You'd have to be using a very different definition of "custodial" to come to this conclusion.
Discussion
If Alby wanted to do so, they could change derekross@getalby.com to point to any LNURL and wallet. I'd never know until it was too late. I'm not saying they will ever do this, but it could absolutely happen. It's just a server config file. A rouge systems administrator could point it to their wallet if they wanted to do so.
No disagreement there! That still doesn't mean Alby Hub is custodial. You still hold the keys to your funds.
Sure they can't hold your funds, or spend them, but they do get to control some portion of your ability to send/receive them. I don't know that it's fair to say that what defines a custodial service who's holding your private key.
A cloud VPS service is custodial because it handles hardware provisioning and networking for me.
A DNS provider is custodial because technically it's possibly to host your own name servers
My ISP is custodial because it also does networking and routing for me as a service.
i don't think they get to control, only to restrict, there's a difference, and if they do that too much they risk losing your subscription
same with the cloud VPS and same with the DNS registrar, and same with the ISP - ok, in some places all of these things have a high cost to give the old provider a GFY but when you get mad that is worth the price of the fuck you money and well that's part of why bitcoin anyway
> i don't think they get to control, only to restrict, there's a difference, and if they do that too much they risk losing your subscription
Right, but if every provider does it, then where are you going to switch to? For instance port 25 incoming and outgoing traffic is blocked by default on every cloud service I've worked with in the US. You must express written formal request to open port 25 and submit a KYC.
This is because government has laws in place to restrict this, but what are my choices?
my VPS in bulgaria also restricts port 25 but i have zero interest in doing SMTP service anyway... my workaround for this specific case would be that the middleware or client side would have a wireguard extension to access a private network for this, and that would satisfy the auth requirement that is the reason for this restriction
SMTP is broken, utterly, it's the main reason why google has monopolised email
That would be a conflation of self-custody with self-hosting. Custody is, who holds the keys. Hosting is who controls the computer where the software is running. Now, if you are running your Alby Hub on anyone else's computer/server, it may still be self-custody, but it is not self-hosted, and there are certain sovereignty trade-offs you are making. They may or may not be worth it to you, but they are also very different tradeoffs from someone else holding the keys to your funds.
To be fair, nostrplebs.com could do the same thing with my NIP-05's Lightning address redirect. It's still a valuable service to me despite that very real trade-off.
Yep. We could. It's a trust relationship no matter who you're using for Lightning addresses, unless you're using your own domain and web server.
Can you really ever even say you own your lightning address even in full self custody. Unless you use the IP address for your LN you're still just renting the domain.
When alby serves an invoice from lnurl you can't be sure they're not maliciously serving their own invoices instead of yours, intercepting some of your payments for themselves
Of course they would never, but that's what he means. Still a lot of trust
Absolutely! That's a very different thing from not holding the keys to funds you already have, which is the traditional definition of self-custody vs custodial.
Something to throw in here too, to my knowledge, your hub has to be connecting to some 3rd party chain state validation servers (bitcoin nodes) to see the blockchain, it's not validating transactions locally. (it does not do an initial block download) Which means DNS poison or possibly malicious nodes (whatever method they use to connect to nodes). I believe they support connecting to LND which would allow you to bypass this, which I'd highly recommend. But if you're running LND and Bitcoin Core in a full node already, what are they offering? A GUI?
I actually cover this downside of many Alby Hub versions in my recent article here:
nostr:naddr1qqxnzdenxymrjdejx5envdfnqgstwf6d9r37nqalwgxmfd9p9gclt3l0yc3jp5zuyhkfqjy6extz3jcrqsqqqa28sfc4f2
My recommended setup is using it paired with your Start9, Umbrel, or other LND node.
As far as what it offers, I also cover that in the article.
Awesome Ill take a read! But what if I don't want to run a dedicated operating system???
i think it's just a docker image with LND and some nodejs web app?
Alby Hub is not for everyone. If you don't want to run a dedicated full Bitcoin node and LND, then you have to be okay with the tradeoffs of trusting Alby's node for all on-chain data, and channel opening and closing. You know... Just like any other self-custody Lightning "wallet" that isn't running on top of your own stack, like Phoenix, Zeus' Olympus node-on-a-phone, or Mutiny before they shut down.
There is no perfect solution. They all have trade-offs and we just have to determine which ones we are okay with.
I'm trying press people into discussing these tradeoffs. It can't be all silver bullets and rainbows. Lighting is retarded complicated and making it easier for the end user is papering over the complexities by adding "hidden" trade offs.
The other issue, is who gets to determine what tradeoffs are good for the average user... Usually the service/software. Kind of a big deal when those decisions get made for users without their knowledge, permission, or ability to easily change that AND still use your service. If there is a lack of competition like we see in big tech, they are forced to live with these tradeoffs or nothing at all.
You'll get no argument from me on that! People are generally unaware of the tradeoffs of ANY given service. They are also generally unwilling to put in the work to educate themselves in how to mitigate them, even with software that allows for it.
The answer to lack of competition, though, is more people who are capable of doing so building alternatives that are approachable for users.
For instance, I am happily using Datum to compose my own block templates from my own node's mempool, but only because it was easy to install and configure for someone of my limited technical literacy. Expect me to compile something from source to be able to use it, though, and I am out. As are many others of my level of grug brain and lower.
Make me an option that is even remotely as useful to me as Alby Hub, just as easy to run, and gets rid of some of the existing tradeoffs and I will happily use it instead.