Will the wallet developers keep a copy of private key?

[windsee]

Maybe a stupid question. Wondering if various wallet developers will keep the private by themselves. When we install the wallet, address and private key will be generated. Will the developers keep a copy by themselves? I know the wallet project is in github and availabile for review, but how do we know the version we install is the one in github? Seems it's a matter of trust. Do we have anything that can verify it's safe?

[officerpants]

Depends on which wallet you use, but...

You could compile/build the wallet yourself from source in GitHub, you'd know that was the wallet that was related to the source.  And it'd be doubtful that a wallet like that would last long as an OSS project if there was a backdoor for the developer to steal your private key.

Second, you can (as I do) download the source pages onto an airgapped machine, and generate your wallet keys on that airgapped machine, and only use the public keys on a non-airgapped machine, never letting it see the private key.

That way, the generation phase can never send your private key away to a sneaky developer, but you can still receive and check balances on the wallet.  When you want to send, then you need to get the private key connected and create a transaction (but then I would kill the wallet and create a new one on the airgapped machine, and never let it see the light of day).

[cpfreeplz]

Web wallets will, so don't use them. Most wallets that you download onto your computer or phone will store the private key but there would be no way for the devs to know your private key. Make sure you always have a backup.

[pooya87]

Web wallets will, so don't use them.

not all of them are alike.

there are two types of web wallets:
1. those like Coinbase that have full control over the private keys and your bitcoins. so you just create an account and your account has a balance but you don't control it without their help.
2. those like blockchain.info that only have an encrypted wallet file. they do NOT have access to your private keys and that is the biggest difference that also increases their security. (they are still very weak compared to a cold storage)

[cpfreeplz]

Web wallets will, so don't use them.

not all of them are alike.

there are two types of web wallets:
1. those like Coinbase that have full control over the private keys and your bitcoins. so you just create an account and your account has a balance but you don't control it without their help.
2. those like blockchain.info that only have an encrypted wallet file. they do NOT have access to your private keys and that is the biggest difference that also increases their security. (they are still very weak compared to a cold storage)

Alright let me rephrase. Web wallets are the scum of the earth and they should all be killed off. When (not if) your funds are hacked from them you'll be sorry that you ever trusted an unlicensed, unregulated, uninsured "bitcoin bank" touch your money that you are free to store on your own without any intermediary.

Oh but some of them apparently don't hold your private keys. If you can believe that. Which I don't. Could I see their open source code?

[pooya87]

Web wallets will, so don't use them.

not all of them are alike.

there are two types of web wallets:
1. those like Coinbase that have full control over the private keys and your bitcoins. so you just create an account and your account has a balance but you don't control it without their help.
2. those like blockchain.info that only have an encrypted wallet file. they do NOT have access to your private keys and that is the biggest difference that also increases their security. (they are still very weak compared to a cold storage)

Alright let me rephrase. Web wallets are the scum of the earth and they should all be killed off. When (not if) your funds are hacked from them you'll be sorry that you ever trusted an unlicensed, unregulated, uninsured "bitcoin bank" touch your money that you are free to store on your own without any intermediary.

it doesn't have to be black and white. these wallets have their usages too. obviously you should never store 100BTC in any of these, but who is to say you shouldn't keep a small amount (pocket money) like 50 bucks in them so that when you wanted to access your funds "from anywhere" you could simply do it by just logging in your account.
and services like Coinbase are good for newcomers too. it is pretty similar to a bank or Paypal for example and many may find that easier to use. not to mention the fact that they can buy from same place if they are OK with their rules and their record be reported to IRS, which many are...

Oh but some of them apparently don't hold your private keys. If you can believe that. Which I don't. Could I see their open source code?

https://github.com/blockchain/My-Wallet-V3-Frontend
https://github.com/blocktrail/blocktrail-webwallet
https://github.com/kvhnuke/etherwallet
enjoy!

[Xavofat]

Oh but some of them apparently don't hold your private keys. If you can believe that. Which I don't. Could I see their open source code?

Green Address is open source, and they also have:

1.  2-of-3 multisignature wallets in which they hold only one key out of three (so that you can spend from two devices and they can recover it if you lose one)

2.  nLocktime transactions to send your coins out to a different wallet automatically at a certain time.
The answer is, most wallets will not keep private keys, but you should obviously be vigilant for scams.

[windsee]

I'm using Exodus and MyEtherWallet.

Exodus is to hold the major coins and MEW is to hold ICO tokens. Still a small amount, but want to understand more about the security before I invest more.

[youghten]

Maybe a stupid question. Wondering if various wallet developers will keep the private by themselves. When we install the wallet, address and private key will be generated. Will the developers keep a copy by themselves? I know the wallet project is in github and availabile for review, but how do we know the version we install is the one in github? Seems it's a matter of trust. Do we have anything that can verify it's safe?

yes some online wallet can get your private key  but will never use it because will lost users.

it is risky to save your money in online site so use offline or hardware on and will be safe.

[szpalata]

Oh but some of them apparently don't hold your private keys. If you can believe that. Which I don't. Could I see their open source code?

Green Address is open source, and they also have:

1.  2-of-3 multisignature wallets in which they hold only one key out of three (so that you can spend from two devices and they can recover it if you lose one)

2.  nLocktime transactions to send your coins out to a different wallet automatically at a certain time.
The answer is, most wallets will not keep private keys, but you should obviously be vigilant for scams.

Exactly the wallets developers are generally not the problem even though i suspect they may have copies of them but how you are going to keep your wallet from scams and potential hackers is the most important. Many people loose their private keys through their own reckless activities online or within their neighborhood through social engineering and so if the developer doesn't keep a copy and you still loose it out online it's none of the developers fault but yours.

[damrianto]

the key of a personal wallet should be kept on its own, it is a key that should not be known to others. if leak you can lose all your investments are stored in bitcoin .. although the bitcoin developers do not want your wallet keys leaked or caught someone else ...

[awawo]

Is not the wallet developer's we should be afraid of the hackers that are all out to still you private key there by stealing all your bitcoin from your Wallet. If you say no wallet developer's has access to you private key then you have lied. They are the one that generate and use the private key, you are just a user who must identify it self by providing a key given to you as a customer to check if thoroughly you are one of their customers or not.

[ksgerb]

I don't think they have. That's why when we are creating any wallets they there is always a warning/notification message from devs to make a back up of the private key because once you lose access to pk it already means you also lose your coins and there is no more way to recover it.

[Aura]

That's a good question, I understand your concern as this is the only way to prove that you belong the Bitcoins. Like other mentioned, web-wallets do this to make their service working, as you let them store your wallet on their servers. It's a risk, that's why many people recommend not to store huge amounts of Bitcoin on web-wallets. For desktop-wallets this isn't the case, at least for the wallets that are opensource. As their source code can be examined and it's even possible to build the executable yourself from source so you don't have to download the pre-compiled executable. That's why I prefer wallets that are open-source.

[kotajikikox]

Web wallets will, so don't use them. Most wallets that you download onto your computer or phone will store the private key but there would be no way for the devs to know your private key. Make sure you always have a backup.

I agree any kind of wallet you can use make sure take care of the privatekeys or password for the safety and security of your savings.
Loses of your privatekey are also loses of your investment always be carefull of your wallet account, share your wallet privatekey to the trusted person incase of emergency.

[stickyknob]

If you use a downloadable wallet then this won’t possibly happen. However if you use web wallets there is a huge chance that they could.