HandcraftedBreads (OP)
Jr. Member
 Offline
Activity: 46
Merit: 11
|
 |
March 01, 2023, 03:50:33 PM |
|
I'm looking for a safe way to use Nostr and have the possibility to send and receive tips in sats.
Apparently, Alby looks like the most popular solution. I'm currently in a limbo, because I want to download it but I don't trust it enough. The extension asks me permissions to communicate with other apps outside of the browser, which certainly seems not something a guy with Bitcoin Core on the same machine should do. Moreover, it seems that Alby developers have not been verified yet.
Is anyone aware of the risks of this extension, or has pursued studies on its reliability and excluded the possibility of scams?
|
|
|
|
|
DaveF
Legendary
Offline
Activity: 3976
Merit: 6901
|
|
March 01, 2023, 04:40:06 PM |
|
Yes it's legit.
Yes it's still a work in progress.
Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.
For 'spending cash' to keep it handy it's fine. To keep any amount of funds in a hot wallet is not a good idea, especially one on a machine that you are using for other things online.
-Dave
|
This space for rent.
|
|
|
HandcraftedBreads (OP)
Jr. Member
Offline
Activity: 46
Merit: 11
|
|
March 01, 2023, 06:26:05 PM |
|
Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.
I'm the kind of guy which has 1 machine only but still wants to have a full node (pruned) running and using bitcoin core as a hot wallet. Does this mean "I'm asking for trouble"? To what extent? Also, can bitcoin core run and work as a hot wallet in a machine that is not connected to the internet? |
|
|
|
|
NotATether
Legendary
Offline
Activity: 2114
Merit: 9049
Search? Try talksearch.io
|
|
March 02, 2023, 12:42:20 AM |
|
Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.
I'm the kind of guy which has 1 machine only but still wants to have a full node (pruned) running and using bitcoin core as a hot wallet. Does this mean "I'm asking for trouble"? To what extent? Generally, you should never need a browser extension to talk to your Bitcoin node, through RPC or anything. Why don't you simply run a client such as c-lightning or LND alongside your node? Also, can bitcoin core run and work as a hot wallet in a machine that is not connected to the internet?
No, unless you utilize PSBTs, which Core supports well. |
|
|
|
dkbit98
Legendary
Offline
Activity: 2744
Merit: 8249
Trêvoid █ No KYC-AML Crypto Swaps
|
|
March 02, 2023, 07:55:28 PM |
|
Is anyone aware of the risks of this extension, or has pursued studies on its reliability and excluded the possibility of scams?
I never used Alby myself so I can't vouch for anything, but I know people who use it for many months without any issues. Alby is open source so any developer can inspect code and see if there are any potential flaws or bugs, but I am excluding possibility of scam. They are very active on social media so you can contact them with your concerns, they can provide you better explanations for your questions. |
|
|
|
|
mendace
|
|
March 02, 2023, 09:41:02 PM |
|
Yes Alby is legit but my advice since this is LN is not to hold large funds but only a small amount. Anyway there are many other LN wallet solutions for example you could try Lightinginingbot on Telegram.
|
|
|
|
|
HandcraftedBreads (OP)
Jr. Member
Offline
Activity: 46
Merit: 11
|
|
March 04, 2023, 05:27:23 PM |
|
No, unless you utilize PSBTs, which Core supports well.
Thanks, so I don't see how one can use Bitcoin Core without asking for trouble. I suppose the best case would be to use a separate machine (online) with only bitcoin core. What do you think is the best solution for one-machine-only Joe? |
|
|
|
|
DaveF
Legendary
Offline
Activity: 3976
Merit: 6901
|
|
March 04, 2023, 05:58:10 PM |
|
Use a hardware wallet for your main BTC software. Be it core or electrum or whatever. This way even if your machine is compromised it's not a big deal they can't get your coins. *You can still make a mistake and get something like clipboard malware on your PC which can cause you to send funds to the wrong place but they just can't steal them.
For lightning payments, just keep in mind they are going to be insecure, but you should not be keeping a lot of funds in one anyway.
-Dave
|
This space for rent.
|
|
|
HandcraftedBreads (OP)
Jr. Member
Offline
Activity: 46
Merit: 11
|
|
March 04, 2023, 07:23:50 PM |
|
Use a hardware wallet for your main BTC software. Be it core or electrum or whatever.
So bitcoin core is considered a hardware wallet? I think I misinterpreted it. |
|
|
|
|
DaveF
Legendary
Offline
Activity: 3976
Merit: 6901
|
|
March 04, 2023, 08:31:48 PM |
|
Use a hardware wallet for your main BTC software. Be it core or electrum or whatever.
So bitcoin core is considered a hardware wallet? I think I misinterpreted it. No I mean you get a separate hardware wallet and connect it to core. Handy video for Cold Card: https://www.youtube.com/watch?v=xc_TxlByxeYThere are a bunch of options out there for hardware wallets that was just the only video I had a link saved for. Figure out which HW wallet works for you. Different features appeal to different people. You can dive into the hardware wallet section: https://bitcointalk.org/index.php?board=261.0 to get more info & discuss options. -Dave |
This space for rent.
|
|
|
|
|
wavessurfing
Member
Offline
Activity: 507
Merit: 64
|
|
August 14, 2023, 03:44:25 PM |
|
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ? |
|
|
|
|
nullama
Legendary
Offline
Activity: 1442
Merit: 1021
|
|
August 15, 2023, 06:25:19 AM |
|
~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?
This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet. If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway). If you have more than a small amount, then transfer that to cold storage. |
|
|
|
|
DaveF
Legendary
Offline
Activity: 3976
Merit: 6901
|
|
August 15, 2023, 01:11:59 PM |
|
~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?
This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet. If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway). If you have more than a small amount, then transfer that to cold storage. To put it even more simply there is always a danger of having ANY funds that are accessible by ANY device that is online. Phone / desktop / whatever. Yes, your installation of core might be safe. But is the PC that has this extension installed gets infected and someone gains access to that machine. Then they can do whatever they want on your network. -Dave |
This space for rent.
|
|
|
wavessurfing
Member
Offline
Activity: 507
Merit: 64
|
|
August 15, 2023, 11:22:09 PM |
|
~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?
This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet. If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway). If you have more than a small amount, then transfer that to cold storage. To put it even more simply there is always a danger of having ANY funds that are accessible by ANY device that is online. Phone / desktop / whatever. Yes, your installation of core might be safe. But is the PC that has this extension installed gets infected and someone gains access to that machine. Then they can do whatever they want on your network. -Dave i see...thank you so much Dave. |
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2744
Merit: 8249
Trêvoid █ No KYC-AML Crypto Swaps
|
|
June 17, 2025, 11:47:59 AM |
|
Stop using Alby wallet asap! I always knew Alby was custodial wallet, but they recently started charging inactivity fee, and they changed their terms of service. If there was no payment for over 12 months company seized customer funds from their custodial wallet. This is literally worse than what banks are doing, and it's not the first time we see crap like this from Lightning Network companies.  12. Term and Fees We offer paid Products and Services through a monthly or annual subscription model (“Subscription Term”) as well as one-time and voluntary payments. You will gain access to subscription-based Products and Services upon payment of the applicable fee (“Subscription Fee”), which will be automatically deducted from your Alby Hub spending balance at the start of each Subscription Term. One-time payments grant access to specified Products or Services for a defined period or as otherwise stated at the time of purchase. Voluntary payments, such as tips or donations, are entirely optional and do not grant access to additional features unless explicitly stated. Information about current Subscription Fees, one-time payment options, and voluntary payments is available on our website or in our Products or Services. We have been notifying user accounts for over a year to withdraw surplus funds from their legacy Alby Account with a shared wallet created 2023 and before. To manage these inactive accounts effectively, we reserve the right to deduct the entire remaining balance from a user’s legacy Alby Account with a shared wallet after 12 consecutive months of inactivity, defined as no completed transactions during that period. This fee applies only to inactive legacy Alby Accounts with a shared wallet created 2023 and before and does not affect active or inactive Alby Hubs, fee credits, or other wallets connected to an Alby Account. If you have any doubts about whether your balance is affected, please contact us at support.getalby.com. https://getalby.com/terms-of-serviceThere is no such 100% non-custodial Lightning, and most of the people is using custodial Lightning wallets  |
|
|
|
nemesis_incarnate
Newbie
Offline
Activity: 196
Merit: 0
|
|
June 17, 2025, 11:50:54 AM |
|
~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?
This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet. If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway). If you have more than a small amount, then transfer that to cold storage. Yeah, most should be out of reach of the web. That's the security concern that is totally reasonable - and should be worked with accordingly. |
|
|
|
|
NotATether
Legendary
Offline
Activity: 2114
Merit: 9049
Search? Try talksearch.io
|
|
June 17, 2025, 01:14:46 PM |
|
Yes but you need to have a connection to some Lightning node.
If you don't have your own Lightning node with a public RPC address, then you can sign up for an Alby account and it will just use their own channels for your sat. Kind of like how ACINQ does it for Phoenix Wallet users.
Just make sure you don't shut down your node before removing the Alby wallet, otherwise it tends to go crazy.
|
|
|
|
|
