All data is encrypted and only decrypted to start the node in memory; nothing is on disk. But yes, this is similar to any hosting provider. If one has access to the machine and can read the RAM one could find keys. This gets a bit in the direction that if you don't build the software stack yourself and ideally build the hardware yourself nothing can be trusted. You might not use a hosting setup for your bitcoin stash - that's probably on a hardware wallet from a trustworthy vendor, potentially in a multisig. But it's a solution for your accessible lightning wallet to do all the exciting lightning things. Generally I guess the hosting is a bit comparable to voltage. Phoenixd also goes in the direction of an always-on, server node (afaik they don't encrypt the seed on disk).
We put a lot of work in to make it possible to run the Alby Hub everywhere that users can choose what works for them: this can be a Raspberry Pi Zero (some $20 hardware!), your desktop computer, your own server (e.g. we have docker and one-click deploys for hosters, too), etc.
I think that's all wonderful and different solutions will work best for different folks. I am glad you are offering this service and I hope you make a lot of money from it and get a lot of users. But don't advertise it like voltage did early on: they frequently said their cloud-hosted option was self-custodial, but since they had an unencrypted copy of each user's private keys in their server's ram, these advertisements were lies. Similarly, I recommend not advertising the cloud-hosted option as self-custodial as long as you guys have an unencrypted copy of each user's private keys in your server's ram.
reply
141 sats \ 1 reply \ @bumi 24 Jul
I agree. this word has a bit of different meanings for different people. Ultimately it is a bit of a range and imo also it's about the context of usage and goal. I think so far the focus is on the Hub here I guess. The cloud hosting is an offer we provide. And the talk about unencrypted memory is a bit tricky imo and also quite different to persisted storage. but yes, it's a cloud setup where hosters put servers somewhere and run it for you.
I really appreciate this feedback we have to try to be very clear here and explain things well to users. thanks!
reply
142 sats \ 0 replies \ @bumi 24 Jul
btw. what I want to generally spend more time on is the talk about supply-chain attacks of wallets. It's potentially easier to compromise some dependency or a build than accessing some RAM on servers directly.
reply