Both WoS and Alby are custodial and come with obvious risk. I've used Alby since joining and have had a fine experience.
Connecting Mutiny to Nostr allows you to zap but not receive zaps.
Zeus is an option if you run a node.
Minibits ecash wallet is also an option but it is early days and also custodial so you again have to weigh the pros and cons.
Makes sense thanks for the info. It seems like using Mutiny to zap would be a good option then sense it's non custodial. I'll accept the custodial risk for small amounts for now (on the receiving end) and use WoS/Alby.
Possibly dumb question, but is there a risk to giving Alby your nsec to use their nostr key management software? Or is it just more risky to stick your nsec in every nostr client?
Something I've been thinking about too. I think signing into a bunch of clients with your private key is probably the greater risk, but I have also not been comfortable giving Alby my private key.
There are other options that I have yet to look into in any meaningful way so I'm not advocating for either. One is nsecbunker.com and the other is nsec.app
The latter is newer and I've heard mixed reviews but it is open source and allows users to store keys on their devices. Could be worth exploring.
Our extension is open-source and you can verify the code (as many do) or even improve its features at
https://github.com/getAlby/lightning-browser-extension/releases
You can see there, that keys put in the extension always stay on the local machine, we don't know almost anything that you do with the extension.
Thanks for the reply! Happy to be corrected and not misrepresent you.
When you say *almost* anything, that implies that you know some things, yes? Curious if you would mind elaborating a bit more.
A related question is if Alby is compramized in some way, say via hack, does that compromise user keys?
Yes, we know if user used the extension to connect to the Alby Account, and then of course we are aware of the account's usage. But we can't know keys or whatever you do with your node plugged in. So, basically - nothing.
If you download malicious software that pretends to be Alby Extension, then your keys might be compromised. If you download verified extension from GitHub (recommended) or browser appstore - then there shouldn't be risk.
No hack on Alby premises could compromise user keys, those are stored locally on users' machines
Excellent. Appreciate you taking the time to explain.
Our extension is open-source and you can verify the code (as many do) or even improve its features at
https://github.com/getAlby/lightning-browser-extension/releases
You can see there, that keys put in the extension always stay on the local machine, we don't know almost anything that you do with the extension.
Here is another option:
nostr:naddr1qqxnzdes8qmnxd3nxscnjd35qgsya7fhzglleyjp05zwzd7elzln8d6u53dq305qf8v2hhs3jll8nsqrqsqqqa280r3c7g
