related posts
10 sats \ 7 replies \ @DarthCoin 25 May 2023
Was useless anyways and full of shitcoineries.
A much better method is https://bitcoinbinary.org/ - open source and no crap shitcoines and DMCA
reply
0 sats \ 6 replies \ @cointastical 25 May 2023
Bitcoin Binary covers a very limited set of applications:
https://github.com/coinkite/bitcoinbinary.org
They reviewed Android wallets. Many Android wallets are not bitcoin-only. So yes, many of the reviews were for Android wallets that had support for shitcoins in addition to bitcoin.
Of the small handful of Android wallets on the site that were found to be "reproducible" nearly all were bitcoin-only (e.g., Electrum, Blockstream Green, SBW (before its fork to OBW, ... great blog post, BTW)).
What I could not understand is why the authors of Android wallet apps that were not deemed reproducible from the source (such as Nvk, creator of BitcoinBinary.org) didn't submit a pull request to Wallet Scrutiny proving the app could indeed be reproduced. BlueWallet was another -- if the app binary truly could be reproduced from the sources, why not simply point out the missed step or whatever gap existed where Wallet Scrutiny was unable to reproduce the binary solely from the source code.
Without the ability to reproduce the binary from the source, that means the binary could be doing stuff that nobody would know -- including uploading your keys to the mother ship. Was BlueWallet doing that? I doubt it. Do I know for sure? No -- because there was no proof that the binary .apk on Google Play was created from the source code from their repo.
What good does saying "I control my keys" when you use a wallet app and you truly cannot say "I control my keys" because you simply cannot tell what the .apk binary truly is doing with your keys.
Wallet Scrutiny is a net gain.
reply
25 sats \ 5 replies \ @DarthCoin 25 May 2023
Because the wallet scrutiny guys requested money in order to scrutinize the app....
reply
25 sats \ 0 replies \ @random_bitcoiner 25 May 2023
I saw post on upwork from them once. Asking for money is not a problem, these things don't review themselves and the time for people with the skills to go through these procedures is valuable. It all comes down to how much.
If it was enough to pay for 10 to 20 hours of a devops specialist is fine, if it was something like 50K that would be odd.
reply
0 sats \ 0 replies \ @cointastical 28 May 2023
The lady doth protest too much, methinks
reply
0 sats \ 1 reply \ @cointastical 28 May 2023
https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/340
Shows that NVK's ColdCard was tested as of six months ago and still not reproducible.
reply
0 sats \ 0 replies \ @cointastical 22 Jun 2023
New pull request. Maybe it's resolved!
https://gitlab.com/walletscrutiny/walletScrutinyCom/-/merge_requests/472
reply
0 sats \ 0 replies \ @cointastical 28 May 2023
deleted by author
reply
1 sat \ 1 reply \ @kepford 25 May 2023
Looks like they their domain is with namecheap.
reply
0 sats \ 0 replies \ @cryptocoin 25 May 2023
They aren't running anonymously, nor pseudonymously.
Here's the founder:
https://gitlab.com/Giszmo
Here are the code contributors:
https://gitlab.com/walletscrutiny/walletScrutinyCom/activity
https://github.com/WalletScrutiny/WalletScrutinyCom/graphs/contributors
Leo has been on a number of podcasts and such. He's still active with the WalletScrutiny project, (e.g., his review of a fix that will let WalletScrutiny be able to, finally, build BlueWallet in a way that it passes as "verifiable"), but I see nostr-related things appear to be his recent area of focus.
reply
1 sat \ 1 reply \ @random_bitcoiner 25 May 2023
anyone has a clue of what custodial service that might be?
reply
1 sat \ 0 replies \ @cryptocoin 25 May 2023
Could be almost any exchange that has a mobile app and shows a balance for the users's bitcoin.
Would be good for Wallet Scrutiny to name and shame though.
reply
0 sats \ 0 replies \ @cointastical 22 Jun 2023
Related:
Does anyone know why Wallet Scrutiny can't reproduce Coldcard builds?
#197441
reply