In order to run Joule, you'll need a compatible browser (Chrome, Firefox, Opera, and soon Brave) and your own Lightning node. The node can either be running locally on your machine, or remotely, as long as the HTTP API port is exposed on the remote machine.
Unfortunately you must run your own node.
At the moment, unlike Bitcoin or Ethereum wallets, all Lightning
wallets require you run your own node. This is because your private
keys must be hot, meaning they're kept in memory so that you
can sign data with them even if you're not around. This is how routing
works in Lightning. Because of that, you need your own node.
Hopefully custodial node services will be coming soon to make using
Lightning easier for less technical users.
When setting up your node, you need to provide credentials for Joule to
talk to it. These are in the form of
LND Macaroons, little files that act like cookies on a website that
provide access to your node.
Where you'll find the macaroons depends on your node installation. If
you ran LND with default settings, you can find them in
~/Library/Application Support/Lnd/data/chain/bitcoin/* on
macOS, and ~/.lnd/data/chain/bitcoin/* on most unix based
systems. If you're running a node through a wallet, you'll need to
refer to their documentation.
Joule's code is completely open source, so it's open for the community
to audit. However, even though the code is safe, that doesn't mean
that it couldn't still be hacked.
If you want to protect yourself, we recommend running Joule in a separate
browser profile (Instructions for
Chrome,
Firefox.)
If you'd like to avoid the extension auto-updating, you
can install Joule from the raw code instead of through an extension
store by
downloading a release and following the instructions.
Your admin macaroon is encrypted, so your funds wouldn't be at
risk in the event of a hacked extension unless you unlocked it. If
that were to happen, you could either uninstall the extension, or
revoke your macaroons to ensure your node's safety.
You can follow the team on twitter
to stay up to date on Joule security.
Not at all. Joule only uses one external API for price
(https://cryptocompare.com)
and otherwise only communicates to your node.
Should the need for crash or performance statistics be needed in the
future, explicit user consent would be required before being collected.
To keep your node secure, Joule has no way to recover lost or forgotten passwords. But don't worry, as long as you have access to your node, you can wipe your node settings in the settings menu of Joule, and re-connect with your macaroons and a new password. All state is saved on the node, and you won't lose any important data.
Head on over to our contact page to get in touch!