Author

Topic: How can I identify a closed or open source wallet (Read 226 times)

hero member
Activity: 1008
Merit: 960

~snip~

But there are risks:
* some wallets are only partly open source
* some (fake) wallets just put something, anything to git (I've seen directly a zip with the exe once in the past) to trick newbies
* you can find on git a lot of clones, some maybe even malicious of the actual wallet
* the presence of source code doesn't mean 100% that the binaries were actually built from that source

All in all, no matter how much you hate that people didn't telly until now what to look for, you will most probably have to rely on others' expertise whether a wallet is indeed open source (and legit).

There's also always the risk that the actual code does something you don't want, even if it's posted completely open, and the binary created exactly from that source code (or even you built it yourself).

You (or someone else in the community) should read the source code and check to see what it actually does to make sure it's safe.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I'm tired of people saying the difference but not how to identify a closed or open source wallet.

Basically an open source wallet has the source code published. You can look on their website and see if they have link to GitHub (or similar platforms?) for the source code, you can go to Github and search yourself for the name of the wallet...

But there are risks:
* some wallets are only partly open source
* some (fake) wallets just put something, anything to git (I've seen directly a zip with the exe once in the past) to trick newbies
* you can find on git a lot of clones, some maybe even malicious of the actual wallet
* the presence of source code doesn't mean 100% that the binaries were actually built from that source

All in all, no matter how much you hate that people didn't telly until now what to look for, you will most probably have to rely on others' expertise whether a wallet is indeed open source (and legit).
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
Hi senior, I checked out the link to hardware open source wallet you dropped and I can't find ledger nano wallet on the list, does that mean ledger isn't open source hardware wallet?.
Ledger is only partially open source.  The closed source component is their Secure Element, of which nobody but Ledger's employees have any idea what it does and how it works.  And I think their Ledger Live is also at least partially closed source.  This does not necessarily make Ledger worse than Trezor and other open source alternatives from a security outlook, but it is worse than Trezor when it comes to transparency and privacy.  I, for one prefer open source over closed source.  And since we have no idea what the Secure Element does, it may very well be malicious or a honeypot for intelligence.

-
Regards,
PrivacyG
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.
If you want fast and easy solution than follow my bitcointalk forum topic dedicated to Open Source hardware wallets.
Instead of trusting me or anyone else, I would say it is always better to verify for yourself if something is open source by looking at github pages for specific hardware wallets.
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.

Hi senior, I checked out the link to hardware open source wallet you dropped and I can't find ledger nano wallet on the list, does that mean ledger isn't open source hardware wallet?.
Ledger is not an open-source wallet. It doesn't mean it is a bad wallet. It only means that it's source code is not available for use, modification and distribution. It is still considered one of the best hardware wallet for the level of security it provides.
member
Activity: 248
Merit: 13
Futiracoin.com
Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.
If you want fast and easy solution than follow my bitcointalk forum topic dedicated to Open Source hardware wallets.
Instead of trusting me or anyone else, I would say it is always better to verify for yourself if something is open source by looking at github pages for specific hardware wallets.
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.

Hi senior, I checked out the link to hardware open source wallet you dropped and I can't find ledger nano wallet on the list, does that mean ledger isn't open source hardware wallet?.
member
Activity: 252
Merit: 12
Side Note: Just because a software is open source, it does not mean it's the more secure than others. So make no mistake to grade an open source software as the most secure.

Being Open source simply enables you to check out the code used to build the wallet and maybe contribute in case any vulnerability is discovered and needs fixing.
You are right but been open source still means transparency, it's like saying you are free to check us out to see if we are hiding anything, it's not doubt that people will trust open source more than closed source, it's true that been open source doesn't mean it's safer but isn't closed source case more worse?.
legendary
Activity: 2268
Merit: 18711
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.
Yeah, this is the best answer if you don't really know what you are looking for yourself - https://walletscrutiny.com/

It will tell you if the wallet is open source, and if it is, if it can be reliably built from the published source code. As a bonus it will also tell you if the wallet is custodial, in which case it should absolutely be avoided. There are surprisingly few wallets which pass the test.

Also be aware of wallets which lie and call themselves open source when they are nothing of the sort. Trust wallet is the most well known example of this.
legendary
Activity: 2212
Merit: 7064
Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.
If you want fast and easy solution than follow my bitcointalk forum topic dedicated to Open Source hardware wallets.
Instead of trusting me or anyone else, I would say it is always better to verify for yourself if something is open source by looking at github pages for specific hardware wallets.
One more thing you can do is visiting walletscrutiny.com website and checking if source code for some wallet can be reproduced or not.
legendary
Activity: 3472
Merit: 10611
It is a hard thing to do on your own. The simplest solution is to search on google or ask on a public forum so that others can give you some information.
Otherwise you have to:
1. Seek out their source code.
If you can't find any, then it is closed source, otherwise move to next.

2. Then you have to actually go through the code to see what packages it is referencing.
Sometimes they just publish the UI code and then everything else which is the important parts are closed source! So obviously such projects are considered closed source regardless of the code they've published.

3. And finally you have to see if the code has any real connection to the software (binaries) you download and install.
Sometimes they release the code but then not even update it whenever they release new versions, which is a good indication of the wallet being closed source.
This one is hard to recognize because the build has to be deterministic and someone has to build it from source and compare it with binaries the devs release. It only happens for a handful of popular projects like bitcoin core and electrum.
hero member
Activity: 2520
Merit: 952
Just to add - if wallet is open source, their website would mention such and link to public repo.

For example, https://alphawallet.com/ - they have linked the repo link in bottom.
hero member
Activity: 1008
Merit: 960
Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

The only difference is that you're able to see the source code somewhere in the web when the wallet is open source. There's no difference for the user when interacting with the wallet.

Usually the code will be hosted at github, but they can post the code anywhere really. The main advantage is that you (or someone else) can read exactly what the wallet does.
legendary
Activity: 2366
Merit: 2054
Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.

there aren't toll to searching open-source wallet. but for projects like the software I use https://www.openhub.net/ tool. that is for general projects not specific like a wallet. but the most popular open-source wallet is SourceForge and Github. you can try searching it in google using keyword like example:

type in google search box

Code:
Github: wallet

hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
You can check the source code of open source wallet on GitHub and make sure it is getting updated. Like Electrum wallet: https://github.com/spesmilo/electrum

In close source wallets, the code is not available for the public to view.
Even if the code is present on GitHub, I strongly believe there still is a possibility that the wallet is only partially open source.  If I remember correctly, Trust Wallet has it partially public.  No other better examples come up in my mind, and Trust Wallet may not be the best since I have no idea if they even have a GitHub repo.

I am bringing up this subject because some may think that if there is a GitHub repo for a wallet, it means its software is open source.  For some products there are parts that are open source and parts that are not.  But if you did not even know about GitHub's existence before asking, better just ask around on the forum and you will definitely get a better answer from top notch members than opinions based off a 3 second 'Electrum github' Google research.

-
Regards,
PrivacyG
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
Side Note: Just because a software is open source, it does not mean it's the more secure than others. So make no mistake to grade an open source software as the most secure.

Being Open source simply enables you to check out the code used to build the wallet and maybe contribute in case any vulnerability is discovered and needs fixing.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Why not read the sticky thread instead to know which wallets are closed source and open source?

You can find the sticky thread under this section or go directly here https://bitcointalksearch.org/topic/general-bitcoin-wallets-which-what-why-1631151

Take note most of the wallets are closed and only a few wallets are open source like Bitcoin Core, Electrum, and Wasabi wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
You can check the source code of open source wallet on GitHub and make sure it is getting updated. Like Electrum wallet: https://github.com/spesmilo/electrum

In close source wallets, the code is not available for the public to view.
member
Activity: 63
Merit: 10
Is there anything particularly to look into to know if a wallet is closed source or open source? I'm tired of people saying the difference but not how to identify a closed or open source wallet.
Jump to: