Open source wallet and closed source wallet discussion

[witcher_sense]

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code, otherwise the security of the central platforms is considered higher than the closed source wallets.

It is not only about stealing users' coins, it is also about "stealing" users' personal data, which is very hard, if not impossible, to spot early in the case of closed-source wallets. Developers of closed-source wallets may be experienced enough to avoid introducing critical bugs in their wallets, but if they behave maliciously collecting and selling the information about users' transactions to whoever pays more, you have no way to catch them red-handed because everything essential is hidden from public view. Even if they promised to compensate for all my losses, I wouldn't use their software because I wouldn't be sure if the money they offer me hadn't been earned by selling my personal information and the information of others.

[1715057748]

1715057748

[pooya87]

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code, otherwise the security of the central platforms is considered higher than the closed source wallets.

It is not only about stealing users' coins, it is also about "stealing" users' personal data, which is very hard, if not impossible, to spot early in the case of closed-source wallets. Developers of closed-source wallets may be experienced enough to avoid introducing critical bugs in their wallets, but if they behave maliciously collecting and selling the information about users' transactions to whoever pays more, you have no way to catch them red-handed because everything essential is hidden from public view. Even if they promised to compensate for all my losses, I wouldn't use their software because I wouldn't be sure if the money they offer me hadn't been earned by selling my personal information and the information of others.

The best example is Windows. It is closed source and historically all versions have had backdoors many of which were put there intentionally so that they can access your machine like the backdoors placed in Windows and used by NSA to access your webcam and a lot of other things!
It is so much easier to do something like that in a closed source cryptocurrency wallet. Specially the light wallets that depend on a centralized server to sync and use encrypted communication.

[BlackHatCoiner]

It is not only about stealing users' coins, it is also about "stealing" users' personal data, which is very hard, if not impossible, to spot early in the case of closed-source wallets.

Exactly, that's why I don't consider them private, SPV asides. If you don't put transparency above all, you can neither convince us you have good intentions, nor you have coding skills, and therefore, your software can't be called secure nor private. And that's exactly what's happening with closed-source wallet software. The developers either put some backdoor, or they're just not competent enough.

The best example is Windows.

And yet, number one in usage. That's the power of marketing.

[pooya87]

The best example is Windows.

And yet, number one in usage. That's the power of marketing.

Good point. Another major reason is the first mover advantage that Windows has though. Not to mention the fact that Linux has major differences that has discouraged many regular users from making that migration.

[NotATether]

The best example is Windows.

And yet, number one in usage. That's the power of marketing.

Good point. Another major reason is the first mover advantage that Windows has though. Not to mention the fact that Linux has major differences that has discouraged many regular users from making that migration.

Time will tell if the power of marketing and "first mover" can withstand the sorry shamble of rubble that Windows has quickly become.

It's not enough to just be the first one in the field, you have to make actually good stuff to convince people to stay. That's why so many people still use Apple even though they were laggards behind MS in the 80's and 90's.

[BlackHatCoiner]

Another major reason is the first mover advantage that Windows has though.

AFAIK, Linux comes with a user interface since 1992, which was a major upgrade (from CLI to GUI). I don't know how Microsoft had spread their software back then, to get advantage of their first moving position, I wasn't even born, but I know that offices did have a massive upgrade in efficiency with Microsoft Office in 90's. It might had been late to move to a brand new OS for most managers, and perhaps a risky move too, given that Excel is just better than the LibreOffice alternative.

Bill had an impressive strategy, no doubt for that.

[pooya87]

Time will tell if the power of marketing and "first mover" can withstand the sorry shamble of rubble that Windows has quickly become.

It's not enough to just be the first one in the field, you have to make actually good stuff to convince people to stay. That's why so many people still use Apple even though they were laggards behind MS in the 80's and 90's.

I don't think that much is going to change with passage of time alone. It is evident that people are too lazy to make a change. Take web browsers for example. The closed source proprietary software called Chrome that is mining user personal info has more than 65% of the total number of users on all platforms while the far superior and open source Firefox has less than 4% (according to Wikipedia).

[witcher_sense]

But depending on what kind of personal data is collected stolen, there are few obvious giveaway such as asking lots of permission on your Android/iOS device. And usually it's not impossible since it can be revealed with network traffic tool (such as Wireshark).

I am not sure if a wallet application asks for permission to track your transactions. That is the major concern with closed-source software: you're unable to verify that it actually does what it says it does. For example, you may have the option to specify and connect to your own full node to prevent collecting the information about your transactions, or rather, you make it slightly more difficult for malicious developers to collect such a piece of information because you cannot verify everything. Is there a way to check that your node is the only "server" that receives transactions, or is it only one of many, with others being malicious surveillance servers that attempt to deanonymize you? Needless to say that an application that doesn't even pretend it is legit, that is, which doesn't allow to specify a specific server is clearly malware waiting for your information.

[Pmalek]

When i say permission, i mean permission on OS level. Here are few example

All or some of those permissions can be manually turned off from the phone's settings menu. And then when you start an app or attempt to use a particular feature of it, your phone is going to ask you to give the app permission to perform certain actions. That's when you know what permissions are needed to complete those actions, and whether or not you can keep them turned of. For example, it might sound weird that an app needs access to your storage and you ask yourself why does it need to go through my phone's storage and what is it looking for there? But you won't be able to download and install an update for the app without it. Of course, the permission can be given when you perform the update and you revoke it straight after that.