Non-Custodial & Keyless Architecture
The most important security feature of the LaserSell extension is that it does not have access to your private keys.- Server-Side Execution: Your private keys and signing logic reside exclusively within the compiled
lasersellapplication running on your server. - View-Only Data: The extension acts strictly as a telemetry receiver. It displays your PnL, active sessions, and logs by subscribing to a data stream pushed by your application.
- Zero Trade Authority: Because the extension does not hold your keys, it cannot be used to withdraw funds or execute unauthorized transactions, even if the browser environment were compromised.
Secure Pairing Protocol
To link your application to the Chrome extension without exposing your server’s IP address or opening ports, we use a secure, short-lived pairing mechanism:- Cryptographic Handshake: When your application starts, it generates a cryptographically secure pairing code.
- Authenticated Channel: This code creates an authenticated session between your specific instance and the LaserSell cloud telemetry relay.
- Encrypted Transport: All telemetry data sent from your server to the extension is transmitted over HTTPS/TLS, ensuring data privacy in transit.
Open Source & Auditable
We believe security requires transparency. You do not have to take our word for how the extension handles your data, as you can verify it yourself. The LaserSell Chrome Extension is fully open source. We invite security researchers and users to audit the codebase to confirm that:- No private keys are ever requested or stored.
- No sensitive data is exfiltrated.
- The code behaves exactly as described in our documentation.