{
  "version": "v1",
  "slug": "lightning-anonymously",
  "title": "How to use Bitcoin Lightning anonymously",
  "description": "Lightning is fast and cheap but defaults route through KYC custodians. The no-KYC stack: non-custodial wallet, LSP choice, channel hygiene, and the XMR↔LN bridges that keep onchain identity off your route.",
  "intro": "Lightning fixed Bitcoin's UX. It did not fix the privacy story by default — most users today are on Wallet of Satoshi or Strike, both of which KYC. The non-custodial path is a real privacy upgrade, but it requires a couple of decisions most onboarding flows don't surface. This is the playbook.",
  "body_plain": "The default is worse than people think Custodial wallets (Wallet of Satoshi, Strike, Cash App) — your sats sit on their books. They see every payment, can freeze the account, and most KYC at signup or before first withdrawal. Convenient, not private. Non-custodial mobile (Phoenix, Breez, Mutiny, Zeus) — you hold the keys; the LSP routes for you. Some metadata leaks to the LSP, but you can swap LSPs or run your own. Self-hosted node (LND / Core Lightning) — full sovereignty. Highest privacy ceiling, real ongoing operational cost. Mobile wallets that actually preserve privacy Phoenix: the gold standard for non-custodial mobile LN. Splicing means you don't open/close channels manually. ACINQ acts as LSP — they see your channel partner, not your full payment graph. Open-source. Mutiny: browser-first, non-custodial, Nostr-integrated. Pluggable LSP. Open-source. Zeus: mobile front-end for a remote LND/CLN node you control. Best privacy + flexibility, requires running the backend. Breez: non-custodial with native lightning + Liquid + boltz swaps built in. Open-source. LSP choice matters Your Lightning Service Provider sees every channel-open with you. Some LSPs additionally sniff payment patterns. Defenses: Rotate LSPs. Don't open every channel against the same operator. Splice rather than open new channels. Reuses existing UTXOs and avoids new onchain fingerprints. Phoenix does this by default. Wallet-of-Satoshi → non-custodial migration: move sats to a non-custodial wallet via a swap-out, not a direct withdrawal — direct withdrawals leave a clear LN audit trail. Onboarding without KYC Getting sats into a non-custodial Lightning wallet without going through a KYC'd exchange: XMR → LN swap. Use a no-KYC swap engine ( SideShift , kyc.rip ) to send XMR and receive Lightning to your invoice. Cleanest non-onchain-fingerprint path. If your input is USDT/USDC or onchain BTC and you want a single-flow XMR-detour into LN, kyc.rip / ghost handles both legs in one submission. P2P at a meetup. Trade cash for sats with a real person; have them pay your LN invoice. RoboSats supports this for arbitrary counterparties. RoboSats / Bisq Lightning. P2P fiat→LN. Some account-friction; counterparties are pseudonymous. Earned sats. Get paid in LN for work / content. Avoids the onboarding problem entirely. Receiving sats without exposing yourself LN invoices are one-shot. Generate a fresh invoice per payment; never reuse. Lightning Address (user@domain) is a fixed identifier. Convenient for tips, but reveals a relationship to the domain operator. Use a privacy-respecting host (e.g. zeusln.app, your own). LNURL-Pay behaves like a Lightning Address — same caveat. Run your own LNURL endpoint for full privacy. Bolt12 offers — newer protocol, supports onion-routed responses. Better privacy than LNURL once your wallet supports it. Sending sats — what leaks Sender: your routing nodes see (route prefix, amount, payment hash). Sphinx routing hides the destination from intermediate hops. Receiver: their routing nodes see the same backwards. They learn the amount and hash but not the sender. Probing attacks: well-funded analysts probe channels to deanonymize routes. Larger channels + more hops = better privacy. JIT (just-in-time) channel opens reveal you to the LSP at open time. Splice over open whenever possible. When Lightning is wrong Lightning is excellent for small, frequent payments. It's a poor savings vehicle (channel risk, online keys). Treat it as a checking account, native Monero or onchain BTC as savings. Bridge between them via the XMR↔LN swap engines listed below. Stack picks",
  "body_html": "\n      <section>\n        <h2 class=\"section-h\">The default is worse than people think</h2>\n        <ul class=\"bullet-list\">\n          <li><strong>Custodial wallets</strong> (Wallet of Satoshi, Strike, Cash App) — your sats sit on their books. They see every payment, can freeze the account, and most KYC at signup or before first withdrawal. Convenient, not private.</li>\n          <li><strong>Non-custodial mobile</strong> (Phoenix, Breez, Mutiny, Zeus) — you hold the keys; the LSP routes for you. Some metadata leaks to the LSP, but you can swap LSPs or run your own.</li>\n          <li><strong>Self-hosted node</strong> (LND / Core Lightning) — full sovereignty. Highest privacy ceiling, real ongoing operational cost.</li>\n        </ul>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Mobile wallets that actually preserve privacy</h2>\n        <ul class=\"bullet-list\">\n          <li><strong>Phoenix:</strong> the gold standard for non-custodial mobile LN. Splicing means you don't open/close channels manually. ACINQ acts as LSP — they see your channel partner, not your full payment graph. Open-source.</li>\n          <li><strong>Mutiny:</strong> browser-first, non-custodial, Nostr-integrated. Pluggable LSP. Open-source.</li>\n          <li><strong>Zeus:</strong> mobile front-end for a remote LND/CLN node you control. Best privacy + flexibility, requires running the backend.</li>\n          <li><strong>Breez:</strong> non-custodial with native lightning + Liquid + boltz swaps built in. Open-source.</li>\n        </ul>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">LSP choice matters</h2>\n        <p>Your Lightning Service Provider sees every channel-open with you. Some LSPs additionally sniff payment patterns. Defenses:</p>\n        <ul class=\"bullet-list\">\n          <li><strong>Rotate LSPs.</strong> Don't open every channel against the same operator.</li>\n          <li><strong>Splice rather than open new channels.</strong> Reuses existing UTXOs and avoids new onchain fingerprints. Phoenix does this by default.</li>\n          <li><strong>Wallet-of-Satoshi → non-custodial migration:</strong> move sats to a non-custodial wallet via a swap-out, not a direct withdrawal — direct withdrawals leave a clear LN audit trail.</li>\n        </ul>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Onboarding without KYC</h2>\n        <p>Getting sats into a non-custodial Lightning wallet without going through a KYC'd exchange:</p>\n        <ol class=\"bullet-list\">\n          <li><strong>XMR → LN swap.</strong> Use a no-KYC swap engine (<a href=\"/exchanges/sideshift\">SideShift</a>, <a href=\"/exchanges/kyc-rip-aggregator\">kyc.rip</a>) to send XMR and receive Lightning to your invoice. Cleanest non-onchain-fingerprint path. If your input is USDT/USDC or onchain BTC and you want a single-flow XMR-detour into LN, <a href=\"/exchanges/kyc-rip-ghost\">kyc.rip / ghost</a> handles both legs in one submission.</li>\n          <li><strong>P2P at a meetup.</strong> Trade cash for sats with a real person; have them pay your LN invoice. RoboSats supports this for arbitrary counterparties.</li>\n          <li><strong>RoboSats / Bisq Lightning.</strong> P2P fiat→LN. Some account-friction; counterparties are pseudonymous.</li>\n          <li><strong>Earned sats.</strong> Get paid in LN for work / content. Avoids the onboarding problem entirely.</li>\n        </ol>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Receiving sats without exposing yourself</h2>\n        <ul class=\"bullet-list\">\n          <li><strong>LN invoices are one-shot.</strong> Generate a fresh invoice per payment; never reuse.</li>\n          <li><strong>Lightning Address (user@domain) is a fixed identifier.</strong> Convenient for tips, but reveals a relationship to the domain operator. Use a privacy-respecting host (e.g. zeusln.app, your own).</li>\n          <li><strong>LNURL-Pay</strong> behaves like a Lightning Address — same caveat. Run your own LNURL endpoint for full privacy.</li>\n          <li><strong>Bolt12 offers</strong> — newer protocol, supports onion-routed responses. Better privacy than LNURL once your wallet supports it.</li>\n        </ul>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Sending sats — what leaks</h2>\n        <ol class=\"bullet-list\">\n          <li><strong>Sender:</strong> your routing nodes see (route prefix, amount, payment hash). Sphinx routing hides the destination from intermediate hops.</li>\n          <li><strong>Receiver:</strong> their routing nodes see the same backwards. They learn the amount and hash but not the sender.</li>\n          <li><strong>Probing attacks:</strong> well-funded analysts probe channels to deanonymize routes. Larger channels + more hops = better privacy.</li>\n          <li><strong>JIT (just-in-time) channel opens</strong> reveal you to the LSP at open time. Splice over open whenever possible.</li>\n        </ol>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">When Lightning is wrong</h2>\n        <p>Lightning is excellent for small, frequent payments. It's a poor savings vehicle (channel risk, online keys). Treat it as a checking account, native Monero or onchain BTC as savings. Bridge between them via the XMR↔LN swap engines listed below.</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Stack picks</h2>\n      </section>\n    ",
  "picks": [
    {
      "category": "exchanges",
      "id": "sideshift",
      "name": "SideShift",
      "url": "https://xmr.club/exchanges/sideshift",
      "markdown_twin": "https://xmr.club/llm/exchanges/sideshift.txt",
      "why": "No-KYC XMR ↔ LN. Best on-ramp to non-custodial Lightning from native Monero."
    },
    {
      "category": "exchanges",
      "id": "kyc-rip-aggregator",
      "name": "kyc.rip aggregator",
      "url": "https://xmr.club/exchanges/kyc-rip-aggregator",
      "markdown_twin": "https://xmr.club/llm/exchanges/kyc-rip-aggregator.txt",
      "why": "Best-quote routing across no-KYC engines including XMR ↔ LN pairs."
    },
    {
      "category": "exchanges",
      "id": "robosats",
      "name": "RoboSats",
      "url": "https://xmr.club/exchanges/robosats",
      "markdown_twin": "https://xmr.club/llm/exchanges/robosats.txt",
      "why": "P2P fiat ↔ LN, pseudonymous, Tor-friendly. The cash-to-Lightning path."
    },
    {
      "category": "exchanges",
      "id": "bisq-easy",
      "name": "Bisq Easy",
      "url": "https://xmr.club/exchanges/bisq-easy",
      "markdown_twin": "https://xmr.club/llm/exchanges/bisq-easy.txt",
      "why": "P2P fiat ↔ BTC/LN with reputation. No central operator."
    }
  ],
  "url": "https://xmr.club/guides/lightning-anonymously",
  "markdown_twin": "https://xmr.club/llm/guides/lightning-anonymously.txt"
}