Something I've been thinking about too. I think signing into a bunch of clients with your private key is probably the greater risk, but I have also not been comfortable giving Alby my private key.
There are other options that I have yet to look into in any meaningful way so I'm not advocating for either. One is nsecbunker.com and the other is nsec.app
The latter is newer and I've heard mixed reviews but it is open source and allows users to store keys on their devices. Could be worth exploring.
Our extension is open-source and you can verify the code (as many do) or even improve its features at
https://github.com/getAlby/lightning-browser-extension/releases
You can see there, that keys put in the extension always stay on the local machine, we don't know almost anything that you do with the extension.
Thanks for the reply! Happy to be corrected and not misrepresent you.
When you say *almost* anything, that implies that you know some things, yes? Curious if you would mind elaborating a bit more.
A related question is if Alby is compramized in some way, say via hack, does that compromise user keys?
Yes, we know if user used the extension to connect to the Alby Account, and then of course we are aware of the account's usage. But we can't know keys or whatever you do with your node plugged in. So, basically - nothing.
If you download malicious software that pretends to be Alby Extension, then your keys might be compromised. If you download verified extension from GitHub (recommended) or browser appstore - then there shouldn't be risk.
No hack on Alby premises could compromise user keys, those are stored locally on users' machines
Excellent. Appreciate you taking the time to explain.
Our extension is open-source and you can verify the code (as many do) or even improve its features at
https://github.com/getAlby/lightning-browser-extension/releases
You can see there, that keys put in the extension always stay on the local machine, we don't know almost anything that you do with the extension.
