Builder's Guide
  • Welcome to the Builder's Guide to the LND Galaxy!
  • The Lightning Network
    • Overview
    • Payment Channels
      • Lifecycle of a Payment Channel
      • Watchtowers
      • Understanding Sweeping
      • Etymology
    • The Gossip Network
      • Identifying Good Peers on the Lightning Network
    • Pathfinding
      • Finding routes in the Lightning Network
      • Channel Fees
      • Multipath Payments (MPP)
    • Lightning Network Invoices
      • Understanding Lightning Invoices
    • Making Payments
      • The Payment Cycle
      • Timelocks
      • ⭐Hashed Timelock Contract (HTLC)
      • Payment Etymology
      • ⭐What Makes a Good Routing Node
      • Understanding Submarine Swaps
      • Instant Submarine Swaps
    • Liquidity
      • ⭐Understanding Liquidity
      • Managing Liquidity on the Lightning Network
      • Liquidity Management for Lightning Merchants
      • How to Get Inbound Capacity on the Lightning Network
      • Lightning Service Provider
    • L402: Lightning HTTP 402 Protocol
      • Macaroons
      • L402
      • 📋Protocol Specification
      • Implementations and Links
    • Taproot Assets
      • Taproot Assets Protocol
      • Taproot Assets on Lightning
      • Edge Nodes
      • Taproot Assets Trustless Swap
      • FAQ
      • Glossary
  • Lightning Network Tools
    • LND
      • 🛠️Get Started
      • lnd.conf
      • First Steps With LND
      • Wallet Management
      • Sending Payments
      • Atomic Multi-path Payments (AMP)
      • Receiving Payments
      • Unconfirmed Bitcoin Transactions
      • Channel Fees
      • Inbound Channel Fees
      • Macaroons
      • Configuring Watchtowers
      • Pathfinding
      • Blinded Paths
      • Key Import
      • Secure Your Lightning Network Node
      • Configuration of a Routing Node
      • Quick Tor Setup
      • Configuring Tor
      • Enable ‘Neutrino mode’ in Bitcoin Core
      • Send Messages With Keysend
      • Partially Signed Bitcoin Transactions
      • Bulk onchain actions with PSBTs
      • Sweeper
      • Debugging LND
      • Fuzzing LND
      • LND API documentation
      • Channel Acceptor
      • RPC Middleware Interceptor
      • HTLC Interceptor
      • NAT Traversal
      • Recovery: Planning for Failure
      • Migrating LND
      • Disaster recovery
      • Contribute to LND
    • Lightning Terminal
      • What is Lightning Terminal?
      • 🛠️Get litd
      • Run litd
      • Integrating litd
      • Demo: Litd Speed Run
      • Connect to Terminal
      • Recommended Channels
      • Rankings
      • Health Checks
      • Liquidity Report
      • Opening Lightning Network Channels
      • Managing Channel Liquidity
      • Autofees
      • AutoOpen
      • LND Accounts
      • Loop and Lightning Terminal
      • Loop Fees
      • Pool and Lightning Terminal
      • Command Line Interface
      • Troubleshooting
      • Lightning Node Connect: Under the hood
      • LNC Node Package
      • LITD API Documentation
      • Privacy and Security
      • Privacy Policy
      • Terms of Use
    • Loop
      • 🛠️Get Started
      • The Loop CLI
      • Autoloop
      • Static Loop In Addresses
      • Instant Loop Outs
      • Peer with Loop
      • Loop API Documentation
    • Pool
      • Overview
      • Quickstart
      • 🛠️Installation
      • First Steps
      • Accounts
      • Orders and Asks
      • Sidecar Channels
      • Zero-confirmation Channels
      • Channel Leases
      • Batch Execution
      • Account Recovery
      • Pool API Documentation
      • FAQs
    • Taproot Assets
      • Get Started
      • First Steps
      • Taproot Assets Channels
      • Asset Decimal Display
      • Become an Edge Node
      • RFQ
      • Collectibles
      • Universes
      • Asset Loop
      • Debugging Tapd
      • Multisignature
      • Minting Assets With an External Signer
      • Lightning Polar
      • Operational Safety Guidelines
      • Taproot Assets API Documentation
    • Aperture
      • ⚒️Get Aperture
      • LNC Backend
      • LNC Mailbox
      • Pricing
    • Faraday
      • 🛠️Get Started
      • The Faraday CLI
      • Faraday API Documentation
  • LAPPs
    • Guides
      • Use Polar to Build Your First LAPP
        • Setup: Local Cluster with Polar
        • Setup: Run the Completed App
        • Setup: Run the App Without LND
      • Add Features
        • Feature 1: Connect to LND
        • Feature 2: Display Node Alias and Balance
        • Feature 3: Sign and Verify Posts
        • Feature 4: Modify Upvote Action
      • Make Your own LNC-powered Application
    • Next Steps
  • Community Resources
    • Resource List
    • Lightning Bulb 💡
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Your network
  • Litd
  • The pairing phrase
  • Your browser
  • Terminal Security
  • Other applications
  • Privacy

Was this helpful?

  1. Lightning Network Tools
  2. Lightning Terminal

Privacy and Security

Terminal is operated in a way that Lightning Labs never has access or insight to your node.

PreviousLNC Node PackageNextPrivacy Policy

Last updated 18 days ago

Was this helpful?

Lightning Terminal makes it possible to securely connect your browser to your node with an end-to-end encrypted connection made via a web-based proxy. While Terminal is built with the highest standards of security in mind, it is important to understand the security and privacy implications of using such a service.

Your network

Terminal does not require you to make modifications to your node’s local network. You do not need to open additional ports or make changes to your to operate Terminal.

Litd

The Lightning Terminal Daemon, or litd, is an application that either runs locally on the same machine as your Lightning Network node, or remotely on a separate machine. Access to litd needs to be carefully restricted, for example by making Lightning Terminal inaccessible from the internet, choosing a secure password and running it on a device you control and trust. Anybody with access to your Lightning Terminal Daemon instance could gain access to your Lightning Node.

You are able to revoke an application’s access to your node, such as the web version of Terminal, at any time by navigating to your Lightning Terminal Daemon user interface.

The pairing phrase

The Lightning Terminal Daemon creates a pairing phrase for you to connect to the web version of Terminal (or in the future other applications). This pairing phrase does not need to be stored anywhere, but can be reused for another connection attempt. Only one concurrent connection is possible with each pairing phrase. The pairing phrase is communicated out of band between the machine running litd and your browser. Ideally you will be able to copy/paste it on your personal machine, or enter it manually.

Be careful where you enter the pairing phrase, as you might be targeted by phishing schemes. Be careful with verifying that you are navigating to the correct trusted site, e.g. Do not enter your pairing phrase into applications and sites you do not trust.

Your browser

Use a reputable and robust browser that ideally updates itself regularly. Be careful with extensions that might be able to intercept and alter content on display and transit. Your browser will store sensitive information, encrypted with a password of your choice.

Terminal Security

Be vigilant of phishing attacks directing you to sites attempting to steal your pairing phrase before you have connected yourself. Ideally, bookmark the page in your browser and only navigate to it using the bookmark bar.

Choose a strong and unique password for Terminal, for example one created using your password manager.

Other applications

Lightning Node Connect is open source software, enabling developers to build their own applications that let you connect and manage your Lightning Network node. All software authorized to connect to your node needs to be sufficiently trusted. While it will be possible in the future to restrict the level of access to your node directly in Lightning Terminal, this is not implemented as of yet.

Privacy

All connections between your Lightning node and Terminal are encrypted end-to-end. Lightning Labs can only see encrypted traffic along the route. Your node’s private information, such as private channel and on-chain balances, remains private. Lightning Labs only maintains usage statistics about how many nodes are connected through Lightning Terminal, and when they last connected.

Unless your node and browser are behind a VPN or other relay, the Terminal Proxy is able to see your IP addresses. Even if your Lightning node is running behind the Tor Socks proxy, litd will make an outwards connection in the clear.

Theoretically, the proxy server could be able to infer usage patterns from packets forwarded between your node and your browser, although no such information is stored or analyzed. Lightning Labs maintains usage statistics about how many nodes are connected through Lightning Terminal, and when they last connected.

When enabling Autofees, channel ids, channel points and node pubkeys are obfuscated by litd through a system called the "Privacy Mapper." You can .

Lightning Terminal makes use of the for timestamp and fee information for your node’s on-chain transactions. All calls are made from your browser and are not directly associated with your node. Similarly to navigating to mempool.space directly in your browser, this reveals your IP address.

Tor configuration
Read: Secure your Lightning Network node.
https://terminal.lightning.engineering/
mempool.space API services
read more about the Privacy Mapper here