If Alby wanted to do so, they could change derekross@getalby.com to point to any LNURL and wallet. I'd never know until it was too late. I'm not saying they will ever do this, but it could absolutely happen. It's just a server config file. A rouge systems administrator could point it to their wallet if they wanted to do so. 

 No disagreement there! That still doesn't mean Alby Hub is custodial. You still hold the keys to your funds. 

 Sure they can't hold your funds, or spend them, but they do get to control some portion of your ability to send/receive them. I don't know that it's fair to say that what defines a custodial service who's holding your private key. 

A cloud VPS service is custodial because it handles hardware provisioning and networking for me. 
A DNS provider is custodial because technically it's possibly to host your own name servers
My ISP is custodial because it also does networking and routing for me as a service.  

 i don't think they get to control, only to restrict, there's a difference, and if they do that too much they risk losing your subscription

same with the cloud VPS and same with the DNS registrar, and same with the ISP - ok, in some places all of these things have a high cost to give the old provider a GFY but when you get mad that is worth the price of the fuck you money and well that's part of why bitcoin anyway 

 > i don't think they get to control, only to restrict, there's a difference, and if they do that too much they risk losing your subscription
Right, but if every provider does it, then where are you going to switch to? For instance port 25 incoming and outgoing traffic is blocked by default on every cloud service I've worked with in the US. You must express written formal request to open port 25 and submit a KYC. 

This is because government has laws in place to restrict this, but what are my choices?  

 my VPS in bulgaria also restricts port 25 but i have zero interest in doing SMTP service anyway... my workaround for this specific case would be that the middleware or client side would have a wireguard extension to access a private network for this, and that would satisfy the auth requirement that is the reason for this restriction

SMTP is broken, utterly, it's the main reason why google has monopolised email 

 That would be a conflation of self-custody with self-hosting. Custody is, who holds the keys. Hosting is who controls the computer where the software is running. Now, if you are running your Alby Hub on anyone else's computer/server, it may still be self-custody, but it is not self-hosted, and there are certain sovereignty trade-offs you are making. They may or may not be worth it to you, but they are also very different tradeoffs from someone else holding the keys to your funds. 

 To be fair, nostrplebs.com could do the same thing with my NIP-05's Lightning address redirect. It's still a valuable service to me despite that very real trade-off. 

 Yep. We could. It's a trust relationship no matter who you're using for Lightning addresses, unless you're using your own domain and web server. 

 Can you really ever even say you own your lightning address even in full self custody. Unless you use the IP address for your LN you're still just renting the domain. 

 Fair point. It's less likely that a domain registar would do this, but again it's entirely possible. 

 BOLT12 FTW? 

 Wen Bolt 12 zaps? 

 you can get your own domain if you want/can/care and think this is a risk.
and then we still rely on some nameservers and ICANN. ;)  

 Risk exists everywhere 🥹 

  https://image.nostr.build/4c8a21ef098aca979836b93df7da8d8012d01403a76eb6795039c01540f24969.jpg  

 When alby serves an invoice from lnurl you can't be sure they're not maliciously serving their own invoices instead of yours, intercepting some of your payments for themselves 

Of course they would never, but that's what he means. Still a lot of trust  

 Something to throw in here too, to my knowledge, your hub has to be connecting to some 3rd party chain state validation servers (bitcoin nodes) to see the blockchain, it's not validating transactions locally. (it does not do an initial block download) Which means DNS poison or possibly malicious nodes (whatever method they use to connect to nodes). I believe they support connecting to LND which would allow you to bypass this, which I'd highly recommend. But if you're running LND and Bitcoin Core in a full node already, what are they offering? A GUI?