Why do I have such an instinctual distrust for browser extension wallets? I'm proposing this question to get the communities feedback because I have done zero reading on them that i can recall, am i correct in assuming this? I'm going to do some reading later on it, already have some great sources, so im not looking for recommendations from peoples substacks. I just want to know if my instinct is founded in anything solid
Lol look we all had our meta mask experience its okay, I find browser wallets pretty cool, I am a big fan of alby since you can use it as just an interface with your node, makes life a lot easier and you can still have a custodial account and switch between the two
reply
Because browser extensions are inherently dangerous. They can monitor your browser activity
reply
I think of browser extension wallets as the digital equivalent of old-world coin wallets. Keep a couple of dollars (~10k sats) in spare change to buy gum and feed parking meters. High convenience, extremely low risk.
reply
Because they're the hottest of the hot wallets?
Just keep tiny amounts in them to pay for things like zaps and paywalls. Any more should be in a far more secure wallet like Phoenix, and any real money (thousands of dollars worth) should be savings in your hardware wallet.
That's just good security that they should be teaching every schoolkid. One day it will be more obvious to everyone but we're not there yet.
reply
I don't think your concerns are misguided. Browser extensions in general can be a security risk. Even if you carefully check permissions, extensions are often updated automatically.
reply
Because the browser attack surface is insanely huge
reply
javascript is the fiat of the programming languages world
reply
Agree with the sentiment. And healthy scepticism. Your username is very fitting though 😀
reply
Don’t worry I am also a recovering shitcoiner
reply
Unless they are backed up by a hardware wallet, they are a hot wallet.
reply
Browser extensions can be sketchy at times. So your distrust isn't unfounded. Not to mention extensions must be lightweight. Self custodial wallets can be a little heavy so a lot of extensions opt to be an interface for a custodial wallet instead. Extensions are inherently connected to the internet any time you use them, which is a potential danger.
reply
I dunno about you but my browser can hardly remember what happened last time I opened it let alone take care of my money. The web browser is the most monstrously complex application in the universe. It is only exceeded by the complexity of an NPM build.
If the signing device is separate from the browser, or better, separate from the PC, then browser security flaws are not as devastating.
Dedicated apps are always better. A lot of them are actually just dedicated web browsers too.
reply
Years of conditioning.
reply
i don't see a browser wallet as automatically any more sketchy than a mobile app wallet. I also see very little need for such a thing, if you're on an actual computer just use a full on wallet application.
reply
I'd be careful with browser extensions in general, particularly in Chrome. They are auto-updated and there has historically been barely any review to ensure nothing shaky is going on. Plus, since I have a semi-popular extension, I'm getting regularly contacted by people who want to buy it or talk about inserting ads, and I've heard various stories about extensions being bought only then to be sneakily "monetized".
reply
Web browsers have a much larger attack surface than dedicated applications so the concern is rational.
Always keep large amounts of BTC in cold storage. Don't put coin in a hot wallet you are not willing to risk losing.
reply
Something like the Alby browser extension is good in this case. Enables tipping and paying with Lightning from the browser without exposing your stack.
reply
The issue also, you have to trust the extension and the security of your browser.
Browser exploits are low hanging fruit and Honesty a big security target due to there mass use.