pull down to refresh

Last I looked at Crypto API, there wasn't anything in there we could obviously use or add significant protections for on the XSS side. We do have client side encryption of the sensitive data stored so that needs to be decrypted first before private keys are loaded. Until something like VLS is ready and feasible for some people to run themselves, we are treating the LN side of things in the browser (and in the beginning on chain side too) like a hot spending wallet. There more things that can come on the mobile side or hww side later in the future, and for more advanced VLS stuff but some of that could be year+ down the line.