Amboss Privacy Policy Raises Concerns About Sharing User Information with Third-Parties

Stacker.news user @0295c86965 started a discussion concerning privacy policy of Amboss Technologies:

• "It would appear that Amboss Technologies is collecting personal information about the Lightning Network and its users and selling it to third parties as chain analytics software (or for the purposes of "Risk Management" in their own words). This is according to their very own Privacy Policy."
• "The amount of information they have collected and want to collect should alarm all users of Lightning, even those that have not given Amboss or Thunderhub (the wallet they collect data through) access to their node information."
• "They have claimed 30% of the Lightning Network has registered for their services, which is dangerous considering their power to deanonymize the network," the user stated.

The pseudonym then proceeded to list the most concerning points from the Amboss Privacy Policy. Few takeaways include:

• "For example, we may collect information from advertising networks, and data analytics providers. This information may include your name, email address, and phone number."
• "We will also use vendors that provide background information about social media profiles we collect and information about the source of funds from the transaction IDs referenced above."
• "We may also work with identity verification vendors to conduct "know your customer" or "know your business" checks."
• "We collect information about node(s) on the Lightning Network, including the alias, color, features, public key, balance information, and size of the backup."

"There's a certain point where privacy policies are generic enough that say something along the lines of "The information you have provided us may be used to provide services to you in return" and may even feature some language such as third-party software providers that might have access to that information as well. However, all the language here is very much catered towards what they are trying to do, which is to over-collect as much as they can to sell your financial data and identity," the user concluded.

Amboss Technologies have since then responded to the claims above:

• "Our main objective is to contribute to the longevity of the Bitcoin Lightning Network's development as the main financial payments system of the future. For enterprises and holders of large amounts of bitcoin to adopt LN, assurances about payment reliability and risk mitigation need to be in-place. This is what we are providing at Amboss."

"For the purposes of improving LN performance, we crowd-source information from LN operators and users. For data that is not publicly available, this information must be requested; in other words, the data owner opts-in to provide it."

• "To help lightning network mature, we operate a data analytics company that helps users make thoughtful decisions about whom to connect to. We have taken many steps to ensure that we are being thoughtful about the development of the lightning and our design decisions to help the lightning network's long-term growth. This, in many ways, is achieved by opt-in, transparent data collection to create ways for users to manage risks as well as improve payment performance. All feedback is welcomed; this helps us make better design decisions."
• "I'm happy to hear that privacy is a priority for you and I hope that our policy can help guide development of better privacy tools for users and more ways for users to consciously decide what information they would like to share. This is the essence of privacy: the right to choose which information to disclose," @ambosstech explained.

No Bullshit Bitcoin has previously covered the launch of controversial data sharing feature by Amboss, which has been perceived as a threat to Lightning privacy by numerous security experts.

Stacker.news Discussion
Archive