Is "GetAlby" trustable?
I'm not trying to be insulting by asking that. I'm sure it is my own ignorance of coding but, umm..
Isn't it just like a centralized custody wallet, that also has my keys?
Discussion
https://github.com/getAlby/lightning-browser-extension
Source can be found
I can't speak to trust, but so far has been a very good solution for managing LN and nostr keys from browser. Alby extension allows one to export account to another wallet such as BlueWallet, Zeus, or LNDhub.
That's right, you and I are not in control of our keys.
#[0]
Do you mean Nostr keys, or Bitcoin keys?
As far as lightning you can use it with your own custodial lightning node with alby and it is open source, so it can be relatively "trustworthy"
If you use lightning but don't run your own lightning node you will always be trusting someone else.
If you mean your Nostr key, yes if I am not mistaken , I believe you are trusting them to store your key on their servers but it is one point of vulnerability as opposed to entering your key into every client all over the place you store it in one place. The community and myself have a reasonable amount of trust in Alby and I don't care that much of my Nostr gets comprised it isn't the end of my world.
If you need something more trustless than that you could check out https://github.com/fiatjaf/nos2x
This will store your Nostr key only on your own device.
Thank you.
This is the NOSTR ID COnundrum if you ask me.
Sure, just put it in Get Alby.
Sure attach Get Alby to multiple clients.
Now Get Alby has all of my clients? 🤷🏻♀️
You may not care and that's understandable.
It's an ID and Brand for me, especially because I'm soon choosing stage left for all other Social media.
You've made it more understandable. So thank you, but it just raises more questions for me now.
🤗
Well you aren't really giving Alby to your clients. You allow Alby to sign the events "offline" and then it sends the signed event to the client so your key is never directly exposed to the client. You can have Alby "forget" which clients you want it to sign for.
nos2x might be a better solution for you, if you really want to be extra super careful. I think you can even use coldcard and seedsigner hardware wallets if you want to go full tinfoil hat.
(note: I think I might incorrect in my previous post. I don't think Alby has any access to your nsec private key and it is only stored in your personal browser. I will need to double check, or maybe someone can correct me)