Nostr Web Client

Something I've been thinking about too. I think signing into a bunch of clients with your private key is probably the greater risk, but I have also not been comfortable giving Alby my private key.

There are other options that I have yet to look into in any meaningful way so I'm not advocating for either. One is nsecbunker.com and the other is nsec.app

The latter is newer and I've heard mixed reviews but it is open source and allows users to store keys on their devices. Could be worth exploring.

Alby 1y ago

Our extension is open-source and you can verify the code (as many do) or even improve its features at

https://github.com/getAlby/lightning-browser-extension/releases

You can see there, that keys put in the extension always stay on the local machine, we don't know almost anything that you do with the extension.

Reply to this note

Please Login to reply.

Discussion

Jordan Eskovitz 1y ago

Thanks for the reply! Happy to be corrected and not misrepresent you.

When you say *almost* anything, that implies that you know some things, yes? Curious if you would mind elaborating a bit more.

A related question is if Alby is compramized in some way, say via hack, does that compromise user keys?

Alby 1y ago

Yes, we know if user used the extension to connect to the Alby Account, and then of course we are aware of the account's usage. But we can't know keys or whatever you do with your node plugged in. So, basically - nothing.

If you download malicious software that pretends to be Alby Extension, then your keys might be compromised. If you download verified extension from GitHub (recommended) or browser appstore - then there shouldn't be risk.

No hack on Alby premises could compromise user keys, those are stored locally on users' machines

Jordan Eskovitz 1y ago

Excellent. Appreciate you taking the time to explain.