Announced at the end of January, Bitfury’s production-ready suite of Lightning Network products and services, Peach, appears to offer everything a developer, user or merchant could want from a Lightning implementation. It comes with built-in, e-commerce plug-ins, has a hardware component for point-of-sale, a toolkit for developers and its own Lightning node to ground the whole outfit.
The suite, with its many uses, has a wide reach … a bit too wide, one crypto analysis group thinks.
Block Digest, “a bi-weekly podcast covering the latest technical and market news related to Bitcoin,” argues that Bitfury’s Peach infringes on its users’ privacy to a disturbing degree. To them, the Peach Lightning node is a panopticon from which no data escapes, and each Peach application is the cell through which Bitfury can see personal and financial information about its users.
Do I Dare Trust a Peach?
“Stay the !#@& away from it,” Rick, one of the Block Digest ensemble, cautions during the group’s breakdown of the technology.
An offshoot of the World Crypto Network podcast, the Block Digest cypherpunks treat the subject with earnest disgust, arguing that Bitfury is being disingenuous and even purposefully misleading about how it manages user data.
Nevertheless, Block Digest says that the new versions, even with the alterations ,still fall shy of reassuring users that their data is safe from view — or of even fully explaining how it is used.
“They don’t just say they don’t collect it; they say they don’t have access to it,” shinobi, one of Block Digest’s crew, told Bitcoin Magazine.
“There are two things in the code for ability to collect data. The first one is event logs that go through Google analytics, and that’s for navigation in the application.” This first function, he told us, was nothing noteworthy: It just logs events and doesn’t collect information.
The second part, however, does collect information. “For these streaming payments and the payments that use a lightning id without an invoice, all of those are being coordinated through [the] Bitfury server. They can see everything: who’s paying, who’s paying whom, how much they’re paying.”
Bitfury’s Lightning Peach suite allows users to transact with anyone using Lightning through payment invoices, where a recipient requests payment from a sender. Or, they can send payments through the Lightning Peach node, a Bitfury-centralized process, with a lightning id or streaming payment, both of which can only be executed between two Peach users.
At the very least, Block Digest acknowledged that Bitfury won’t collect data from a “regular lightning invoice payment." So if you receive an invoice from a non-Peach user, even if you’re using Peach’s wallet, that payment isn’t routed through the Peach node and is out of their purview.
But anyone using Peach’s streaming payments and Lightning ids will forfeit transaction information, including IP and wallet ID, to Bitfury so that Peach’s Lightning node can facilitate the payment for the user. Given that Bitfury is providing a centralized service, this isn’t out of the ordinary, and Bitfury updated its policy to say this information “is not stored.”
Questions and Contradictions
This could be justified as crash report data collection — aggregated network data to diagnose the reason for a crash or bug. Shinobi had a friend run an audit, and he allegedly found no evidence of collecting data for this purpose in the code.
Block Digest argues that this retracted list embodies the looming contradiction that Bitfury’s terms simultaneously say they won’t collect, store or see data and that they may share, consult or leverage this data under certain circumstances.
The most apparent contradiction, Block Digest argues, comes from Bitfury’s claim in the updated version that data collection is optional, something Bitfury reiterated to Bitcoin Magazine when we inquired about the privacy allegations.
Pavel Prikhodko, head of Lightning Peach, told Bitcoin Magazine, “That data is only collected if users proactively confirm they would like to provide anonymized information via Google Analytics. It enables us to better understand how users interact with our website and software. That data cannot be traced back to an individual user and is a standard optional setting present in the vast majority of modern consumer software products.”
Block Digest is unconvinced, mainly because the same terms simultaneously tell users that they don’t have to provide information unless they acquiesce while it also says that, upon generating a wallet, users will “be required to provide contact information that may include a phone number, email address, username and other information as appropriate.”
Bitfury also claims that it “does not collect, nor have access to … information on the transactions you perform through the use of the Software,” something that, Block Digest says, doesn’t align with their claims that user data can then be shared or sold to subsidiaries or people buying aspects of Bitfury’s business.
“In the policy that was active before January 30th, they say that they would be willing to share or pass over this data to entities who were looking to buy any aspect of Bitfury’s business,” Janine said.
Janine makes the point that, “legally, saying you intend not to do something is not the same as saying you will not do something.”
The outfit worries that, at worst, Bitfury could sell information to stakeholders in Bitfury’s companies, or at best, share information between its subsidiaries, including its blockchain analytics platform Crystal, one of Bitfury’s compliance-focused side projects.
Bitfury denied that they intend to share data with Crystal:
“… none of the data processed is shared with Bitfury’s public blockchain analytics division, Crystal. The Crystal platform provides a more user-friendly interface for analyzing public blockchain data.”
“When you use the Software, and provide the required data, you can contact us (please see paragraph 11 below) to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to receiving a file of your personal data and (6) or the right to object to the processing, and where we have asked for your consent, to withdraw this consent. These rights may be limited in some situations. We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations.”
The Consequence of Big Business
Block Digest has other secondary concerns, such as that Bitfury doesn’t want anyone under 18 using their software, but the bulk of their qualms come from the company’s seemingly contradictory and tenuous stance that it doesn’t collect your data — but could if it wanted to. Most of all, the group disapproves of how this data could be used (for legal and enforcement reasons) and that Bitfury is simultaneously telling people they do and don’t store data.
“Your personal data will be stored no longer than is necessary for the purpose they were obtained for, our compliance with legal and fiscal obligations, or for solving any disputes but not longer than 6 (six) years.”
“We collect, use and store your personal data to provide services to you, to comply with the legal obligations we are subject to, if necessary, for our legitimate interests or on the basis of your consent.”
These two separate clauses contradict the earlier statement that Bitfury doesn’t store data, Block Digest points out.
This is getting at the crux of it. As Janine said in our talk, no other Lightning service providers “have data collection policies or terms of service like this,” claiming that “they’re not big enough organizations to provide one.”
Bitfury is big enough, and the corporation, like many monolithic crypto companies, plays regulations close to the chest and stays hyper compliant to stay out of trouble in an already internationally stigmatized industry.
“As far as the terms, Janine’s right,” shinobi said about data collection in our talk, “but architecturally … other [softwares and services] are capable of gathering detailed information on your activity, but again, like Janine said, none of them have terms like that. I also don’t really see the kind of history in the space and the move towards more surveillance and regulatory compliance that Bitfury is making with Peach.”
Bitfury told us that it uses “the minimum amount required for the products to work,” for example, IP address and Lightning ID for streaming payments and Lightning ID payments. Anything else is either optional or only stored for as long as it needs to be for the software to function properly, something that Block Digest says is contradicted in the legal literature.
So who’s right and should you trust Peach? Really, it depends on who you are and what your desired level of privacy is.
The Implications of Peach:
- The legal language gives them the right to access the data if they want to for the purpose of selling aspects of their business, sharing data between subsidiaries or legal compliance.
- Bitfury says that they only have access to limited data (IP and Peach ID) for a short time while they route transactions through the Peach node and claims to not store data thereafter (you can transact without data collection implications by using Lightning invoices).
- The truth is, Bitfury has (and admits to having) access to some data if they need it for legal or business reasons. Which data they have access to and to which extent they would use it is not very clear.
- That said, most of this data is benign in nature (basic transaction details, for example), but some of it (IP address, phone number, etc.) is not.
If you’re not too concerned with privacy, whatever data collection might happen will likely go unnoticed. It’s not unlike the information that, say, Coinbase already has in terms of transaction details and the personal data Facebook and Google have (and are selling, by the way).
If you are privacy conscious, however, the structure (and contradictory explanations of) Peach’s data collection structure will likely be off-putting, enabling the panopticon for data that the modern internet has become.
All things considered, though, you can transact without your data being apprehended through Lightning invoices, and the amount of data that Bitfury could have on you is pretty negligible. It’s ultimately down to over your tolerance/comfort levels for how the business operates and shines a light on these operations.