pull down to refresh

Proton wallet - Review by Sethx.com/sethforprivacy/status/1816223365411016918
51 sats \ 0 comments \ @Rsync25 24 Jul 2024 bitcoin
tl;dr - ProtonWallet is an easy-to-use Bitcoin wallet that makes Bitcoin more accessible than ever, but is a departure from the normal "private by default" mantra of Proton.
Positives
Proton's wallet has full Taproot integration, is self-custodial, and has simple transaction notes and multi-account support for all the basics you need to use Bitcoin on-chain. It works, it exposes a massive audience that is pro-privacy to cryptocurrency, and makes using Bitcoin more accessible than ever.
The wallet works quite well and I can see it being very normie-friendly and approachable for those who aren't already Bitcoin users. It's also clear from docs and Github commits that Proton had plans for on-chain privacy implemented directly into the wallet (using Samourai Wallet Whirlpool, in fact!) which I applaud.
Negatives
While the simple negatives are just small bugs that exist in the UI today (plus the lack of seed verification), the biggest negative is simply the glaring lack of privacy in Bitcoin today.
With the malicious prosecution of samouraiwallet by the DoJ (something that clearly prevented ProtonPrivacy from pursuing their plans to implement Whirlpool into this wallet), Bitcoin as-is is not private by default. That breaks the norm that Proton users expect for their other offerings, and opens up a can of worms.
I of course understand the network effects of Bitcoin etc. here, but for a company offering a suite of private-by-default tooling, there needs to be very clear warnings around the potential privacy issues here.
Privacy Details
  1. Proton has visibility into wallet balances due to the nature of Bitcoin. They are committing to not log balances, but your client queries for the balance of individual addresses "with Proton's full nodes" and thus Proton can see wallet balances.
  2. Proton has visibility into the link between on-chain addresses and emails (AFAICT), as the client generates pools of addresses and sign with PGP, but Proton themselves serve them to users sending to your email address.
  3. Be very cautious with how you use the wallet, as funds sent to you via email will necessarily be co-mingled with any other funds you send in due to a lack of coin control. If you want to accept Bitcoin via email, I'd recommend doing so in a standalone account/wallet in Proton Wallet to segregate funds.
  4. Proton clearly wants to implement some form of privacy for Bitcoin, but without their planned Whirlpool integration (something that apparently is DOA right now, was removed from GH) there just isn't much that can be done on-chain.
write
preview
related posts