Topic: Some thoughts about wallets. Random thoughts from Dave. - page 2. (Read 508 times)

Not sure if it's mentioned in that article but there are at least 2 ways you can compile some code (might not be true for compiling sfraignto something the os can run):
[ul]

• compiling for memory efficiency
• compiling for cpu efficiency

[/ul] .

There are things you can do to test the build of a wallet too. You don't have to go through something line by line exactly, you just have to look at what's run at what point (normally passing it to an interpreter) or what's sent along the network (typically if communications aren't encrypted). It's much faster to do a dry run or look at each line in turn to work out what it does. It'd take a really advanced programmer to hide some code that looks and acts like it does something different to what it actually does and randomly does something harmful that it'd probably take more effort than it's worth as it may not be possible in a few strict languages.

---

With trusting an exchange to hold your funds you're putting a lot of trust in its team and its insurance. Have you checked the documents and what they actually cover if they store funds there?

---

On the topic of people who love to check signatures and go solely of that, it's good but it's not perfect because you're trusting that person to not have accidentally stored their key somewhere they shouldn't and you're also trusting their version of the compiled key signing engine... If they didn't verify that install or even a piece of rogue software on their machine then you could also be at risk if that adds malicious code to the binary.

I believe that this should never ever be encouraged in the community. The more of Bitcoin is held under the custody of a "centralized service", the more it becomes vulnerable under central banking schemes.

Encourage the development of new protocols for exchange, like BISQ.

For context, https://bitcointalksearch.org/topic/is-bitcoin-immune-vs-central-bank-schemes-5209931

I agree with most of the things Dave said. I certainly don't have the knowledge to inspect a piece of code and know what it does. But I do like the fact that others who know what they are looking for have the possibility to inspect it. That is why I stick to the well-known brands. I prefer names who have been in the game for several years. I skeptical towards new brands, open sources or closed source. I'd rather give the community time to inspect the new wallets before I use them. I use both open source and closed source wallets. Even my Ledger is partially closed source. I have used Coinomi on my Android phones with small amounts and mostly for altcoins and have never had any issues with it.   

if we don't look at things in black and white (100% safe or 100% scam) then we can see that there is a big range of possibilities between being safe and being completely risky. then we can come up with an assessment and a rate that can help us decide how much bitcoin we want to put in that wallet.

you can start a list of things to look at:
1) what device it runs on?
PC is safer than a ("portable") phone, since you carry phone around!
then a cold storage (like paper) is safer than hot wallet on PC.

2) what programming language it is written in and how it handles its dependencies?
i just leave this here: https://bitcointalksearch.org/topic/two-malicious-python-libraries-caught-stealing-ssh-and-gpg-keys-5206906

3) how old and how popular is the project?
being older and being more popular means more people have looked at the code and have been using it. it is not just about being scam but also about having bugs and more popularity means less bugs since they are found easier and fixed.

4) being open source?
this is not about "you" looking at the code. it goes hand in hand with popularity and how many others have looked at the code.

5) having deterministic builds?
being open source is not enough since majority of users are downloading the binaries. there is a simple solution for that called "reproducible or deterministic builds", it simply means no matter who builds the binaries from source code they all end up with the same final file hash. unfortunately majority of wallets don't have that: https://bitcointalksearch.org/topic/which-wallets-use-deterministic-builds-5195281

---

now we can rate different wallets. example out of 10:

#  electrum  coinomi
1) 8          3
2) 8          6
3) 9          5
4) 10         0
5) 10         0
----------------
   45        14

now it is easier to decide how much money to leave where.

I have mostly used an exchange as a hot wallet and my Ledger Nano S as a cold wallet..
Also having a seed memorized and being able to get to that coin from anywhere in the world incase of some emergency, yet being very secure, is quite appealing to me..

I don't really trust anything on a phone, or do much of anything on a phone, but have used Mycelium wallet and probably played with a few other app wallets but I don't trust them much at all..

Exactly, and I think that is actually what got me annoyed at the post / article. I really could not figure it out. Now I can.
It's the title. "Is your wallet secure" The next line really should have been. "Duh, of course not, it's on a phone that is vulnerable, in an environment that is vulnerable. But these wallets might possibly be a tiny bit safer then others"


Thanks :-)

Enjoy the rest of the weekend everyone.
-Dave

no, it doesn't really matter. mobile apps and custodial wallets are both high risk. it's always prudent to limit risk exposure either way. tbh i just avoid both. brick-and-mortar spending usually calls for buying gift cards, so i just buy those at home and keep all my private keys offline.

For you and me, I'd say kind of.  I certainly don't have the knowledge necessary to verify any wallet's code to make sure it's secure--I don't know any coding whatsoever, so I have to rely on the expertise of people with that knowledge who vouch for which wallets are safe.  That's good enough for my purposes.

Then again, I don't use mobile wallets much anymore, nor did I ever keep many coins on the Coinomi wallet which I was a fan of for a long time.  I don't like the fact that they're closed source, and using a hardware wallet is just the smarter move for storing altcoins. 

There haven't been any hacks on Mycelium, Electrum, or any of the software wallets for mobile as far ask I know, and you would think that if the devs had the ability to steal your coins they would have done that long ago.  So I tend to trust those two wallets and a couple more, even though I can't verify that everything is safe myself.  That's just how it goes with me; there has to be some level of trust in the makers of these wallets--and other apps, too.

Always like hearing your opinions, Dave.

So there is a post here:
https://bitcointalksearch.org/topic/is-your-android-wallet-secure-most-of-the-37-wallets-should-scare-you-5209504

About is your Android wallet secure. Now I have some issues with the article, and how it is written, and some other things, but that is me. It basically discusses if the github version matches the compiled download for Android devices. Is it open source, is it custodial, etc.

But that brings up another point which is, is that important? And what is?

Going back to here: https://bitcointalksearch.org/topic/helping-usually-new-people-choose-their-wallets-5205304 where I was talking about how to help new people pick their wallet, this also brings up the point of what is secure and good for you might not matter what it good and secure for me. I used to like Mycelium more but I have really started to drift away from it. For my own personal use I have moved to 2 separate mobile wallets. Both of which would make most people scream ARE YOU NUTS?? one is closed source (with some unverified complaints) and the other is custodial. But for me they do work,for others they might not.

So this point here is:

Since most of us can't really read the 1000s and 1000s of lines of code, and even if we could we may or may not compile it to verify what is on github matches what we just downloaded, which may or may not matter if they admit github might be a version or 2 behind what is being downloaded but the phone auto-updates the app anyway. Which then does not matter since we probably don't know the security procedures in place for them to upload the update to the playstore anyway.

Aren't we just making ourselves feel good? Think about it. Coinomi is closed source. If they put in code to send all the coins in all their installed wallets to them, we can't do anything about it. And we will not know till all our funds are gone.

BUT

Blockstream Green Wallet is open source, and you can verify the build same way as listed it in the article. But still auto updates from the play store. Do we really know if the username and password for account that they use to upload to the store is secure along with the 2fa? Or is the user / pass on a post-it note on the monitor with the 2fa usb device left sitting plugged into the USB port on the computer that does the uploads? If someone goes evil Friday at 3:45PM as everyone is walking out of the office. By the time everyone figures it out Monday AM it's all over.

Same with custodial vs non custodial? Yeah Coinbase has it's issue, but you know what else it has? Insurance & a phone number to call. I KNOW Not your keys / not your coins. But if you trade just about any financial instrument (stocks / bonds / currency) 99% of the time you don't have the actual bonds / stock certificates / cash anyway. Other then logging into my trading account I really can't prove I own "X" shares of "Y" stock. If I want the actual certificate I have to PAY a lot to have created it mailed to me. So long it's at a place like Coinbase and not Dave's unknown exchange does it matter that much? Yeah, they can spring KYC on you at any moment. But you know what, so can any payment gateway. I'm not saying leave real amounts of BTC there.
With that being said...
But, in a hot phone wallet does it matter? If you have more then spending amounts in your phone isn't this all kind of moot? Because...wait for it....phones & PCs are not that secure by themselves at the end of the day....

I can go on, but I just wanted to put this all down again

-Dave