Blockstream Greenlight fixes this
Yeehhh... Stoked... Any idea about a release date?
reply
Idk but don't think that long anymore
reply
reply
You hold the keys, they host the server
reply
it's hosted core lightning. how do the criticisms here not also apply to greenlight? it's a similar setup, just with core lightning.
reply
They have no control over your keys, voltage has control over your keys. Under regulatory pressure voltage could rugpull you, greenlight couldn't.
reply
how though? whether you hold the key to unlock the node or not, once it's running, it's all in memory. so how is it different? in addition, the core lightning database is not encrypted. if they use a remote database like postgres, then the entire database is unencrypted and accessible to anyone with admin privileges on the database. at least lnd's is encrypted on the filesystem. also core lightning seems to be developed with the philosophy that if the server the node is on is compromised, then you've already lost. so there is little to no authentication on the rpc socket. if they have access to the server, which they probably do since they are running it for you, then theoretically they could do whatever they want once the node is running.
reply
The keys aren't in their memory as the keys never leave your device. All signing happens on your client (eg Smartphone).
reply