators and the only way that you can do things at scale — at least in certain business models — is to have to comply with that. So obviously I think it’s a position of, We don’t like that, but at the same time we also understand that the only way to really grow the pie meaningfully is to have to play inside that regulated pool. Is that how you’re seeing it?

Ben Carman [19:23]: Yeah. Sadly, I think most people won’t onboard Bitcoin in the no-KYC way, and I think that’s just because you can provide a much better UX by doing that. And Coinbase has a beautiful app! I don’t like them, but they did a good job. And Bisq is hard to use — it is usable and you can do it if you want, but my mom’s probably not going to want to do that. And so if you want to bring Bitcoin to the masses — some people are just going to capitulate. And do we want Coinbase running that and getting all those users? Or do we build it ourselves? So I think it’d be better if we have real Bitcoiners do it like you guys are doing at Swan or CashApp or River or what we’re trying to do at The Bitcoin Company — same thing. So if people are gonna go that route, let’s give them the best tools possible and inform them like, Hey — we’re taking this [route] and we don’t want to, but these are the risks. So I think that is important. Yeah, and scaling that up is good, and when you’re doing this as well with this internal chain analysis, you have to make your own risk metrics as well then. I think in the past, people like BlockFi and BottlePay were blocking CoinJoins from coming into their exchange, which most likely is just their chain analysis provider being like, Oh, that’s bad — blocked! Versus when you’re doing it internally you’re like, Oh yeah, CoinJoin — those are cool! Good job! We’ll give you a bonus because you’re cool now! You do whatever you want. So not only are you not feeding the honeypot, but you’re also letting yourself control exactly what you want to do. So if someone decides CoinJoin is bad, you don’t have to just immediately start blocking those — you can decide on your own and stuff.

Stephan Livera: Of course. And so in terms of the hopes then for stopping the Chainalysis and the Elliptics of the world, what are the big ideas in your mind? I think one idea I can see is this idea of trying to stop the common input ownership heuristic, or undermine it, in a way. Where, as an example, if we did a lot of Lightning channel collaborative channel opens, then that helps undermine that heuristic, which is a key heuristic that they rely on. So that’s one idea, but I’m curious: what’s really going to move the needle here in terms of actually obsoleting them? Or making them less relevant?

Ben Carman [21:54]: So yeah these chain analysis companies, they have two inputs: one is the actual blockchain, and the other is the KYC exchange. So if you stop using them for your KYC exchange, you block off one input. So now we have to worry about the other input, which is the blockchain. And yeah so the things you’re mentioning like this common input heuristic where, when you have a transaction, it has multiple inputs in it — chain analysis firms generally just assume that every input is owned by the same person, because there’s a 99% chance that’s going to be true. So it’s a good way to do that. So if me and you are doing a transaction, if both of our inputs are in there, now they’re going to think that both of those are my inputs or both those are your inputs — they’re actually both of ours, and now our wallet histories get clustered together and they’re in their data set, so now it gets harder to actually dictate what’s happening. So that improves things a lot. And typically, the kind of way you do this is either like a CoinJoin — but that’s very explicit so they know to exclude those because they just know like, Oh after a CoinJoin it’s gone and we have to create a new wallet history. But other sneakier ways are things like PayJoin where you’re actually able to hide the actual payment amount and the inputs that are in there of who owns what, because you’re adding in the receiver’s inputs. So you can do all these fancy things to hide that, as well things like CoinSwap where, instead of breaking this common input heuristic by having a transaction with two inputs, we actually just have two transactions where, say, me and you both swap the same amount UTXO. So I start with UTXO-A, you start the UTXO-B — at the end and I have UTXO-B and you have UTXO-A. So that way we basically just swap histories and no one can tell that we did that because they never end in the same transaction. And there’s other ways to do that. But they’re all just incremental steps — you’re trying to get better. Because if you do all this and then you just go and deposit into Coinbase, now they see like, Okay that last address is his. So it’s something you’re always keeping up with and trying to improve. And technology is always improving this as well: like, before Taproot, if me and you were doing CoinSwaps, then you deposited it into a multisig and I kept it on a single sig, it’d be obvious. It’d be like, Okay, Stephan’s a multisig user — I think that this just went to his wallet and it’d be obvious that you did that. Versus now, with Taproot, we can hide that you’re actually using multisig, so these would look the same. And not just multisig but things like Liquid or even Lightning — all these different things can all look the same now, so it makes it even harder to do all these heuristics.

Stephan Livera: Of course. What you’re referring to there is this new output type — Taproot — and so just like how historically we upgraded to the native SegWit addresses, now we’ve got these Taproot addresses. Now I suppose one criticism that could be leveled at us here is: Taproot’s anonset right now is very small, because there’s not that many users of Taproot. Now I know, for example, BTCPayServer’s wallet supports Taproot, I know Muun wallet they are actually using Taproot in the background, but in terms of Taproot Lightning channels — that’s not really here yet, although I believe that’s coming soon. But I’m curious your view on that about growing the Taproot anonymity set?

Ben Carman [25:24]: Yeah there’s a couple wallets using it. LND just released it for their on-chain wallet, but not for Lightning channels. I was told by like into Fall-ish that they’ll have it. So hopefully soon-ish! But yeah it is something that like: if you’re a Taproot user today, you’re one of maybe 10,000 people, so you’re reducing your anonymity set. But I think just building tools on top of this and getting people ready just to support — because a lot of wallets don’t even support signing the Taproot addresses and stuff yet. So we just need to do this incremental process. It was nice with SegWit because when we switched over to there, there was an economic incentive where you would have cheaper transactions when you switch to SegWit, so naturally a lot of people moved over just to save money. But now with Taproot it’s more of a privacy saving thing than a fee saving thing — you’re maybe saving a couple bytes, but you’re not going to be saving like 30% or whatever you would with SegWit. But there is a push towards that because lots of people are saying like — luckily, the Bitcoin initial use case is now moving towards a Lightning wallet than an on-chain wallet. I feel like most people get onboarded onto something like a Muun or just a traditional Lightning wallet. So in that regard, since Lightning is much better when we have Taproot everywhere, all these Lightning wallets are moving towards a Taproot-first look, so that’s going to help a lot. So maybe a Bitcoiner that got into it in 2013 has his cold storage some buried in Argentina — he’s not going to upgrade to Taproot, but all the new users coming in are going to upgrade to Taproot just because that’s what their wallet supports and it’s the default now. So I think that will be a big help.

Stephan Livera: Yeah. And actually on this: now again this may be triggering to some listeners and I’m not saying I like this reality, but this is perhaps the reality that we have to acknowledge — I’ve seen some interesting statistics from Sergej Kotliar of Bitrefill and it’s an interesting framework that he speaks about! It’s this idea of Bitcoin (1) the tool and Bitcoin (2) the movement. And so obviously people like you and me and even Sergej are arguably part of the Bitcoin movement — we go to Bitcoin conferences, we speak, we talk to our friends there and so on, but then there are these users who are not necessarily ideological about it, right? And by ideological I mean, broadly speaking, cypherpunk or libertarian-ish. Whereas there are a lot of people who use Bitcoin without having any ideology about it. So for example: he makes the analogy — which is a good one — of BitTorrent. There are lots of BitTorrent users who are not ideological about it — they wouldn’t go to a big BitTorrent conference, they wouldn’t call themselves part of the BitTorrent movement, let’s say, and so just by the numbers, if you look at the stats on Bitrefill, he points out that: actually, a lot of the users are actually using things like Exodus Wallet, which is like a shitcoin wallet, or they’re using blockchain.info, right? So it’s funny because we have this ecosystem where, in our Bitcoin world, we’re always promoting Bitcoin-only and things like this, but objectively out there in the real world, there are a lot of users being onboarded by basically shitcoin exchanges. And so I guess this is a reality we have to grapple with, isn’t it?

Ben Carman [28:39]: Yeah I know, it’s a hard problem. It was funny — blockchain.com, their wallet switched to SegWit four years later like a couple months before Taproot activated, and you saw the chart in the graph just go straight up. And at Austin BitDevs we made a ton of fun of it — it was like, Well in four years we’ll get to talk about when they add Taproot because who knows when they’ll do that? But luckily, at least, a lot of new users are being pushed onto these non-shitcoin wallets it seems, but they still have a huge dominance. I mean, luckily some of these are open source — you can go and make the PR yourself, but if it’s getting merged, who knows?

Stephan Livera: Yeah of course. And so that’s perhaps a little bit of cold water, but of course we as a community can do what we can to advocate for, obviously, what we see as the leading wallets and Bitcoin companies that new people should be going and onboarding with. But at the same time, we have to acknowledge that not everybody is — especially the new people coming in, at the top of that funnel — they’re not going to be as ideologically committed or aligned as we are. Nevertheless, there are possibilities for privacy and security to improve in the background by default where, if this technology comes out, it eventually makes its way into the mainstream applications. And some of that happens by support from the more hardcore members of the community, the developers, and the advocates, and the educators out there. So I think it’s not totally without hope, but it’s just a recognition that it takes time to change things. And even on the question of SegWit, it depends on how we count it as well. So as I understand: if you count transactions based on if they have any SegWit whatsoever on any of the inputs that number is something like 70% or 80%. But if we count it based on every output being SegWit, that number is more like 20%-30%, so it’s actually a lot lower even for SegWit, which came out in August 2017, right? And here we are in June 2022 and we’re still trying to get adoption of SegWit!

Ben Carman [30:49]: Yeah, getting people to change things especially with their money is always an extremely hard problem! I am hopeful, and luckily all these things add new functionality — like, without SegWit we couldn’t have Lightning, so any user that wants to use Lightning will be forced to use SegWit. And with Taproot that’ll enable other things — most likely, Lightning will go to a Taproot-only thing eventually. So eventually if a user wants to use Bitcoin, they’ll have to use these kinds of features, it seems, so it’s not All hope is lost. But in the meantime, we’re all just screaming at our computers like, Why don’t you implement Taproot?!

Stephan Livera: That’s the campaign is to shout: When Taproot?! Or: When Lightning?! as well.

Ben Carman: Exactly.

Stephan Livera: And in fairness, we are seeing Lightning adoption in terms of exchanges. We are seeing large exchanges who are supporting that, and so over time, that’s more and more millions of customers who can use Lightning. It’ll take time, but I see those network effects as growing, but it is perhaps some cold water that we have to face when we see statistics today in terms of who’s spending today and how much Lightning use is [done] today versus Bitcoin on-chain today — even for small values, which we would presumably say, Hang on, for that kind of value you’d be better off using Lightning! Well maybe that person is coming from a wallet that doesn’t have Lightning — things like that. But nevertheless, let’s talk a little bit about some of the ideas you have around Lightning privacy. I know you have this LN Vortex. So do you want to tell us: what’s LN Vortex?

Ben Carman [32:29]: Yeah LN Vortex is a project I’ve been working on for about a year now. Basically the idea is: today there’s a couple CoinJoin solutions like Samourai, Wasabi and JoinMarket, but all of these are mostly just like — you spend to yourself so you create a transaction that just spends to your own wallet but you have more privacy at the end, so you’re willing to pay for that. But when you want to combine that with Lightning, the typical flow is: mix to yourself a few times and then send it to your LND or C-Lightning wallet and then open a channel. So you have this extra step and it’s very obvious you’re doing that, so that kind of sucks! And so the idea is to be able to merge these two things: where you’re CoinJoining to yourself, and then when you want to open a channel you just do that in the same CoinJoin where instead of the output being yourself, it’s now a Lightning channel. And a couple things are needed to happen for us to do this. The biggest — like we’ve been saying — is Taproot, where these on-chain transactions to yourself are most likely going to be just a self-spend. And without Taproot, a self-spend to your own personal wallet and to the Lightning channel are very distinct — you can immediately tell which is which, or at least that they’re different. So you would be able to tell in the CoinJoin, it would reduce the anonymity set, and it wouldn’t really work. But with Taproot we can combine these two so they could just look exactly the same. And a great thing about Lightning nodes is they’re something that you just always need on — so I have a laptop thing under my bed behind me that’s just running a Lightning node all day — and it’d be great if this thing was just CoinJoining all day as well, because I’ve got coins I want to mix! So the idea is like, well we have all these nodes, they’re running all day — why aren’t they always CoinJoining? And then when I want to open a Lightning channel, let’s do that in a CoinJoin as well — just give yourself a holistic approach of your on-chain balance route. If you’re a Lightning-first user, almost every on-chain transaction you’re doing is now a CoinJoin. So I’ve been working on that for about a year now. This current state of it is using two separate mixes right now where for one it’s: you have your mix to yourself, and then after you do that you can open a channel. But once LND or any implementation releases the Taproot channels, then we’ll just combine them both and you’ll be able to open a channel. A hard part about it was you can’t really implement this into Samourai or JoinMarket or Wasabi today because you need to change the protocol a little bit. So today if you say you’re doing a Samourai mix, what you do is you register your inputs and a blinded output and then you just wait for the mix to happen. So that could be in 10 seconds, that could be in 6 days, so you’re just waiting. And to have that output, you need to know where you’re sending the money for this CoinJoin, so you have to say like, Okay I would like to mix to this address — you’re hiding the address in that initial message — but you still need to know that address. And in Lightning when I want to open a channel to you, I need to send money to that address in the next 10 minutes! So it doesn’t really totally work with this asynchronous flow in current CoinJoins. So LN Vortex is custom made for this where you just do a slightly tweaked flow where you register your thing before you mix so that way you can open that channel. And it’s not totally released yet — it works in tests. Me and my friend D-Rex — he’s a front-end dev at The Bitcoin Company and works on Zeus and stuff as well — he’s been helping me build the front end, and we’re about to do our first testnet one, but it is coming along! We’re probably going to release it hopefully soon and have it on Umbrel and all that, but the idea is really just: let’s get everyone CoinJoining because it seems like everyone and their mother has an Umbrel node running in their closet now, so why not have those funds CoinJoining? And then it’s another incentive to get people on the Taproot, where now someone might be like, Oh I don’t care about Taproot that’s too much work to upgrade. Now it’s like, Oh hey you can CoinJoin all your funds and get more privacy, and people are like, Oh I would do that! So that’s the hope. And as well as with that, it will most likely be the first Taproot CoinJoin coordinator, so that’ll be cool to have as well, because today if you want to use Taproot but you’re like, Oh I need to CoinJoin my funds, you have nowhere really to go. So you could like go into Samourai, mix, and then send to Taproot like we talked about earlier and now reducing your anonymity set by revealing that you’re going to Taproot. So you’re leaving the herd. So it’s not a total hosted-like approach anymore. So hopefully with this you could have your Taproot users just only use this, and it’s built in a way where it works with lots of different types of wallets. So, natively it supports LND, C-Lightning, and Bitcoin Core. So Bitcoin Core doesn’t have Lightning support, but you can still just mix yourself in your own Taproot wallet if you’d like to do that. I’m gonna work on adding Sensei support soon, but Sensei needs a little more work just to get fully worked out, but it is possible so that’ll be hopefully soon as well.

Stephan Livera: Okay great. So can we walk through the flow then in this example? So let’s say in the near future this is available as an application that people can install on their package node like Umbrel and Raspiblitz and all the others. What would the flow look like in this case? Is the user going to withdraw from the exchange into their LN Vortex wallet and then the wallet is just going to do these Taproot CoinJoins in the background? Is that roughly what you’re thinking? Or what’s the flow look like?

Ben Carman [38:31]: Yeah pretty much! It doesn’t have its own wallet — it just uses your Lightning node’s actual on-chain wallet. And it’s nice — I didn’t have to actually code that myself: LND or Core Lightning just handles that for you! So if you have funds on there you can use it today. And yeah you would just open up the Vortex app and just hit, I want to be mixing, or, I want to open a channel. And so what we’re thinking is: you’ll probably just download it initially and then just click the Mix My Funds button and then those funds will just always be mixing and then say like a week later, Stephan, you’re like, I need some inbound — and I’d be selling some hats — can you open a channel to me? I’m like, Sure, so I’ll go into Vortex, type in your pubkey and hit Open Channel and then in the next round I’ll open a channel straight to you in a CoinJoin.

Stephan Livera: Gotcha. Okay, and so is the idea then that you’re just plugging into the wallets that are already existing, as you were saying, and then the users are having this CoinJoin operating? The other question as well is: who’s running the coordinator? Are you going to run a coordinator for this? Or how does that work?

Ben Carman [39:47]: Yeah, so it has to be its own coordinator — I can’t use Wasabi or Samourai any of those because it does have this slightly altered protocol. So I do have a pleb friend that offered to run it, so they’re going to be running it. I’m not going to say who, but yeah it’ll have its own coordinator running and it’ll just talk to that and it’ll have multiple coordinators for different output amounts and everything like that.

Stephan Livera: So you might have different pool sizes, as an example? You might have like 0.1 or 0.5 or the baller pool — 1.0 Bitcoin pool — or whatever. So then you are just mixing your coins with other people in that same denomination in that pool. And so then the idea is: either your LND or C-Lightning can open a channel out of that and then just spend normally like you would with any Lightning wallet? Like, let’s say you have Zeus connected to that?

Ben Carman [40:44]: Yeah exactly. So you would have your Umbrel just mixing, you open your channel, and then you go to Starbucks and scan an invoice and just pay for now a mixed channel. So you get this extra added privacy. And Lightning is generally very private in most regards on the actual Lightning layer, but Lightning requires a Bitcoin layer under it and that is, as we know, fully [exposed] — you can read the whole blockchain, so you need to hide these kinds of UTXOs. You can do that once it’s not announcing the channel, but still people can find it, like what Tony Giorgio’s been working on. Or if you’re a routing node and you still want to protect your on-chain funds, this is another way to do it where you could hide this and now you’re just like, Oh this is a Vortex user but I don’t know what their on-chain wallet looks like.

Stephan Livera: Got it. And so yeah it sounds promising and it’s definitely a step in the right direction of helping people have privacy through the entire flow because it’s not just a one-off thing — it’s like you CoinJoin and then you open a channel and then now you’re doing Lightning channels, which those transactions don’t touch the chain per se. Now of course in Lightning there’s still improvement work required on that side too, and of course there was the recent Lightning Summit maybe a month or two ago — so listeners, you can check out Bitcoin OpTech newsletter 204, there’s a summary there of the Lightning developer meeting — and so there’s things there like gossip network updates or trying to potentially change some of the aspects about how Lightning shares balances and things like this. So these are some of the ideas coming that will help bring privacy to Lightning, because today Lightning is not super-private, but it’s kind of a complicated question where maybe the sender is getting a little bit more privacy than they do today just naively spending on-chain, but there are some of these other aspects where the channels have the short_channel_ID where that’s pointing to the output of that channel on-chain. Whereas maybe in the future that could be changed with gossip updates, right?

Ben Carman [42:56]: Yeah, so they actually just changed the channel ID thing! So now for unannounced channels you can just have it be a random value so you don’t actually have to dox it to people, or that they can probe it out of you and stuff. So that does help but that doesn’t solve everything. Like you said: it is slightly better than on-chain where on-chain is being stored forever so that’s obviously not good, versus with a Lightning payment — if they don’t catch it in time, whoever’s trying to track you, then they missed it. So you do have that benefit. But yeah there are lots of problems where you are requiring this lower Bitcoin layer. So everyone can know these UTXOs that you’re using to like route these payments. And as well, you have these static pubkeys which are like identities on Lightning, so people tie different flows to that. And there are things like probing where you can almost fish out balances of things or detect payments going on. So there are lots of things coming, like you said. There was that summit — they talked about different things. One of the bigger things that I think will be big is things like trampoline routing and blinded paths — they’re both powerful by themselves but together they’re extremely powerful. What trampoline lets you do is just say like, You don’t tell someone how to get to me — you say, Oh I have a friend, Stephan — you can pay him and he’ll pay the rest to me. And so what that lets you do is: you don’t have to totally gossip all your private channels you want to receive through or anything like that, you just say like, Get it to him and he knows how to get to me. So you get a barrier there and you can actually use multiple trampolines so you could say like, Oh, Stephan knows how to get to me and then they’re like, Well how do I get to Stephan? And you’re like, Oh, well Marty knows how to get to Stephan and then Satoshi knows how to get to Marty — you can do this whole thing so you just have these layers of obscurity! And as well, you can layer in these blinded paths where — because Stephan, you need to know how to get to me — instead of giving you the full route, I could say, Go to this guy and then he’ll have an encrypted version of how to get to the next guy and then an encrypted version of how to get to the next guy. So basically by doing that you completely hide the way you’re trying to pay me. And it gets really powerful, but there’s lots of spec work and things actually need to be done to get these implemented and in the wild before everyone’s using them. But it is possible, so that will hopefully help a lot. It’ll remain to be seen when it’s gonna happen.

Stephan Livera: Yeah of course. I mean it does sound like it’s promising there and I think it’s also fair to point out that even today, if a user wants just privacy from the merchant, even today if they use a Lightning wallet like Muun, Phoenix, Breez, these kinds of ones where you make a Lightning payment to the merchant — now yes, Muun, Phoenix, or Breez might be able to surveil you — but at least the merchant doesn’t know your balance, they don’t know your transaction history, they just get paid on the Lightning Network. So at least there’s something there, right? I think people tend to be very binary and all or nothing and say, No! Unless you’re James Bond, Edward Snowden-level private you’re not private! And it’s like, Well, who are you trying to be private from? And how much privacy do you really need? Is the average person who just wants to be able to make a donation to a particular protest — if you used one of those wallets and you used that swap functionality that’s inbuilt, aren’t you arguably getting a little bit of privacy that way? Now I guess the counterargument would be: Well hang on, the authorities could just go to Muun and say, Hey, give me all your data. So at that point maybe you’re in trouble, but in terms of how much work are they going to do, it might be at least a little bit, or something, that’s more private. So I don’t know, that’s just a few thoughts. I’m curious if you — ?

Ben Carman [47:04]: Yeah definitely. Say they go to the Muun like, Give me all your data. It’s like, Well Muun wasn’t the only wallet sending to that merchant or whatever malicious actor they determined, so they can only get a small portion of the pie versus [what] we saw with the Canadian truckers — they’re like: Do not send to this address! You couldn’t really do that with Lightning. You could be like, Don’t send to this node pubkey but you just change your node pubkey with something like TransLND or something and you can just say like, Oh! Sorry — it’s a new one every time. I don’t know what to do here? And as well things like when I pay to a merchant, they have my on-chain UTXOs. You can go back and look and do this little chain analysis and sometimes you can figure out like, Oh this person sent to us from a 15 Bitcoin UTXO — they have 15 Bitcoin! I’m gonna go follow them home and steal that from them. But with Lightning, they only know the last hop, so most likely it’s not even your hop, so you get a lot more privacy. So if you’re transacting with someone you don’t fully trust to not follow you home or whatever, you’ll be protected in that regard. That’s a huge improvement over the current Bitcoin today!

Stephan Livera: Yeah. Let’s chat about Austin BitDevs. So you’re one of the co-organizers for that. Can you tell us a little bit about what’s happening in Austin’s Bitcoin scene?

Ben Carman [48:28]: Yeah Austin — it’s been blowing up! So I guess a little bit of history: I moved here beginning of 2020, and one of the reasons I moved here was because the Bitcoin scene was big — and that’s when our meetup was 20 people on a good day. And today we get about 250 people when it’s a bull market. Now it’s a bear market we get like 50, but it’s still a really good meet up here. And honestly, I think — for other people trying to run meetups — the biggest thing I think for us was consistency, where every third thursday at 7 PM we’re at Unchained and we’re talking Bitcoin. That helps a lot! During Covid, almost every meetup shut down, but we only shut down for 6 months and we kept it consistent ever since then. In September it’ll be 2 years from us for consistency, so I think that’ll be something to hang your hat on, and we’re really proud of that. So yeah: it’s a great scene out here! We have the whole Unchained folks — they have their huge office now and they have the Commons as well which is a great space to work at. Like, me and a couple other people are working there every day, and it’s really beautiful because before I just worked at home or see Bitcoiners when we go out for drinks maybe that night, but now I’m working right next to them all day so it’s like you’re coding and you’re like, Hey, what if someone did this? And you all start just bouncing ideas and next thing you know you’re on a whiteboard drawing state diagrams or something. You get a lot more collaboration! So Austin’s really bred a beautiful Bitcoin scene. And every third Thursday we’re having a meet up, so if you want to come out I recommend people to come check it out.

Stephan Livera: Yeah and for people who aren’t familiar with BitDevs and what to expect: what goes into organizing a BitDev? Specifically in terms of pulling together the resources and the content to discuss?

Ben Carman [50:31]: Yeah, so BitDevs isn’t just a hangout — we talk about Bitcoin! It’s supposed to be a Socratic Seminar. So the idea is like Chatham House rules: no names here — we’re just going to talk about Bitcoin and ideas. No people — don’t attribute this to, Ben said This. Let’s just say Someone has this cool idea at BitDevs. And we’re doing all things: it’s BitDev, so development — we’re all talking tech. So normally it’s like me, Buck, and Justin — we get a list of topics that we accumulate through the month mostly just either reading the mailing list, Twitter, or OpTech, or even the other meetups as well. We steal from them all the time! And once we have our list of maybe like 50 topics, the idea is we just present it and maybe give a brief overview like, Oh Lightning Labs released this idea Taro and then we’ll talk about it and then someone from the audience — because really the idea is to draw the knowledge from the audience. Like, Oh this Taro thing happened, and Ryan Gentry, who’s biz dev at Lightning Labs would come up and be like, Oh yeah — give a huge explanation on this — and then we’ll talk about Lightning privacy and Tony Georgio will come talk about it. And so we’re really trying to just draw ideas from the crowd, as well as hash things out, because there’s a lot of times where Me, Justin, and Buck are learning about this topic 2 hours before the meet up and we’re like, I think it works this way? And then we’ll just basically work with the audience and understand it together live. So it’s a lot of fun in that regard! And it does take a fair amount of work, but it’s definitely worth it. And I get all the time people are telling me like, I’m not a developer at all! Or they even just got into Bitcoin and they’re like, This was so cool! Like, I didn’t understand any of it, but I know I can eventually! Or the few other people that have been coming for years would challenge me now and they’re like, Oh actually why don’t you do it like that? And I’m like, Oh shit! Like, you’re not even a dev and you can pull this stuff off! So it’s a really good meet up to come to, and it’s great to bring new people to as well because I remember talking to some high school friends and I’m like, Oh I do Bitcoin development, and they’re like, Isn’t it already developed? What do you do all day? And it’s like, Goddamnit! So coming there, they’re like, Oh shit! It’s like a real thing! It’s not just like we’re buying Dogecoin going to the moon! It’s deep research on things. We’re saying big words that normal people don’t know and we know all of them, sadly.

Stephan Livera: So for anyone who hasn’t been — any listeners — if you haven’t been to a Socratic Seminar or a BitDevs, I highly recommend you go! It’s well worth your time if there’s one in your area. There are some that are run online as well, but going to the ones in-person are really worthwhile, if you can. You tend to learn a lot, and there might be all these words at the start that you don’t quite grasp, but they’re very much worthwhile. Obviously, I’ve been to some of the BitDevs in Austin — during bull season — and I guess in the bull season when there’s 250 people in the room, it tends to be more like kind of a lecture from yourself or from Buck or from whoever’s explaining, because there’s not as much chance for back and forth discussion. But during bear time and sideways market you do get more discussion time, and that is a bit more interactive, and perhaps you might even learn a bit more that way as well. But well worthwhile for people, so definitely check it out and go! If you don’t have one in your local area, I suggest starting one. It’s a good way — if you have at least a few technical friends or one or two — you can get it started and get it going that way. Bitcoin is a community thing so we want to try to grow the community, so Bitcoin meetups are a great way of doing that.

Ben Carman [54:21]: Yeah and I want to say too: if you’re looking to start up a meetup in your place — a lot of people say Austin and New York and a couple other places had the wild success doing a BitDevs — but that works here because we have a lot of developers here and a lot of talent and all these people who are well informed on the ideas. Like, if you live in rural Kansas and you have no developers — don’t start a BitDev, start something that fits your audience and your hosts. So here we’re doing well because we’re good at facilitating it, but if you’re not a developer or you don’t have developers in your area that are willing to host it, well then just start a normal meetup where you just hang out and talk about Bitcoin, because that’s equally as fun! And in Austin we have something similar: we have the Austin Bitcoin Club where they do exactly that — they just bring tacos and chicken and talk about Bitcoin. That’s almost as big as the BitDevs now, and it’s a completely different crowd, too, which is super cool. So you can get all sorts of different types of people coming to your meetup based on what you actually discuss there.

Stephan Livera: Yeah. And I think to the point around Bitcoin privacy as well — to the extent that we can grow the peer-to-peer market for Bitcoin — that may be where you find people who you just want to trade Bitcoin with, if maybe you’re a miner and you want to sell some coins to cover your expenses and somebody else there is a pleb and they just want to stack and they want to buy the coins off you, then that’s just a common example. Or otherwise, what you can try to do is go to your local restaurants and bars and say, Hey we want to run the meetup — can we help set you up to take Bitcoin payment? And then that’s a chance for local Bitcoiners to go and spend some sats and start this whole peer-to-peer aspect as well, which I think is going to be useful. So I think as a community, those of us who are really into Bitcoin — advocates, educators, builders, whatever you are in the Bitcoin world — that that’s something you could look at as well.

Ben Carman [56:12]: Yeah I 1-million percent echo that. Yeah in Austin we’re not we’re not doing the best job of getting every business on Bitcoin, but we got a couple of bars and food trucks which is cool.

Stephan Livera: Hey it’s a start, right? You’ve gotta start with something.

Ben Carman: Yeah, that’s right.

Stephan Livera: And so with The Bitcoin Company, tell us a little bit about that? So you guys are selling vouchers — what else is coming from The Bitcoin Company? Just for SLP listeners who want to know?

Ben Carman [56:37]: Yeah today what we’re doing is letting people live on Bitcoin and basically paying you for it, so we’re similar to a Fold or Bitrefill right now where you can buy gift cards, but we also offer Visa cards and international Visa cards that you just pay with Bitcoin and we’ll give you a little bit of sats back for those. It’s pretty cool right now! 75% of our sales or something are the international Visa cards because we’re getting all these people who are just like, Oh I’m in Brazil and I love these things! They’re living on their Bitcoin! And this is another way where in the beginning we were talking about this KYC-free way to buy Bitcoin, but at The Bitcoin Company we solved the KYC-free way to sell it, where we don’t need to take your ID or a selfie of you — you just sign up with your e-mail and you can buy these Visa cards with your Bitcoin, which is most likely the way you’re going to spend your Bitcoin. So you can essentially sell it KYC-free with us and we actually pay you for it, so it’s cool! And it’s letting users live on their Bitcoin, but the whole mission of us is basically to just be the Bitcoin hub or Bitcoin super-app, so something we’re rolling out soon is phone top-ups as well as other ways you can earn Bitcoin. Like, you could link a credit card, and every swipe get Bitcoin back — eventually adding like an exchange and banking and all that stuff. So yeah, the holistic view is: eventually delete Wells Fargo, use The Bitcoin Company, where you can get your direct deposit, pay off your credit card, and your checking account has a Bitcoin and a dollar balance. If it’s 6 PM on a Saturday and you want to pay off your credit card bill, you don’t have to wait until until Monday for the wire to go in — you can just send it in a Bitcoin payment and it’ll pay off immediately. It’s just like: let’s modernize banking with Bitcoin and just modernize everything with Bitcoin. And if you don’t want to use KYC stuff we have the KYC-free stuff which we offer today, and if you want to go the full view then sign up for that stuff. So we’re trying to just serve as much people as we can.

Stephan Livera: Sure, yeah. Great, so we’ll leave it there then. So listeners: go and follow Ben if you’re not already following him on Twitter. His Twitter is @benthecarman and the website benthecarman.com. Ben, thank you for joining me.

Ben Carman: Yeah! Thank you, Stephan.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store