pull down to refresh
The counter-argument goes: voltage has access to the host machines the nodes are running on and could theoretically read the keys from the machine’s memory.
I think it was @fiatjaf who schooled me on this.
There are different shades of custodial.
Yep, I don't see much difference in Voltage vs other hosting and thus I actually never understood the value of Voltage. It seems like when custodial, then its much easier to use something like Wallet of Satoshi.
Am I wrong? (I would love to be wrong on this)
For a consumer yes, but you can't run your business on Wallet of Satoshi once you reach a certain scale.
I'm not well-versed on low-level computing but this reminds me of the heartbleed bug from a few years back, so I get how it's feasible. How practically possible though? I mean, the danger here goes well beyond lightning nodes if every cloud provider could access the memory of every server it hosts. Not saying it isn't possible, but a much bigger trust issue if true
I don't believe this is true. I think the keys are encrypted on the client side by the user, Voltage only stores the encrypted keys and does not have access to the keys themselves afaik