100 sats \ 11 replies \ @beorange 24 Jul \ parent \ on: Welcome Alby Hub ✨Lightning Sovereignty For Everyone lightning
Forgive my ignorance, but can a lightning node work properly without access to the keys (I mean while the user is logged out, which would mainly be used to receive LN transactions)?
I know this kind of scheme works well for on-chain stuff, but I was under the impression that LN nodes have a more active role/job (such as monitoring channels and acting when the other end is acting maliciously).
Keys are in the cloud with wallet running 24/7. Access to the wallet is restricted by password
reply
Keys are in the cloud...running 24/7
That doesn't seem compatible with this:
The keys are encrypted by users password...Alby cannot....access funds in any way
If the keys are "active" 24/7, signing transactions and processing NWC requests, then they must be in plaintext, at the very least stored in the virtual machine's RAM, because an encrypted key can't sign anything, a key can only sign stuff once it's decrypted. And if the keys are stored unencrypted in RAM on your server so that the node can sign transactions then what's stopping you from reading that RAM?
reply
All data is encrypted and only decrypted to start the node in memory; nothing is on disk. But yes, this is similar to any hosting provider. If one has access to the machine and can read the RAM one could find keys. This gets a bit in the direction that if you don't build the software stack yourself and ideally build the hardware yourself nothing can be trusted. You might not use a hosting setup for your bitcoin stash - that's probably on a hardware wallet from a trustworthy vendor, potentially in a multisig. But it's a solution for your accessible lightning wallet to do all the exciting lightning things.
Generally I guess the hosting is a bit comparable to voltage. Phoenixd also goes in the direction of an always-on, server node (afaik they don't encrypt the seed on disk).
We put a lot of work in to make it possible to run the Alby Hub everywhere that users can choose what works for them: this can be a Raspberry Pi Zero (some $20 hardware!), your desktop computer, your own server (e.g. we have docker and one-click deploys for hosters, too), etc.
reply
I think that's all wonderful and different solutions will work best for different folks. I am glad you are offering this service and I hope you make a lot of money from it and get a lot of users. But don't advertise it like voltage did early on: they frequently said their cloud-hosted option was self-custodial, but since they had an unencrypted copy of each user's private keys in their server's ram, these advertisements were lies. Similarly, I recommend not advertising the cloud-hosted option as self-custodial as long as you guys have an unencrypted copy of each user's private keys in your server's ram.
reply
I agree. this word has a bit of different meanings for different people. Ultimately it is a bit of a range and imo also it's about the context of usage and goal.
I think so far the focus is on the Hub here I guess. The cloud hosting is an offer we provide. And the talk about unencrypted memory is a bit tricky imo and also quite different to persisted storage. but yes, it's a cloud setup where hosters put servers somewhere and run it for you.
I really appreciate this feedback we have to try to be very clear here and explain things well to users. thanks!
The upgrade page says this about the monthly subscription fee:
Amount will be deducted from your wallet balance once a month
How does that work?