Topic: Do beginners know what closed & open source wallets are? - page 2. (Read 650 times)

hehe Coinomi was already doing the second part. it was sending the seed to their servers to be "checked" for spelling errors, etc. and it is closed source so there isn't that much information about what the hell was going on really. all we know was that it communicated the mnemonic with a server and the devs were evasive about it.

TrustWallet's not-so-good excuse:

It has come to our attention that some dishonest developers have been cloning Trust Wallet and either scamming users or using the code without permission as their own product.

source: https://medium.com/@trustwallet/why-open-sourcing-android-app-could-be-a-harm-to-the-crypto-community-fb3ae1707dc6

Quite a non-acceptable excuse in my opinion. It's not like scammers aren't scamming people by creating clones of closed-source platforms. Though making the wallet closed source protects them ever so slightly, sacrificing their software's open-ness isn't worth it in my opinion. But then again, I assume most people don't even know that the Android version is closed source.

Hey, great article.

I would like to add another wallet to the OpenSource wallets list, the name is Atomic Wallet.

https://atomicwallet.io/
https://github.com/Atomicwallet

i have been using this wallet in the past months and is the best one i have ever seen. It has features like swap, buy cryptos, staking, and multiple coins and tokens wallet... So far so good, and i think it deserve a mention in this thread.

I still don't understand why the trustwallet folks claim that their wallet is open source even on their website  and yet its only the iOS version that's open source. It's misleading since the Android version probably has even much more users than the iOS version.

They can do much worse than arbitrarily demand KYC. They can use pre-generated seeds so they already know the private key to every address the wallet generates, or in the cases of people importing seeds, they can simply program the wallet to send the seed back to the developers. They can even insert a few lines of code to an update that simply sends everything in the wallet to them. With closed source wallets, you have to trust the developers completely.

I read some guide posts about custodial vs. non-custodial wallets but only a few about open vs. closed source. I often read them brought up by other users in the comments. I think many beginners don't have the slightest idea about the difference between closed and open source yet. I don't claim to be an expert on this but I will try to highlight that in this post based on what I understand so far.

Closed source: Since nobody else knows the codes except the developers, it is mainly them who can check the wallet for any bug or other vulnerabilities. I'm not sure how many are they but their number is surely fewer than the devs monitoring open source wallets. If a hacker finds a malware, it could probably take them longer time to fix that. The longer the time, the greater the risks to the funds of users.  

Another factor is you have to completely trust or at least highly trust the team. I think being a "trust-based" wallet alone is a potential red flag already and you should think carefully before using them. Why? The developers can do a lot of changes in the wallet. I can't remember who said this but here's an example, the developers can ask you to pass KYC verification before you can access your funds again. That sounds crazy and the chances of that happening are low but it is still a possibility.

Non-custodial mobile wallets used by many beginners today are probably unaware that they are closed source. Here are some of them:
- Coinomi
- Exodus
- Enjin
- Jaxx
- Trust Wallet (Android)


Open source: Huge advantage over closed source is there are more people who can check the codes for any bugs or malwares. The more eyes to inspect, the faster it is to find and fix any vulnerabilities. The wallet becomes more secure to store funds. There is also no need to put trust to a few developers and this idea truly supports decentralization too.

Example of non-custodial and open source mobile wallets:
- Electrum
- MyCelium
- Bread Wallet
- Trust Wallet (IOS) **

**some evidence suggest that it is not open source anymore.

I am sure there are similar or differing opinions from the pro users here and I would like to hear them.
Please share your thoughts, add more, or rectify if you see something inaccurate in my post.  


P.S.
I'm not promoting any of the above-mentioned wallets. If you want to use any of them, please do it at your own discretion.