How can I identify a closed or open source wallet

nullama

hero member

Activity: 980

Merit: 957

Quote from: NeuroticFish on March 16, 2022, 09:40:36 AM

~snip~

But there are risks:
* some wallets are only partly open source
* some (fake) wallets just put something, anything to git (I've seen directly a zip with the exe once in the past) to trick newbies
* you can find on git a lot of clones, some maybe even malicious of the actual wallet
* the presence of source code doesn't mean 100% that the binaries were actually built from that source

All in all, no matter how much you hate that people didn't telly until now what to look for, you will most probably have to rely on others' expertise whether a wallet is indeed open source (and legit).

There's also always the risk that the actual code does something you don't want, even if it's posted completely open, and the binary created exactly from that source code (or even you built it yourself).

You (or someone else in the community) should read the source code and check to see what it actually does to make sure it's safe.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Takyeon on March 13, 2022, 07:26:44 PM

I'm tired of people saying the difference but not how to identify a closed or open source wallet.

Basically an open source wallet has the source code published. You can look on their website and see if they have link to GitHub (or similar platforms?) for the source code, you can go to Github and search yourself for the name of the wallet...

But there are risks:
* some wallets are only partly open source
* some (fake) wallets just put something, anything to git (I've seen directly a zip with the exe once in the past) to trick newbies
* you can find on git a lot of clones, some maybe even malicious of the actual wallet
* the presence of source code doesn't mean 100% that the binaries were actually built from that source

All in all, no matter how much you hate that people didn't telly until now what to look for, you will most probably have to rely on others' expertise whether a wallet is indeed open source (and legit).

PrivacyG

hero member

Activity: 784

Merit: 1735

Crypto Swap Exchange

Quote from: Synerggy on March 14, 2022, 11:44:03 AM

Hi senior, I checked out the link to hardware open source wallet you dropped and I can't find ledger nano wallet on the list, does that mean ledger isn't open source hardware wallet?.

Ledger is only partially open source. The closed source component is their Secure Element, of which nobody but Ledger's employees have any idea what it does and how it works. And I think their Ledger Live is also at least partially closed source. This does not necessarily make Ledger worse than Trezor and other open source alternatives from a security outlook, but it is worse than Trezor when it comes to transparency and privacy. I, for one prefer open source over closed source. And since we have no idea what the Secure Element does, it may very well be malicious or a honeypot for intelligence.

-
Regards,
PrivacyG

pakhitheboss

hero member

Activity: 2142

Merit: 785

Top Crypto Casino

Quote from: Synerggy on March 14, 2022, 11:44:03 AM

Quote from: dkbit98 on March 14, 2022, 06:14:32 AM

Quote from: Takyeon on March 13, 2022, 07:26:44 PM

Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

If you want fast and easy solution than follow my bitcointalk forum topic dedicated to Open Source hardware wallets.
Instead of trusting me or anyone else, I would say it is always better to verify for yourself if something is open source by looking at github pages for specific hardware wallets.
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.

Hi senior, I checked out the link to hardware open source wallet you dropped and I can't find ledger nano wallet on the list, does that mean ledger isn't open source hardware wallet?.

Ledger is not an open-source wallet. It doesn't mean it is a bad wallet. It only means that it's source code is not available for use, modification and distribution. It is still considered one of the best hardware wallet for the level of security it provides.

Synerggy

member

Activity: 248

Merit: 13

Futiracoin.com

Quote from: dkbit98 on March 14, 2022, 06:14:32 AM

Quote from: Takyeon on March 13, 2022, 07:26:44 PM

Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

If you want fast and easy solution than follow my bitcointalk forum topic dedicated to Open Source hardware wallets.
Instead of trusting me or anyone else, I would say it is always better to verify for yourself if something is open source by looking at github pages for specific hardware wallets.
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.

Hi senior, I checked out the link to hardware open source wallet you dropped and I can't find ledger nano wallet on the list, does that mean ledger isn't open source hardware wallet?.

Daodex

member

Activity: 252

Merit: 12

Quote from: Bitcoin_Arena on March 13, 2022, 07:59:20 PM

Side Note: Just because a software is open source, it does not mean it's the more secure than others. So make no mistake to grade an open source software as the most secure.

Being Open source simply enables you to check out the code used to build the wallet and maybe contribute in case any vulnerability is discovered and needs fixing.

You are right but been open source still means transparency, it's like saying you are free to check us out to see if we are hiding anything, it's not doubt that people will trust open source more than closed source, it's true that been open source doesn't mean it's safer but isn't closed source case more worse?.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18586

Quote from: dkbit98 on March 14, 2022, 06:14:32 AM

One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.

Yeah, this is the best answer if you don't really know what you are looking for yourself - https://walletscrutiny.com/

It will tell you if the wallet is open source, and if it is, if it can be reliably built from the published source code. As a bonus it will also tell you if the wallet is custodial, in which case it should absolutely be avoided. There are surprisingly few wallets which pass the test.

Also be aware of wallets which lie and call themselves open source when they are nothing of the sort. Trust wallet is the most well known example of this.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: Takyeon on March 13, 2022, 07:26:44 PM

Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

If you want fast and easy solution than follow my bitcointalk forum topic dedicated to Open Source hardware wallets.
Instead of trusting me or anyone else, I would say it is always better to verify for yourself if something is open source by looking at github pages for specific hardware wallets.
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.

pooya87

legendary

Activity: 3444

Merit: 10558

It is a hard thing to do on your own. The simplest solution is to search on google or ask on a public forum so that others can give you some information.
Otherwise you have to:
1. Seek out their source code.
If you can't find any, then it is closed source, otherwise move to next.

2. Then you have to actually go through the code to see what packages it is referencing.
Sometimes they just publish the UI code and then everything else which is the important parts are closed source! So obviously such projects are considered closed source regardless of the code they've published.

3. And finally you have to see if the code has any real connection to the software (binaries) you download and install.
Sometimes they release the code but then not even update it whenever they release new versions, which is a good indication of the wallet being closed source.
This one is hard to recognize because the build has to be deterministic and someone has to build it from source and compare it with binaries the devs release. It only happens for a handful of popular projects like bitcoin core and electrum.

libert19

hero member

Activity: 2464

Merit: 934

Just to add - if wallet is open source, their website would mention such and link to public repo.

For example, https://alphawallet.com/ - they have linked the repo link in bottom.

nullama

hero member

Activity: 980

Merit: 957

Quote from: Takyeon on March 13, 2022, 07:26:44 PM

Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

The only difference is that you're able to see the source code somewhere in the web when the wallet is open source. There's no difference for the user when interacting with the wallet.

Usually the code will be hosted at github, but they can post the code anywhere really. The main advantage is that you (or someone else) can read exactly what the wallet does.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Takyeon on March 13, 2022, 07:26:44 PM

Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

there aren't toll to searching open-source wallet. but for projects like the software I use https://www.openhub.net/ tool. that is for general projects not specific like a wallet. but the most popular open-source wallet is SourceForge and Github. you can try searching it in google using keyword like example:

type in google search box

Code:

Github: wallet

PrivacyG

hero member

Activity: 784

Merit: 1735

Crypto Swap Exchange

Quote from: Charles-Tim on March 13, 2022, 07:31:52 PM

You can check the source code of open source wallet on GitHub and make sure it is getting updated. Like Electrum wallet: https://github.com/spesmilo/electrum

In close source wallets, the code is not available for the public to view.

Even if the code is present on GitHub, I strongly believe there still is a possibility that the wallet is only partially open source. If I remember correctly, Trust Wallet has it partially public. No other better examples come up in my mind, and Trust Wallet may not be the best since I have no idea if they even have a GitHub repo.

I am bringing up this subject because some may think that if there is a GitHub repo for a wallet, it means its software is open source. For some products there are parts that are open source and parts that are not. But if you did not even know about GitHub's existence before asking, better just ask around on the forum and you will definitely get a better answer from top notch members than opinions based off a 3 second 'Electrum github' Google research.

-
Regards,
PrivacyG

Bitcoin_Arena

copper member

Activity: 2030

Merit: 1788

฿itcoin for all, All for ฿itcoin.

Side Note: Just because a software is open source, it does not mean it's the more secure than others. So make no mistake to grade an open source software as the most secure.

Being Open source simply enables you to check out the code used to build the wallet and maybe contribute in case any vulnerability is discovered and needs fixing.

BitMaxz

legendary

Activity: 3248

Merit: 2971

Block halving is coming.

Why not read the sticky thread instead to know which wallets are closed source and open source?

You can find the sticky thread under this section or go directly here https://bitcointalksearch.org/topic/general-bitcoin-wallets-which-what-why-1631151

Take note most of the wallets are closed and only a few wallets are open source like Bitcoin Core, Electrum, and Wasabi wallet.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

You can check the source code of open source wallet on GitHub and make sure it is getting updated. Like Electrum wallet: https://github.com/spesmilo/electrum

In close source wallets, the code is not available for the public to view.

Takyeon

member

Activity: 63

Merit: 10

Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

Topic: How can I identify a closed or open source wallet (Read 209 times)