pull down to refresh

While I agree that @fluffypony's concerns about the security of web wallets are valid, the examples he cites as security threats apply to the distribution of desktop wallets as well. Attacks such as BGP rerouting, domain squatting, and the potential for a malicious Cloudflare worker can compromise any online service, not just web wallets.
Also I called it FUD because at the end of the day he IS disparaging the app, irrespective of the reason stemming from its architectural decisions. Read “@MutinyWallet is a terrible idea and NOBODY should use it!” and “It is literally impossible to secure a web wallet attack surface”. It is said in a matter of fact way and under the assumption that a sizable amount of users are vulnerable to having their funds stolen in the ways he describes.
Despite this fact, the my monero website still provides a way to not just access, but create new web wallets as grubles has pointed out in one of the replies (https://twitter.com/notgrubles/status/1680912592733192192). If it was such a big issue for @fluffypony, I’d imagine due diligence could be done rectifying his own work by trying to force users to withdraw or at the very least prevent new wallets from being made.
Furthermore, there’s an air of presumption that the creators of the Mutiny wallet don’t know the risks and aren’t actively trying to mitigate it. As @benthecarmen says “he's not wrong that there are risks, but the alternative is praying to daddy apple and google for permission” (https://twitter.com/benthecarman/status/1680631437085626369) seemingly indicating a prior understanding that there are tradeoffs with this approach.
Another comment highlights that the app is a PWA, which should limit some of the attack surfaces described (like having to constantly worry about the correct js bundles being received from the server). There’s a tiny concession by @fluffypony (https://twitter.com/fluffypony/status/1680936318820294657), but only after he seemed to hand wave any security concessions on a previous comment (https://twitter.com/fluffypony/status/1680764906667220992).
Anyway this is probably my last comment on the matter. Users will inevitably continue to use and test Mutiny Wallet, exploring its security and efficiency firsthand. Rather than dismissing the project altogether, I just wish @fluffypony would highlight specific vulnerabilities and suggest potential solutions. The sentiment, "If I couldn't protect a significant amount of my Monero users from web wallet theft enough to justify its on-going development, no one can!" seems dismissive and unhelpful.
reply
Fluffy promoted a shitcoin, not monero, recently. I don't get him.
reply
He is incredibly obese. How do you expect a "man" who cannot take care of his body to act as a human?
reply
Ad hominem attacks are not a good basis to start a discussion.
reply
reply
Nice, good for him!
reply
We don't live in a risk free world. People can choose to keep their sats on Wallet Of Satoshi or even an exchange and trust someone else. I'd prefer to double check my url. If I screw up, that's my problem. Besides, it's not like Mutiny Wallet is meant for long term storage of large amounts of bitcoin.
reply
I don't think this is a kind of FUD, they are trying to bring awareness and cautions among users.
reply
FUD as in Facts U Dislike.
reply
Not that I don't like it, it must have a basis of facts. Totally different from information that I am asuming. FUD happens it it happened multiple times. Don't get confused on what I want to point out in my previous comment. I am with you all when it comes to real FUD.
reply
yea his concerns are 100%. a PWA can rug you at anytime without your interaction
reply
I think all of his points are valid concerns. Many are just related to phishing, however, which means discerning users will not be fooled. Doesn't mean it's not a problem, but it just means that the users should be aware which domains they are visiting.
reply
Shitcoiners hate personal responsibility. Making sure users verify a domain is is inconceivable, it's much better to be complacent in running any unverifiable shitwallet that paid Apple's ransom.
reply
Shitcoiners hate personal responsibility
There are more people using custodial services for Bitcoin than just about any other “shitcoin” in existence
reply
Good. Bitcoin is winning.
Shitcoins exclusively sit on exchanges for degen trading, while Bitcoin custodial services are kept in check by the armed preservation of self-custodial optionality.
reply
Literally moving the goalposts. But that’s okay. You fail there too. Monero and LTC are used more than BTC lol.
Why not come up with talking points that actually support Bitcoin? We need a better class of maximalist honestly.
reply
Ahhh shitcoin boiiii with 0 intellectual honesty. Not surprised based on the first take.
reply
Fluffypony gives useful insights having been involved with hardening a web wallet for many years.
The criticism is well founded IMO, PWA are a security minefield unsuitable for a sensitive application like a bitcoin wallet.
This isn't to dismiss the impressive work done by the mutiny devs, the app works well and looks great. The architecture is the issue.
reply
He FUDs the fact its web, not the wallet or implementation itself
reply
You're right, but the products are very different, and the web in 2023 is not the same as it was in 2017 when he stopped trying.
reply
Listen, I am not a fan of the web approach either. However its horses for course, mutany are hiding anyting here.
reply
I think his comments are valid. Personally, I prefer to use a dedicated app. I understand that there are people who might want to use a web wallet for whatever reason, but they should be aware of the risks.
reply
I suggested pinning the front end to a service like IPFS where you know that you’re only using a certain version number and not going to get an upgrade of the app without your knowledge.
Seems like a good solution to me, but I was dismissed by the creator of Mutiny Wallet with “IPFS is a scam” or some similar comment. Completely ignoring the idea itself. Ignore IPFS, let people host the front end on github pages or something. The idea is making the hosting accessible and easy for people so they don’t need to worry about forced upgrades.
Why wouldn’t this idea work?
reply
He's not wrong....this isn't 'FUD', just valid concerns.
reply
I still believe his concerns are valid.
reply
they also bring up that MyMonero wallet lost their uses millions of dollars due to poor user interface...
reply
Kurang kerjaan itu former xmr
reply