I know that it does, that's not the issue. The issue is that the API needs to be reachable from clearnet which ends up exposing my node. Not ideal.
I don't know that much about the risk involved there. Can you explain what happens when your node gets exposed? Then people can track all activity to and from the node? I thought Lightning was more privacy preserving than that.
reply
The information that is leaked by exposing Tallycoin to clearnet is your rough location in the world as well as making it easier for attackers to target your node.
It's not an impossible problem to get around. You can proxy the requests via a back-end service for example. But it'd be nice to not have to worry about it :)
reply
The information that is leaked by exposing Tallycoin to clearnet is your rough location in the world
The traffic is routing through TOR, so that should remove the first problem around physical location.
as well as making it easier for attackers to target your node.
What is the risk there? Your node gets DDOS'd basically? Is there a real risk beyond that?
reply
The traffic is routing through TOR, so that should remove the first problem around physical location.
Look. Any service that wants to interact with a TOR hidden service (in this case Tallycoin running on Umbrel) needs to also run a TOR daemon. This is not ideal and brings with it a lot of issues.
You can set up a reverse proxy on your Umbrel machine to allow make Tallycoin reachable via clearnet but it brings with it privacy issues (ie. you leak your IP address). Not ideal.
What is the risk there? Your node gets DDOS'd basically? Is there a real risk beyond that?
The IP address being leaked (and by extension your rough physical location.). That can lead to all sorts of issues, for example DDOS or black hats targeting your machine specifically to get access to your node (and your funds). Remember that every LN node is in practice a kind of bug bounty.
There are examples of individuals that have accidentally exposed their Umbrel nodes to clearnet having their funds swiped. Granted, this has mostly been when the default password was "umbrel", but still.
reply