Is Alby a legitimate extension for lightning network usage?

wavessurfing

member

Activity: 402

Merit: 45

Quote from: DaveF on August 15, 2023, 08:11:59 AM

Quote from: nullama on August 15, 2023, 01:25:19 AM

Quote from: wavessurfing on August 14, 2023, 10:44:25 AM

~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet.

If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway).

If you have more than a small amount, then transfer that to cold storage.

To put it even more simply there is always a danger of having ANY funds that are accessible by ANY device that is online.
Phone / desktop / whatever.
Yes, your installation of core might be safe. But is the PC that has this extension installed gets infected and someone gains access to that machine. Then they can do whatever they want on your network.

-Dave

i see...thank you so much Dave.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: nullama on August 15, 2023, 01:25:19 AM

Quote from: wavessurfing on August 14, 2023, 10:44:25 AM

~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet.

If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway).

If you have more than a small amount, then transfer that to cold storage.

To put it even more simply there is always a danger of having ANY funds that are accessible by ANY device that is online.
Phone / desktop / whatever.
Yes, your installation of core might be safe. But is the PC that has this extension installed gets infected and someone gains access to that machine. Then they can do whatever they want on your network.

-Dave

nullama

hero member

Activity: 1008

Merit: 960

Quote from: wavessurfing on August 14, 2023, 10:44:25 AM

~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet.

If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway).

If you have more than a small amount, then transfer that to cold storage.

wavessurfing

member

Activity: 402

Merit: 45

Quote from: nullama on March 04, 2023, 11:36:05 PM

Alby is awesome, and the extension is open source: https://github.com/getAlby/lightning-browser-extension

You can read the code, and build it yourself if you don't trust them.

is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

nullama

hero member

Activity: 1008

Merit: 960

Alby is awesome, and the extension is open source: https://github.com/getAlby/lightning-browser-extension

You can read the code, and build it yourself if you don't trust them.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: HandcraftedBreads on March 04, 2023, 02:23:50 PM

Quote from: DaveF on March 04, 2023, 12:58:10 PM

Use a hardware wallet for your main BTC software. Be it core or electrum or whatever.

So bitcoin core is considered a hardware wallet? I think I misinterpreted it.

No I mean you get a separate hardware wallet and connect it to core.

Handy video for Cold Card: https://www.youtube.com/watch?v=xc_TxlByxeY

There are a bunch of options out there for hardware wallets that was just the only video I had a link saved for.

Figure out which HW wallet works for you.

Different features appeal to different people. You can dive into the hardware wallet section: https://bitcointalk.org/index.php?board=261.0 to get more info & discuss options.

-Dave

HandcraftedBreads

jr. member

Activity: 46

Merit: 11

Quote from: DaveF on March 04, 2023, 12:58:10 PM

Use a hardware wallet for your main BTC software. Be it core or electrum or whatever.

So bitcoin core is considered a hardware wallet? I think I misinterpreted it.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Use a hardware wallet for your main BTC software. Be it core or electrum or whatever. This way even if your machine is compromised it's not a big deal they can't get your coins. *You can still make a mistake and get something like clipboard malware on your PC which can cause you to send funds to the wrong place but they just can't steal them.

For lightning payments, just keep in mind they are going to be insecure, but you should not be keeping a lot of funds in one anyway.

-Dave

HandcraftedBreads

jr. member

Activity: 46

Merit: 11

Quote from: NotATether on March 01, 2023, 07:42:20 PM

No, unless you utilize PSBTs, which Core supports well.

Thanks, so I don't see how one can use Bitcoin Core without asking for trouble. I suppose the best case would be to use a separate machine (online) with only bitcoin core.

What do you think is the best solution for one-machine-only Joe?

mendace

hero member

Activity: 490

Merit: 620

Pizza Maker 2023 | Bitcoinbeer.events

Yes Alby is legit but my advice since this is LN is not to hold large funds but only a small amount. Anyway there are many other LN wallet solutions for example you could try Lightinginingbot on Telegram.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: HandcraftedBreads on March 01, 2023, 10:50:33 AM

Is anyone aware of the risks of this extension, or has pursued studies on its reliability and excluded the possibility of scams?

I never used Alby myself so I can't vouch for anything, but I know people who use it for many months without any issues.
Alby is open source so any developer can inspect code and see if there are any potential flaws or bugs, but I am excluding possibility of scam.
They are very active on social media so you can contact them with your concerns, they can provide you better explanations for your questions.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: HandcraftedBreads on March 01, 2023, 01:26:05 PM

Quote from: DaveF on March 01, 2023, 11:40:06 AM

Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.

I'm the kind of guy which has 1 machine only but still wants to have a full node (pruned) running and using bitcoin core as a hot wallet. Does this mean "I'm asking for trouble"? To what extent?

Generally, you should never need a browser extension to talk to your Bitcoin node, through RPC or anything. Why don't you simply run a client such as c-lightning or LND alongside your node?

Quote from: HandcraftedBreads on March 01, 2023, 01:26:05 PM

Also, can bitcoin core run and work as a hot wallet in a machine that is not connected to the internet?

No, unless you utilize PSBTs, which Core supports well.

HandcraftedBreads

jr. member

Activity: 46

Merit: 11

Quote from: DaveF on March 01, 2023, 11:40:06 AM

Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.

I'm the kind of guy which has 1 machine only but still wants to have a full node (pruned) running and using bitcoin core as a hot wallet. Does this mean "I'm asking for trouble"? To what extent?

Also, can bitcoin core run and work as a hot wallet in a machine that is not connected to the internet?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Yes it's legit.
Yes it's still a work in progress.
Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.

For 'spending cash' to keep it handy it's fine. To keep any amount of funds in a hot wallet is not a good idea, especially one on a machine that you are using for other things online.

-Dave

HandcraftedBreads

jr. member

Activity: 46

Merit: 11

I'm looking for a safe way to use Nostr and have the possibility to send and receive tips in sats.

Apparently, Alby looks like the most popular solution. I'm currently in a limbo, because I want to download it but I don't trust it enough. The extension asks me permissions to communicate with other apps outside of the browser, which certainly seems not something a guy with Bitcoin Core on the same machine should do. Moreover, it seems that Alby developers have not been verified yet.

Is anyone aware of the risks of this extension, or has pursued studies on its reliability and excluded the possibility of scams?

Topic: Is Alby a legitimate extension for lightning network usage? (Read 191 times)