Topic: walletscrutiny: the majority of "wallets" are either custodial or closed source - page 3. (Read 1604 times)

And ask them when they will provide reproducible builds. But be warned: They won't handle critics with care

Thanks for these insights. I will handle Samourai with care.

Your scenario of Mycelium turning evil is precisely the purpose of WalletScrutiny:

• If Mycelium turns evil (and security researchers verified the client isn't doing evil stuff, which is relevant as the client 99.99% of users are using matches the public source code, they can deny service and share information about your wallet. The privacy leak has indeed no other fix than to allow connecting to your own server. The service denial can be worked around by importing the backup to a different wallet.
• If Samourai turns evil, security researchers have no way of detecting it, as the code 99.99% of their client's users are running is closed. They can steal all users' funds.

That's Coinomi's claim but if you want to empty all wallets at some point, any claim that is believable works. Doesn't convince me they don't want to steal your funds.

I have heard that too, and iirc it was from their rep.


Why not?

I use Coinomi and Ownr wallet. Both of them are non-custodial and closed source. I'm not worried about their security. I supposed Coinomi went closed source because people were cloning their wallet, but it was only my assumption.

You can run your own Dojo and Whirlpool servers.
Still does not stop the wallet itself from becoming evil.

And I have said it before and I'll say it again. Open source is only good if you follow all the rules. No auto update, don't install an upgrade until you and / or other trusted people have verified the executable download matches what you get when you compile yourself. And you know what, most people still don't do either. Just download and go.

There is also the question of how some of these wallets operate.
You can choose my own server in Samourai. You cannot in Mycelium

BTC spikes to $25000 tomorrow and you want to sell. The Mycelium server gets overloaded and stops responding, or they don't want people moving the coins so it responds
but never broadcasts it anyplace. There are ways around it, but some you either have to install another app and import your seed or do some other things. Both of which take some time and knowledge.

Samourai / coinomi same thing but all you have to do is pick a different server which IMO is a lot quicker. I run my own and I know a lot of people here run their own and are more then willing to help out and say connect here.

Not to mention the privacy aspect.

There are many things in play, but just talking about opensource builds is just part of the issue.

As I have said, just my view. I don't expect to change yours but I do think it should be out there.

Stay safe.

-Dave

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

• The wallet on Google Play has little to do with their open source
• They hide in secrecy about who is behind the wallet
• They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?

Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

I'm not exactly eager to put much effort into adding more wallets In fact, I do not really analyze wallets that have not at least 1000 downloads. Just drop a link to the playstore listing once it's live.

Awesome resource. Thanks for posting the images with links on your website!

Edit: Oops, looks like my send-able merit had decayed, I'm sending you whatever I have left over.

I will add soon. Their wallets is running test before completely publishing on the market. But if you want to get involved Unifyre test process, I may arrange something to you.
Please let me know if you interest test Ferrum's Unifyre Wallet beta test.

If you share the Google Play link (or the appId), I will add it to WalletScrutiny.com but it will only be reviewed once it reaches 1000 downloads and if time allows. The priority is to provide timely evaluation of new releases of verifiable wallets and it's a side project, so ...

A topic with very useful posts. I take care to try every crypto wallet I find, but I have never seen a platform that examines so many wallets together. I think I can access some information here without having to experiment with wallets.

I also want to talk about a non-custodial wallet that Ferrum Network, which I am working on behalf of, is preparing to publish these days. The wallet, which will be released soon, will be easy for anyone to use and will be very useful with LinkDrop. This wallet is called Unifyre. Those who want can get more information from Unifyre.io. I hope Unifyre is reviewed here soon.

WalletScrutiny is not just a study. It's an ongoing project which closely monitors updates of verifiable wallets. Check it out. The charts are now more informative and there are many more wallets covered now.

That's the only problem of using the old school Bitcoin wallet and it only supports Bitcoin but there are still some people use this wallet.

Why don't you just switch to another wallet like Electrum or Mycelium they have more features than the old school Android Bitcoin wallet.
You can get your private keys on the data folder /data/data/de.schildbach.wallet/files/wallet-protobuf
or on the other path posted from here https://github.com/bitcoin-wallet/bitcoin-wallet/blob/master/wallet/README.md

If you don't want to switch and you would like to adjust the transaction fees you can edit this /data/data/de.schildbach.wallet/files/fees.txt just find this under the internal data of your phone.

I've been using the Bitcoin Wallet GooglePlay link here: https://play.google.com/store/apps/details?id=de.schildbach.wallet

I wish it had a few more features like adjustable fees.

It continues to pass verification, be your bank!

https://gitlab.com/walletscrutiny/walletScrutinyCom/blob/da1e43187f164ead9aef1a551c067783c4cbb0f6/_posts/2019-12-20-de.schildbach.wallet.md

A user of open source software (just include green and mycelium), though I'm using coins.ph too, well, needed for crypto to fiat transactions.

Yeah, your right closed source is one of their problems we don't know if the latest one could be safe or not.

How about switching to Edge wallet instead they support most of the major coins this is one of my alternative multi-crypto wallets.

I don't save most of my coins in coinomi I just use it for holding a small amount but if you care about your assets and if it is a big amount well I think the official wallet or hardware wallet is the best option nowadays.

I do use Coinomi on android (since last 5 years), thing is it's closed source, and like article said:

The security issue is only in the Desktop version of Coinomi I don't have a bad experience in using their wallet for a long time with their android version.

Since their Desktop version is new there are still many bugs you can experience in Desktop version unlike on mobile version.

I heard that they already fix the vulnerability issue of their desktop version I heard it from someone here on the forum I just can't find the thread.

If you are planning to use coinomi better use their Android version which is fine.