Bitcoin Forum

Here are some ideas for increased security with the Electrum wallet:

• Publish the releases on IPFS.  (The link is also the hash & it's decentralized)
• Digitally sign the releases (whether published on the legacy website or on IPFS)
• Let me see the software version # when I launch the app, without having to enter my wallet password!  I need this to see if there's an update before entering my pw into a potentially vulnerable version.
• Let me check for updates before entering my password to my wallet.
• Establish a presence on the new, decentralized web platforms.  Operate under the assumption that your domain name will eventually be compromised either by thieves or the government (yet, I repeat myself! :) )

This is probably the wrong place to make this also as you're better off posting it on their github... I don't think the electrum deva are as active here as elsewhere...

It is probably a good idea to enable users to check for an update before the password is entered but implementation might be difficult as it then changes how the software loads from the very start: which in theory should be easy to implement but turn out to be difficult to implement depending on how their engine renders screens...

This is something like, if ever there is an update you will be notify before to enter your password. Is it something like forcing the user to update their electrum client?
Might be difficult if that so, what if the user don't want to update their client? do they can still proceed?
Difficult implementation for sure .

I think op means the current implementation. As currently there's either a yes or no option or an OK one (I forget which).

i don't think it can be a viable option because IPFS requires peers to continue seeding content. for example right now that we are on version 3.x peers have to continue seeding version 1.9 because someone might need it (eg. recovering a wallet file that doesn't work in new versions). and that is not something that people would do. best case scenario is decent seeds for new versions and older ones dying.

the releases are already signed using PGP.

this won't solve much. if you want security then you shouldn't be using the wallet online (on a computer that is connected to the internet). look into Electrum's cold storage options.
not to mention that the initial entering of your password only decrypts the public information such as your addresses and transaction history not your private keys.

it won't matter as long as users continue doing these two things:
1. verify the deterministic builds hashes
2. verify the PGP signature of each release.
or simply build from source code.

Why do I get the feeling like the OP is just shilling for IPFS and their shit-file-coin?

Am I being overly cynical, is it just me?  I did have to go back to work today after two weeks off, so maybe it's just me.