Hey there,

Graham here, the CEO of Voltage. This is a big question with many parts but I’ll try to answer the best I can (it’s going to be long). There’s two very different pieces of this question, the regulation aspect and the technology & custodianship. First off, the definition of custodianship is somewhat murky. There’s always a “yeah, but” to it. Before Bitcoin, your options were to hold cash or put it in a bank (custody). Now we have an amazing new technology that gives us the benefits of those bank type solutions (and more) with an entirely new way to control our money. The invention of Bitcoin has made custody not so black and white. There’s the really obvious example of custodians, like Wallet of Satoshi, then there’s things like trusted swap providers. Are those custodial because they own user funds while swapping? There is a huge spectrum to this from your own cold storage to Coinbase. To your point, if Chase bank uses AWS for hosting and AWS could get into their RDS instances to get user credentials or move money, does that make them a custodian? I’d say no, but they’d probably be considered a trusted 3rd party. The biggest conversation here is really around Trust.

For the technology aspect, it’s impossible to do hosting without trust. You gotta trust GoDaddy to keep your website up. No matter the provider (Voltage, Greenlight, etc) you gotta trust the provider to keep the node online. You gotta trust the provider to do the right thing and keep things secure. At Voltage we’ve gone to great lengths to achieve this. We’ve submitted many PRs to LND to enhance its security, like TLS key encryption, Tor key encryption, and more. We aren’t just throwing LND on some VPS and calling it good. There’s no sensitive data on disks or in our databases that’s readable by us. We do keep encrypted backups of some things like seeds and macaroon, but those are encrypted client-side so we never know them. Now, one of your points is around keys for a lightning node. Node keys live encrypted in the node’s database. When a node starts up it must be unlocked by the user with a password that they’ve set and we don’t know. At that time the keys are held inside of the LND process for the duration that process is living. The memory itself from the underlying server is encrypted as well with keys Voltage does not have access to, so the node keys are never living outside of an encrypted space. Of course, some people might want keys running in a different location, ala Remote Signing. This is a great start, but doesn’t fully remove trust from the hosting provider. In today’s remote signing implementations, you still have to trust the hosting provider that the requests that are being sent to the signer are honest. Even with a Watchtower, if your hosting provider is running the Node and Watchtower, then they just shut down the Watchtower and broadcast an old state. To get to the most trustless deployment of ‘node in the cloud and signing outside the node’ you’ll have to run a Bitcoin full node on the signer as well as the node to verify everything. This gets very complicated very fast and a million different ways to deploy these things. In summary, if you want trustless and totally ‘noncustodial’ you gotta do it all yourself. From there, there’s a huge spectrum of trust tradeoffs that just go back to the individual to decide. We offer remote signing as well as other providers, so everyone’s just gotta do what’s best for them. Final point on this is, we’re working hard to make all this better. More hosting options, more signing options, etc. The nodes product we have today is very much a ‘v1’ and the nodes product we’ll have in the months and years to come will be very different.

Now the regulation piece. We’re operating in a brand new space and all of Bitcoin is moving faster than the law can keep up. We have a legal team we work with and we feel totally fine on our regulatory position. Additionally, it’s something we always keep our eyes on. I don’t think there’s any ‘time bomb’ there, especially when you see the other products and services out there. I won’t name names to be respectful, but there’s lots of Bitcoin companies that are very clearly MSBs and are operating without the proper licensing. We’ve got a lot of armchair lawyers in Bitcoin and ultimately it’s up to each company to consult their own legal team, abide by the law the best they can, and watch for clarity as it comes.

Again, this is a big topic and I can rant on, but I’ll stop there. I think the main part of your question was around VPS hosts and what happens when you put your Bitcoin keys on it. I think that depends on a ton of factors, but for us, we try to encrypt everywhere so it's more than a standard VPS deployment. There’s trust and tradeoffs all over the place, everyones just gotta find their balance.

Blockstream Greenlight fixes this

I don't believe this is true. I think the keys are encrypted on the client side by the user, Voltage only stores the encrypted keys and does not have access to the keys themselves afaik

Lol. No, AWS isn’t a custodian.

Regardless of the key question, anything you don't host yourself can be shut down at your behest. That goes from full nodes, to VPS access for hybrid nodes, to simple internet access by your internet provider.

Suddenly the hetzner news is less mysterious.

from voltage discord:

It's well known that Google, Amazon, Apple and Microsoft own most of Bitcoins as the lot of seeds have been stored on their servers in many ways by the Bitcoiners kek

how can they access user keys?? they are encrypted by the users and only the user can decrypt.