Open-source software can be viewed as insecure or unsafe by many people. In the aftermath of scares like Heartbleed, some have questioned whether open source is too flaky (and too open) for some applications. Alternatively, open-source technology may be more robust because it has more eyes and hands on it than proprietary software.
Would open source be considered as a good or bad thing when it comes to cryptocurrency safety in Bitcoin wallets?
Most people aren’t knowledgeable enough about cryptocurrency yet, which has the unintended result of giving rise to an increasing amount of usability fears. According to a piece by Steve McCaskill on TechWeekEurope, Zug citizens and businesses just recently began to test Bitcoin payments of up to 200 Swiss Francs (roughly US$200) to see if digital currencies could serve as a catalyst to spur the financial sector. This is still in its infancy.
A vulnerability in open source
The use of split functionality in software applications can lead to an open-source security issue. The IT operations team normally conducts vulnerability scans, i.e. in one workshop. There is a possibility that infections can spread when disparate open-source developers work in an incongruent manner (and fail to communicate with one another and annotate their work).
Developers at Samourai are striving to address this issue and others in their Bitcoin wallet, which holds user cryptocurrency digital assets and handles Bitcoin transactions. A number of wallets have followed the open-source format since the inception of bitcoin. Wallet developers MultiBit HD emphasize that “Developers can look at how bitcoin wallets work and verify that nothing suspicious is happening.” Many Bitcoin wallets are ‘open-source,’ which means that developers can view how they work.
Can security be hand-forged?
Using Samourai, users will be able to protect their funds, transactions, and identity with the assurance that their identities will be masked, and their bitcoins protected.
In March 2016, Samourai became fully open-sourced. It began by releasing an Alpha (or the first version of a minimum viable product) very early in its development so that users (mostly pretty technical users) could help guide its development.
We used blockchain.info API to get the balances for Samourai and push transactions to the network so we could make it available to testers as soon as possible. The authors explain relying on one API is a bad idea not only structurally, but also needs a good deal of trust. We need to trust that blockchain.info won’t share information passed to the API with anyone else.
Technology knows nothing about you
It says it immediately removed all reliance on third-party API after realizing blockchain.info was a point of failure. In addition, for open-source cryptocurrency wallets to be secure, they need to know nothing about their users.
- Therefore, Samourai cannot have any information about its users.
- A Bitcoin wallet will need to be created on the user’s local device.
- Therefore, Samourai must not collect any personal information about a user that has installed and implemented its software – other than the fact that a “download” has been initiated.
Another aspect of the Samourai technology that helps it to remain safe is that “[This technology] does not reuse addresses. Reusing addresses is one of the common problems that wallets face, making it easier for observers to track your balances and spending habits.
In addition here, Samourai avoids reusing inputs from a previous transaction. This leads to a reduction of your blockchain footprint, increasing your privacy.
Is it still safe?
There is no question that open-source Bitcoin wallet security works well. We know that code reviews can enhance code quality all around as long as certain procedures are followed. There’s no doubt that relying on a single proprietary API is a risk – and people are still relatively ignorant about cryptocurrencies in general.