Oddbean new post about | logout
jb55 | 11 months ago (raw) | root | parent | reply | flag 
 you should be fine as long as you are not running any additional plugins/software on top of your lnd node like btcpay/lnbank. Any additional software you introduce that has access to your rpc is just increasing your attack surface. This is why I prefer the lightning client app approach I was working on such as http://lnlink.org  . No additional software needed on the node side.
sworder | 11 months ago (raw) | root | parent | reply | flag 
 Thanks for the response.

I thought long and hard about it, and the only two add-ons that have access to my LND REST address and admin cookie (aka macaroon?) are GetAlby and Zeus.

With Zeus, presumably the cookie would be stored on my phone. No third party should be able to access it, correct?

With GetAlby, I'm not really sure. It's a PC browser-based extension, so hopefully it's stored on my computer locally, as opposed to an Alby server?

I never gave such issues a great deal of thought until reading this fellow's horror story. Just trying to tighten up my OpSec game a bit so as not to repeat his mistake.