Well, that's exactly what's happening with LN nodes and why many run these nodes at home on their hardware.
Discussion
Right, I hear that, and encourage it!
I'm asking how some folks can say that the keys are NOT on the server when it's using one of the Lightning-node-as-a-service LSP providers.
The keys MUST be hot and on the server. aka the LSP provider CAN access it. Am I wrong here?
They absolutely can unless they don't have any access to the machine for support purposes?
Well if they run the server and it’s hosted in their infra, I don’t see how they aren’t able to “get into the server”? They can SAY they won’t do it but at the end of the day THEY CAN.
Imo everyone selling “run your LN node on my infra and keep your keys noncustodial” are not being straightforward.
Again, unless I am missing something here? I’d love to be corrected.
Fully agree.
It’s called bs marketing affinity
This is the problem with Lightning. You run a node at home over TOR to protect your privacy, but TOR is DDoSed garbage, so sometimes transactions time out or are just very slow. So, people opt to use a hosted solution, so you have a fast node and protect your privacy, but doing so you give the infrastructure admins access to your keys. I love Lightning, but neither of these are good solutions.
Perhaps, see if it would be possible to run it over Safing.io Portmaster SPN. It's like a onion router network, but much faster.
There is some middle ground between running your home node through TOR and running your node on AWS. Just use AWS to route to your home node and skip TOR.
This is a good point, but your average person won't do this.
META: I keep bugging nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 or nostr:npub1tcsfj5636h8yqpvgrkrk4ewrfqsjrl67a9sux9wzv9mxc5m8skmsaacu6x (but that ambiguity is another bug) about https://git.v0l.io/Kieran/snort/issues/386 but another way to "fix" this would be for clients to stop using positional e-tags. May I ask you which client you used here that still uses positional e-tags?
I'm using Amethyst at the moment.
As Greenlight becomes available, it will challenge that assumption.
The local/mobile wallet accessing a Greenlight LN node will pre-signed transactions for channel closure and other operations.
The online node will never have the keys, just the pre-signed transaction for cooperative close and to challenge any hostile unilateral closure.
How does it sign for channel updates? Sounds really cool.
It can only do channel updates while the wallet/client is available to authorize them. It's not for routing nor any of that. It's a solution purely to the LN payment self-custody issue.
To go into it in any greater depth we'd have to delve in the source code. I think it's in a branch of the core lightning sources.
👍 thanks!
What I also find worrying is how popular closed source nodes like Umbrel are. You really take the effort to host it at home but then you run an OS that you cannot know if it phones home your keys?