Pages:
Author

Topic: walletscrutiny: the majority of "wallets" are either custodial or closed source - page 3. (Read 1664 times)

legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Thanks for these insights. I will handle Samourai with care.

And ask them when they will provide reproducible builds. But be warned: They won't handle critics with care Wink
legendary
Activity: 2310
Merit: 1422
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

  • The wallet on Google Play has little to do with their open source
  • They hide in secrecy about who is behind the wallet
  • They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?
Thanks for these insights. I will handle Samourai with care.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
BTC spikes to $25000 tomorrow and you want to sell. The Mycelium server gets overloaded and stops responding, or they don't want people moving the coins so it responds
but never broadcasts it anyplace. There are ways around it, but some you either have to install another app and import your seed or do some other things. Both of which take some time and knowledge.

Samourai / coinomi same thing but all you have to do is pick a different server which IMO is a lot quicker. I run my own and I know a lot of people here run their own and are more then willing to help out and say connect here.

Your scenario of Mycelium turning evil is precisely the purpose of WalletScrutiny:

  • If Mycelium turns evil (and security researchers verified the client isn't doing evil stuff, which is relevant as the client 99.99% of users are using matches the public source code, they can deny service and share information about your wallet. The privacy leak has indeed no other fix than to allow connecting to your own server. The service denial can be worked around by importing the backup to a different wallet.
  • If Samourai turns evil, security researchers have no way of detecting it, as the code 99.99% of their client's users are running is closed. They can steal all users' funds.

I supposed Coinomi went closed source because people were cloning their wallet,

That's Coinomi's claim but if you want to empty all wallets at some point, any claim that is believable works. Doesn't convince me they don't want to steal your funds.

hero member
Activity: 2520
Merit: 952
I love Coinomi and this makes me sad Sad
I supposed Coinomi went closed source because people were cloning their wallet, but it was only my assumption.

I have heard that too, and iirc it was from their rep.

Quote
I'm not worried about their security

Why not?
jr. member
Activity: 147
Merit: 6
I love Coinomi and this makes me sad Sad
I use Coinomi and Ownr wallet. Both of them are non-custodial and closed source. I'm not worried about their security. I supposed Coinomi went closed source because people were cloning their wallet, but it was only my assumption.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

  • The wallet on Google Play has little to do with their open source
  • They hide in secrecy about who is behind the wallet
  • They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?

You can run your own Dojo and Whirlpool servers.
Still does not stop the wallet itself from becoming evil.

And I have said it before and I'll say it again. Open source is only good if you follow all the rules. No auto update, don't install an upgrade until you and / or other trusted people have verified the executable download matches what you get when you compile yourself. And you know what, most people still don't do either. Just download and go.

There is also the question of how some of these wallets operate.
You can choose my own server in Samourai. You cannot in Mycelium

BTC spikes to $25000 tomorrow and you want to sell. The Mycelium server gets overloaded and stops responding, or they don't want people moving the coins so it responds
but never broadcasts it anyplace. There are ways around it, but some you either have to install another app and import your seed or do some other things. Both of which take some time and knowledge.

Samourai / coinomi same thing but all you have to do is pick a different server which IMO is a lot quicker. I run my own and I know a lot of people here run their own and are more then willing to help out and say connect here.

Not to mention the privacy aspect.

There are many things in play, but just talking about opensource builds is just part of the issue.

As I have said, just my view. I don't expect to change yours but I do think it should be out there.

Stay safe.

-Dave
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

  • The wallet on Google Play has little to do with their open source
  • They hide in secrecy about who is behind the wallet
  • They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?
legendary
Activity: 2310
Merit: 1422
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
I will add soon. Their wallets is running test before completely publishing on the market. But if you want to get involved Unifyre test process, I may arrange something to you.
Please let me know if you interest test Ferrum's Unifyre Wallet beta test.

I'm not exactly eager to put much effort into adding more wallets Cheesy In fact, I do not really analyze wallets that have not at least 1000 downloads. Just drop a link to the playstore listing once it's live.
legendary
Activity: 2128
Merit: 1073
Awesome resource. Thanks for posting the images with links on your website!

Edit: Oops, looks like my send-able merit had decayed, I'm sending you whatever I have left over.
hero member
Activity: 1204
Merit: 630
I hope Unifyre is reviewed here soon.

If you share the Google Play link (or the appId), I will add it to WalletScrutiny.com but it will only be reviewed once it reaches 1000 downloads and if time allows. The priority is to provide timely evaluation of new releases of verifiable wallets and it's a side project, so ...

I will add soon. Their wallets is running test before completely publishing on the market. But if you want to get involved Unifyre test process, I may arrange something to you.
Please let me know if you interest test Ferrum's Unifyre Wallet beta test.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
I hope Unifyre is reviewed here soon.

If you share the Google Play link (or the appId), I will add it to WalletScrutiny.com but it will only be reviewed once it reaches 1000 downloads and if time allows. The priority is to provide timely evaluation of new releases of verifiable wallets and it's a side project, so ...
hero member
Activity: 1204
Merit: 630
A topic with very useful posts. I take care to try every crypto wallet I find, but I have never seen a platform that examines so many wallets together. I think I can access some information here without having to experiment with wallets.

I also want to talk about a non-custodial wallet that Ferrum Network, which I am working on behalf of, is preparing to publish these days. The wallet, which will be released soon, will be easy for anyone to use and will be very useful with LinkDrop. This wallet is called Unifyre. Those who want can get more information from Unifyre.io. I hope Unifyre is reviewed here soon.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
In this study which classified many wallets

WalletScrutiny is not just a study. It's an ongoing project which closely monitors updates of verifiable wallets. Check it out. The charts are now more informative and there are many more wallets covered now.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I've been using the Bitcoin Wallet GooglePlay link here: https://play.google.com/store/apps/details?id=de.schildbach.wallet

I wish it had a few more features like adjustable fees.

~snip~

That's the only problem of using the old school Bitcoin wallet and it only supports Bitcoin but there are still some people use this wallet.

Why don't you just switch to another wallet like Electrum or Mycelium they have more features than the old school Android Bitcoin wallet.
You can get your private keys on the data folder /data/data/de.schildbach.wallet/files/wallet-protobuf
or on the other path posted from here https://github.com/bitcoin-wallet/bitcoin-wallet/blob/master/wallet/README.md

If you don't want to switch and you would like to adjust the transaction fees you can edit this /data/data/de.schildbach.wallet/files/fees.txt just find this under the internal data of your phone.
member
Activity: 66
Merit: 27
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
A user of open source software (just include green and mycelium), though I'm using coins.ph too, well, needed for crypto to fiat transactions.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I do use Coinomi on android (since last 5 years), thing is it's closed source, and like article said:

Quote
The app cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The app might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.

Yeah, your right closed source is one of their problems we don't know if the latest one could be safe or not.

How about switching to Edge wallet instead they support most of the major coins this is one of my alternative multi-crypto wallets.

I don't save most of my coins in coinomi I just use it for holding a small amount but if you care about your assets and if it is a big amount well I think the official wallet or hardware wallet is the best option nowadays.
hero member
Activity: 2520
Merit: 952
I love Coinomi and this makes me sad Sad

The security issue is only in the Desktop version of Coinomi I don't have a bad experience in using their wallet for a long time with their android version.

Since their Desktop version is new there are still many bugs you can experience in Desktop version unlike on mobile version.

I heard that they already fix the vulnerability issue of their desktop version I heard it from someone here on the forum I just can't find the thread.

If you are planning to use coinomi better use their Android version which is fine.

I do use Coinomi on android (since last 5 years), thing is it's closed source, and like article said:

Quote
The app cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The app might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I love Coinomi and this makes me sad Sad

The security issue is only in the Desktop version of Coinomi I don't have a bad experience in using their wallet for a long time with their android version.

Since their Desktop version is new there are still many bugs you can experience in Desktop version unlike on mobile version.

I heard that they already fix the vulnerability issue of their desktop version I heard it from someone here on the forum I just can't find the thread.

If you are planning to use coinomi better use their Android version which is fine.
Pages:
Jump to: