Is anybody using OWNR wallet?

[Lance203sin]

What do you think about it? I like non-custodial solutions with every basic option but i have some concerns about the codebase. This wallet is not open source. I know that no one likes to share their backend code but this can be a good option for transparency, you know. Is it safe to use with big amount of money? (Im not a whale, hah.) Yes, i know that a cold wallet can be more secure although i prefer hot ones.

[OmegaStarScream]

I'm pretty sure Bitfinex wouldn't make a partnership with an illegitimate business but I also don't see the point of using this wallet, especially when you have wallets like Exodus and Coinomi that offers even more features and also support more coins.

-snip-
Yes, i know that a cold wallet can be more secure although i prefer hot ones.

The security and safety of your funds should always be your top priority, you might regret this in the future.

[Pmalek]

You can take a look at their announcement thread and see what users think of the wallet there. It is located here > https://bitcointalk.org/index.php?topic=5145162.0
I glanced through it quickly. There doesn't seem to be any reports of scams, users not being able to access their funds or being locked out of their wallets. But as you highlighted yourself, it is not an open source wallet and I am personally have no use for it.   

[Wind_FURY]

This wallet is not open source. I know that no one likes to share their backend code but this can be a good option for transparency, you know. Is it safe to use with big amount of money? (Im not a whale, hah.) Yes, i know that a cold wallet can be more secure although i prefer hot ones.

Is it too much to say that "not open source software" goes against Bitcoin's ethos? I personally would discourage using it.

Use electrum. Secure your keys.

Or use one of the recommended wallets in this list, https://docs.google.com/spreadsheets/d/1aZ1zbaUEzCo9NCctN8-eL2VLIiSdY009tTJvRXDUWEw/edit?usp=sharing

[Dabs]

I second the motion for Electrum and Core desktop wallet software. Why use anything else? Not your keys, not your coins.

[pooya87]

I second the motion for Electrum and Core desktop wallet software. Why use anything else? Not your keys, not your coins.

i am also against anything closed source and/or custodial but also you should try not to limit yourself just to these two wallets (core and electrum) there are lots of other good projects out there each doing a different thing. from paper wallets that are free to hardware wallets that you have to pay for them and to all other desktop wallets that satisfy a different need like wassabi that offers coinjoin features.

[hugeblack]

Is it safe to use with big amount of money? (Im not a whale, hah.) Yes, i know that a cold wallet can be more secure although i prefer hot ones.

The big amount of money varies from person to other, some 1000 dollars will not make a difference to him, others 100 dollars.
If you are afraid of losing that money, only put it in a reliable wallet (choose more than one wallet.)
You can split money to avoid loss by using a lot of wallets (Exodus, Coinomi, Trust,..etc.)

[mk4]

The only reason I would use a closed-source wallet is if it has GREAT features that would make it worth using, while of course, I'd store only very small amounts of money. Probably the same amount of money that I'd personally keep on my daily leather pocket wallet.

And yea, stop hunting for other wallet apps. The wallet apps we have right now has most of the things we need already, especially when talking about cold storage.

[Dabs]

Yes. Agree. Would like to clarify that there are plenty of options out there that are both open source, or they show transparency on how the wallets work. Hardware wallets in particular have certain closed chips, but most of the rest of the logic is explained clearly. Obviously they shouldn't reveal private keys or seeds unless it's part of a function that it does.

Wasabi is also a good one, and there are services which are not wallets themselves like JoinMarket or Shuffle-something (I forget what they are called), plus even true DEX like blocknet that works with your core wallet to do atomic swaps.

Some other examples are OpenDime, where it's not exactly a hardware wallet, but more like a physical bitcoin, they private keys are on the device itself and revealed only when you punch a hole or something; otherwise just showing the public address and how much coins are in there. It's been called the bitcoin bearer stick.

You can't go wrong with Core or Electrum (after verifying integrity, download from original website) ... the other wallets, being new, have a little risk involved, which, if you know what you are doing, can be mitigated.

Some wallets are / or were good, like Multibit, but they stopped supporting it. I myself never used them because I thought they had problems back then, so now that they're gone I don't have to think about transferring coins from a dead wallet software.

Just remember, get the keys, it's your coins.

[coiningz]

Actually, nobody is showing the backend code. Some project is open source but only for the frontend client. As a developer, i did not see fully open-source multi-wallet projects before. It will be interesting to check if anybody can send a link to me

[mlmdaily]

I second the motion for Electrum and Core desktop wallet software. Why use anything else? Not your keys, not your coins.

There are some closed source non-custodial solutions. OWNR, for example, is not storing the keys. And as i know there were some security problems with Electrum in the past https://cointelegraph.com/news/electrum-faces-another-fake-wallet-attack-users-reported-to-lose-millions-of-dollars

[DaveF]

Unless I am mistaken, and I'm sure there will be a ton of people here who will correct me.
There are no multi-alt-coin open source wallets for mobile.

Since this is in the bitcoin wallet section not the alt-coin wallet section, there are going to be different views.

Which comes back to the thought of if you are going to have a BTC wallet on your phone and 6 or 7 of the big alts on your phone which is better?
7 or 8 wallets that are all open source but who has time to check the code and verify everything before installing all the new versions as they come out or just 1?

And then you have all the different keys to store from all the wallets and everything else.

It's the loop of convenience vs. security.

-Dave

[OmegaStarScream]

Unless I am mistaken, and I'm sure there will be a ton of people here who will correct me.
There are no multi-alt-coin open source wallets for mobile.
-snip-

There is Hodlerwallet[1] and also Trust wallet (owned by Binance) which used to be open source for iOS only but now, it seems like the GitHub repository has been archived[2] (but you should still be able to compile it yourself).

[1] https://github.com/HODLERTECH/HODLER-Open-Source-Multi-Asset-Wallet
[2] https://github.com/trustwallet/trust-wallet-ios

[pooya87]

7 or 8 wallets that are all open source but who has time to check the code and verify everything before installing all the new versions as they come out or just 1?

being open source is about being transparent not about every single user checking the code themselves. for example i have not really checked Electrum or bitcoin core source code (not extensively anyways) but i know that many others have and that is enough. but if it were a closed source wallet i know that nobody has ever seen the code or knows what it is doing.

[DaveF]

7 or 8 wallets that are all open source but who has time to check the code and verify everything before installing all the new versions as they come out or just 1?

being open source is about being transparent not about every single user checking the code themselves. for example i have not really checked Electrum or bitcoin core source code (not extensively anyways) but i know that many others have and that is enough. but if it were a closed source wallet i know that nobody has ever seen the code or knows what it is doing.

Yes but as I posted someplace else, it's somewhat a false security.

Do you check the hash of the file you downloaded against what is posted?
Do you have automatic updates turned off on your phone and not update till people have verified the posted code is the same as what is in the app store / play store?

And as I posted in another thread unless there has been a 3rd party audit of how they push the update to the store this is all just security theater.

Think about it, if there are poor controls to upload the compiled file to the store then it's all pointless.
DaveF gets a job with bigwallet as their IT hardware person. It's open source, it's audited, it's amazing beautiful code.
Friday @ 4:30PM as everyone is leaving for the weekend I post a corrupt fund stealing compiled app to the app / play store and walk out of the building, head to the airport and fly to some island with no extradition. Saturday AM they have the bad wallet pulled but by then I have 1000s (10000s?) of BTC that were sent to me before anyone knew what happened. And I'm on a beach sipping drinks out of a coconut.

On the other hand the shitty closed source wallet needs 2 people with security dongles to log into the PC that updates the code that is in the app / play store.
You might not know what the code is, and it may be crap with bugs, but they at least know that what they wrote is what is up there.

However, since as far as I know NONE of them publish / publicly audit how they push updates to the stores it's all just trust.

You may feel differently. You may disagree. That is fine, but IMO it really needs to be discussed.

-Dave

[pooya87]

Yes but as I posted someplace else, it's somewhat a false security.
Do you check the hash of the file you downloaded against what is posted?

i get your point and we can discuss a lot about open source and security. for instance since you mentioned hash it reminded me of a common issue among all open source wallets:
a lot of projects (even the popular ones) that are open source, release a compiled version which majority of users download. in other words it doesn't make a difference for them if the project were open source or not since they are still downloading a binary (like a .exe for windows) even if they or someone else had reviewed the code. you still don't know if the binary belongs to the same code or not!

this issue is partially solved when these projects use a deterministic builds but now there is another problem where people who compile from source code don't compare the hashes to see if it were legit. i opened.
https://bitcointalk.org/index.php?topic=5195281.0
https://bitcointalk.org/index.php?topic=5212057.0

[DaveF]

That depends on the wallet you use (such as Electrum),
1. There's no automatic update if you use Electrum
2. You can use PGP verification (rather than hash) to verify integrity of the files. If someone who don't have the PGP private key attempt to upload malicious version of Electrum, PGP verification will fail and people will realize something is wrong.

It's only false security if you automatically believe open source = good/secure software. If you don't perform automatic update, always perform GPG verification and waiting someone to give feedback on newer version of application, i'd say it's more secure rather than blindly trusting closed-source wallet.
If a user don't do all of those when using open-source software, it's their fault.

With the desktop version yes, with the android version unless you have automatic updates turned off. It will auto update when they push something out.
With that being said it's been months and months since they did any updates to the android version.

But this does loop back to the original point, if you have BTC and only BTC or at most 1 or 2 alts then checking you wallets although time consuming is doable.
Looking at my coinomi wallet I have

BTC,LTC,ETH,DOGE,XMR,DASH and DFC

That would just get to be a full time job to keep up with them all.
So since there is not life altering amounts of money there. Heck it's barely weekend plans amount of money. I'll trust the precompiled closed source.
For the real money it's secured another way. YMMV in terms of amounts.

-Dave

[philipma1957]

That depends on the wallet you use (such as Electrum),
1. There's no automatic update if you use Electrum
2. You can use PGP verification (rather than hash) to verify integrity of the files. If someone who don't have the PGP private key attempt to upload malicious version of Electrum, PGP verification will fail and people will realize something is wrong.

It's only false security if you automatically believe open source = good/secure software. If you don't perform automatic update, always perform GPG verification and waiting someone to give feedback on newer version of application, i'd say it's more secure rather than blindly trusting closed-source wallet.
If a user don't do all of those when using open-source software, it's their fault.

With the desktop version yes, with the android version unless you have automatic updates turned off. It will auto update when they push something out.
With that being said it's been months and months since they did any updates to the android version.

But this does loop back to the original point, if you have BTC and only BTC or at most 1 or 2 alts then checking you wallets although time consuming is doable.
Looking at my coinomi wallet I have

BTC,LTC,ETH,DOGE,XMR,DASH and DFC

That would just get to be a full time job to keep up with them all.
So since there is not life altering amounts of money there. Heck it's barely weekend plans amount of money. I'll trust the precompiled closed source.
For the real money it's secured another way. YMMV in terms of amounts.

-Dave

Same as I do with  my Trezor    a black a white a gray one   they never have more then 3 or 4 k in coins combined in the three of them.

 I have a core wallet on a mac mini with  backup hdd's  in three other locations

[Dabs]

I have automatic updates turned off on my phone. I think Electrum does not even push out the latest version in the google play store, so I just downloaded and installed it directly from the website. Check the version number. (Maybe they have already updated it in the play store.)

[DaveF]

I have automatic updates turned off on my phone. I think Electrum does not even push out the latest version in the google play store, so I just downloaded and installed it directly from the website. Check the version number. (Maybe they have already updated it in the play store.)

So you have allow unknown sources and no automatic updates.
Not saying it's bad, but unless you don't have a lot on the phone you run the risk of having a vulnerable app stay the phone longer.

*Full honesty I have a device with more then the small amounts on it setup the same way but the only thing on it are 2 coin apps it is not used as a phone more of a "warm wallet"

-Dave