Topic: Is anybody using OWNR wallet? (Read 425 times)

I guess that Ownr and any non-custodial hot wallet is safe. No one has an access to your private keys, so your funds are only yours.

Thanks for answers, guys
I agree with Dave that open source is not safe heaven if you are using auto updates. To be sure in security you should read every update report. But it anyway makes the story a bit more transparent and a bit calmer

I see updates, it's just not automatic. I have to manually go through each one (or all of them with one tap) and then they update. I usually update them, just not automatically. Google Play store updates can be vague sometimes like "bug fixes" .. sometimes I investigate. Other times, I just say, what they hey, and tap Update...

So maybe it's semi-automatic, but at least I still have to tap something before it actually updates.

So you have allow unknown sources and no automatic updates.
Not saying it's bad, but unless you don't have a lot on the phone you run the risk of having a vulnerable app stay the phone longer.

*Full honesty I have a device with more then the small amounts on it setup the same way but the only thing on it are 2 coin apps it is not used as a phone more of a "warm wallet"

-Dave

I have automatic updates turned off on my phone. I think Electrum does not even push out the latest version in the google play store, so I just downloaded and installed it directly from the website. Check the version number. (Maybe they have already updated it in the play store.)

Same as I do with  my Trezor    a black a white a gray one   they never have more then 3 or 4 k in coins combined in the three of them.

 I have a core wallet on a mac mini with  backup hdd's  in three other locations

With the desktop version yes, with the android version unless you have automatic updates turned off. It will auto update when they push something out.
With that being said it's been months and months since they did any updates to the android version.

But this does loop back to the original point, if you have BTC and only BTC or at most 1 or 2 alts then checking you wallets although time consuming is doable.
Looking at my coinomi wallet I have

BTC,LTC,ETH,DOGE,XMR,DASH and DFC

That would just get to be a full time job to keep up with them all.
So since there is not life altering amounts of money there. Heck it's barely weekend plans amount of money. I'll trust the precompiled closed source.
For the real money it's secured another way. YMMV in terms of amounts.

-Dave

i get your point and we can discuss a lot about open source and security. for instance since you mentioned hash it reminded me of a common issue among all open source wallets:
a lot of projects (even the popular ones) that are open source, release a compiled version which majority of users download. in other words it doesn't make a difference for them if the project were open source or not since they are still downloading a binary (like a .exe for windows) even if they or someone else had reviewed the code. you still don't know if the binary belongs to the same code or not!

this issue is partially solved when these projects use a deterministic builds but now there is another problem where people who compile from source code don't compare the hashes to see if it were legit. i opened.
https://bitcointalksearch.org/topic/which-wallets-use-deterministic-builds-5195281
https://bitcointalksearch.org/topic/have-you-ever-compiled-electrum-from-source-code-and-check-its-hash-with-the-rel-5212057

Yes but as I posted someplace else, it's somewhat a false security.

Do you check the hash of the file you downloaded against what is posted?
Do you have automatic updates turned off on your phone and not update till people have verified the posted code is the same as what is in the app store / play store?

And as I posted in another thread unless there has been a 3rd party audit of how they push the update to the store this is all just security theater.

Think about it, if there are poor controls to upload the compiled file to the store then it's all pointless.
DaveF gets a job with bigwallet as their IT hardware person. It's open source, it's audited, it's amazing beautiful code.
Friday @ 4:30PM as everyone is leaving for the weekend I post a corrupt fund stealing compiled app to the app / play store and walk out of the building, head to the airport and fly to some island with no extradition. Saturday AM they have the bad wallet pulled but by then I have 1000s (10000s?) of BTC that were sent to me before anyone knew what happened. And I'm on a beach sipping drinks out of a coconut.

On the other hand the shitty closed source wallet needs 2 people with security dongles to log into the PC that updates the code that is in the app / play store.
You might not know what the code is, and it may be crap with bugs, but they at least know that what they wrote is what is up there.

However, since as far as I know NONE of them publish / publicly audit how they push updates to the stores it's all just trust.

You may feel differently. You may disagree. That is fine, but IMO it really needs to be discussed.

-Dave

being open source is about being transparent not about every single user checking the code themselves. for example i have not really checked Electrum or bitcoin core source code (not extensively anyways) but i know that many others have and that is enough. but if it were a closed source wallet i know that nobody has ever seen the code or knows what it is doing.

There is Hodlerwallet[1] and also Trust wallet (owned by Binance) which used to be open source for iOS only but now, it seems like the GitHub repository has been archived[2] (but you should still be able to compile it yourself).

[1] https://github.com/HODLERTECH/HODLER-Open-Source-Multi-Asset-Wallet
[2] https://github.com/trustwallet/trust-wallet-ios

Unless I am mistaken, and I'm sure there will be a ton of people here who will correct me.
There are no multi-alt-coin open source wallets for mobile.

Since this is in the bitcoin wallet section not the alt-coin wallet section, there are going to be different views.

Which comes back to the thought of if you are going to have a BTC wallet on your phone and 6 or 7 of the big alts on your phone which is better?
7 or 8 wallets that are all open source but who has time to check the code and verify everything before installing all the new versions as they come out or just 1?

And then you have all the different keys to store from all the wallets and everything else.

It's the loop of convenience vs. security.

-Dave

There are some closed source non-custodial solutions. OWNR, for example, is not storing the keys. And as i know there were some security problems with Electrum in the past https://cointelegraph.com/news/electrum-faces-another-fake-wallet-attack-users-reported-to-lose-millions-of-dollars

Actually, nobody is showing the backend code. Some project is open source but only for the frontend client. As a developer, i did not see fully open-source multi-wallet projects before. It will be interesting to check if anybody can send a link to me

Yes. Agree. Would like to clarify that there are plenty of options out there that are both open source, or they show transparency on how the wallets work. Hardware wallets in particular have certain closed chips, but most of the rest of the logic is explained clearly. Obviously they shouldn't reveal private keys or seeds unless it's part of a function that it does.

Wasabi is also a good one, and there are services which are not wallets themselves like JoinMarket or Shuffle-something (I forget what they are called), plus even true DEX like blocknet that works with your core wallet to do atomic swaps.

Some other examples are OpenDime, where it's not exactly a hardware wallet, but more like a physical bitcoin, they private keys are on the device itself and revealed only when you punch a hole or something; otherwise just showing the public address and how much coins are in there. It's been called the bitcoin bearer stick.

You can't go wrong with Core or Electrum (after verifying integrity, download from original website) ... the other wallets, being new, have a little risk involved, which, if you know what you are doing, can be mitigated.

Some wallets are / or were good, like Multibit, but they stopped supporting it. I myself never used them because I thought they had problems back then, so now that they're gone I don't have to think about transferring coins from a dead wallet software.

Just remember, get the keys, it's your coins.

The only reason I would use a closed-source wallet is if it has GREAT features that would make it worth using, while of course, I'd store only very small amounts of money. Probably the same amount of money that I'd personally keep on my daily leather pocket wallet.

And yea, stop hunting for other wallet apps. The wallet apps we have right now has most of the things we need already, especially when talking about cold storage.

The big amount of money varies from person to other, some 1000 dollars will not make a difference to him, others 100 dollars.
If you are afraid of losing that money, only put it in a reliable wallet (choose more than one wallet.)
You can split money to avoid loss by using a lot of wallets (Exodus, Coinomi, Trust,..etc.)

i am also against anything closed source and/or custodial but also you should try not to limit yourself just to these two wallets (core and electrum) there are lots of other good projects out there each doing a different thing. from paper wallets that are free to hardware wallets that you have to pay for them and to all other desktop wallets that satisfy a different need like wassabi that offers coinjoin features.

I second the motion for Electrum and Core desktop wallet software. Why use anything else? Not your keys, not your coins.

Is it too much to say that "not open source software" goes against Bitcoin's ethos? I personally would discourage using it.

Use electrum. Secure your keys.

Or use one of the recommended wallets in this list, https://docs.google.com/spreadsheets/d/1aZ1zbaUEzCo9NCctN8-eL2VLIiSdY009tTJvRXDUWEw/edit?usp=sharing