Anon on Nostr: TLDR: AlbyHub appears to be monitoring private inbound Lightning transactions, even ...
TLDR: AlbyHub appears to be monitoring private inbound Lightning transactions, even those that don't pass through Alby, logging them, and then sending the details over email.
I installed AlbyHub a couple of weeks back. It's connected to my private LND node which runs on the same VM.
I was really disappointed to see that Alby is collecting a record of my own private transactions, not just those that pass through Alby's LNUrl implementation. How do I know this? Because they sent me a friggin' email showing the details of a private transaction. (I'm just testing their product so I don't mind sharing the details here on NOSTR. See screenshot.)
Just to trace the information flow a bit: When someone sends me BTC through my lightning address (e.g. myname@mydomain.com) , it passes through Alby's LNUrl implementation. So of course Alby knows about it. The fact that they're recording it and publicly emailing me about it is very troubling, but not unexpected; Companies can't help themselves when it comes to archiving and leveraging their users' data. The real deal killer though is that Alby is monitoring my *private* inbound transactions, those that don't even make use of AlbyHub, sending that information to Alby servers, where they then broadcast those private transaction details over an SMTP channel.
Dude, that's not cool at all.
Alby (npub1get…0nfm) #alby #getalby #albyhub
I installed AlbyHub a couple of weeks back. It's connected to my private LND node which runs on the same VM.
I was really disappointed to see that Alby is collecting a record of my own private transactions, not just those that pass through Alby's LNUrl implementation. How do I know this? Because they sent me a friggin' email showing the details of a private transaction. (I'm just testing their product so I don't mind sharing the details here on NOSTR. See screenshot.)
Just to trace the information flow a bit: When someone sends me BTC through my lightning address (e.g. myname@mydomain.com) , it passes through Alby's LNUrl implementation. So of course Alby knows about it. The fact that they're recording it and publicly emailing me about it is very troubling, but not unexpected; Companies can't help themselves when it comes to archiving and leveraging their users' data. The real deal killer though is that Alby is monitoring my *private* inbound transactions, those that don't even make use of AlbyHub, sending that information to Alby servers, where they then broadcast those private transaction details over an SMTP channel.
Dude, that's not cool at all.
Alby (npub1get…0nfm) #alby #getalby #albyhub