Is Alby a legitimate extension for lightning network usage?

[HandcraftedBreads]

I'm looking for a safe way to use Nostr and have the possibility to send and receive tips in sats.

Apparently, Alby looks like the most popular solution. I'm currently in a limbo, because I want to download it but I don't trust it enough. The extension asks me permissions to communicate with other apps outside of the browser, which certainly seems not something a guy with Bitcoin Core on the same machine should do. Moreover, it seems that Alby developers have not been verified yet.

Is anyone aware of the risks of this extension, or has pursued studies on its reliability and excluded the possibility of scams?

[DaveF]

Yes it's legit.
Yes it's still a work in progress.
Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.

For 'spending cash' to keep it handy it's fine. To keep any amount of funds in a hot wallet is not a good idea, especially one on a machine that you are using for other things online.

-Dave

[HandcraftedBreads]

Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.

I'm the kind of guy which has 1 machine only but still wants to have a full node (pruned) running and using bitcoin core as a hot wallet. Does this mean "I'm asking for trouble"? To what extent?

Also, can bitcoin core run and work as a hot wallet in a machine that is not connected to the internet?

[NotATether]

Yes, if you are running Bitcoin Core on the same machine that is live on the internet you are asking for trouble.

I'm the kind of guy which has 1 machine only but still wants to have a full node (pruned) running and using bitcoin core as a hot wallet. Does this mean "I'm asking for trouble"? To what extent?

Generally, you should never need a browser extension to talk to your Bitcoin node, through RPC or anything. Why don't you simply run a client such as c-lightning or LND alongside your node?

Also, can bitcoin core run and work as a hot wallet in a machine that is not connected to the internet?

No, unless you utilize PSBTs, which Core supports well.

[dkbit98]

Is anyone aware of the risks of this extension, or has pursued studies on its reliability and excluded the possibility of scams?

I never used Alby myself so I can't vouch for anything, but I know people who use it for many months without any issues.
Alby is open source so any developer can inspect code and see if there are any potential flaws or bugs, but I am excluding possibility of scam.
They are very active on social media so you can contact them with your concerns, they can provide you better explanations for your questions.

[mendace]

Yes Alby is legit but my advice since this is LN is not to hold large funds but only a small amount.  Anyway there are many other LN wallet solutions for example you could try Lightinginingbot on Telegram.

[HandcraftedBreads]

No, unless you utilize PSBTs, which Core supports well.

Thanks, so I don't see how one can use Bitcoin Core without asking for trouble. I suppose the best case would be to use a separate machine (online) with only bitcoin core.

What do you think is the best solution for one-machine-only Joe?

[DaveF]

Use a hardware wallet for your main BTC software. Be it core or electrum or whatever. This way even if your machine is compromised it's not a big deal they can't get your coins. *You can still make a mistake and get something like clipboard malware on your PC which can cause you to send funds to the wrong place but they just can't steal them.
 
For lightning payments, just keep in mind they are going to be insecure, but you should not be keeping a lot of funds in one anyway.

-Dave

[HandcraftedBreads]

Use a hardware wallet for your main BTC software. Be it core or electrum or whatever.

So bitcoin core is considered a hardware wallet? I think I misinterpreted it.

[DaveF]

Use a hardware wallet for your main BTC software. Be it core or electrum or whatever.

So bitcoin core is considered a hardware wallet? I think I misinterpreted it.

No I mean you get a separate hardware wallet and connect it to core.

Handy video for Cold Card: https://www.youtube.com/watch?v=xc_TxlByxeY

There are a bunch of options out there for hardware wallets that was just the only video I had a link saved for.

Figure out which HW wallet works for you.

Different features appeal to different people. You can dive into the hardware wallet section: https://bitcointalk.org/index.php?board=261.0 to get more info & discuss options.

-Dave

[nullama]

Alby is awesome, and the extension is open source: https://github.com/getAlby/lightning-browser-extension

You can read the code, and build it yourself if you don't trust them.

[wavessurfing]

Alby is awesome, and the extension is open source: https://github.com/getAlby/lightning-browser-extension

You can read the code, and build it yourself if you don't trust them.

is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

[nullama]

~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet.

If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway).

If you have more than a small amount, then transfer that to cold storage.

[DaveF]

~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet.

If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway).

If you have more than a small amount, then transfer that to cold storage.

To put it even more simply there is always a danger of having ANY funds that are accessible by ANY device that is online.
Phone / desktop / whatever.
Yes, your installation of core might be safe. But is the PC that has this extension installed gets infected and someone gains access to that machine. Then they can do whatever they want on your network.

-Dave

[wavessurfing]

~snip~
is there a particular danger to run alby browser extension on a computer linked by ssh to a raspberry pi running bitcoin core ?

This sounds like you have a hot wallet, I wouldn't recommend having more than a small amount of BTC on any computer connected to the internet.

If you only have a small amount then it would be fine to run alby (which I think it's a reputable extension anyway).

If you have more than a small amount, then transfer that to cold storage.

To put it even more simply there is always a danger of having ANY funds that are accessible by ANY device that is online.
Phone / desktop / whatever.
Yes, your installation of core might be safe. But is the PC that has this extension installed gets infected and someone gains access to that machine. Then they can do whatever they want on your network.

-Dave

i see...thank you so much Dave.