search

monero-project / monero-site

https://getmonero.org
BSD 3-Clause "New" or "Revised" License
266 stars 381 forks source link

Revise Light Wallet section #2162

Open CryptoGrampy opened 1 year ago

CryptoGrampy commented 1 year ago

I'm creating this issue to get some discussion and input on significant revisions to the light wallet section on the getmonero downloads page.

  1. Remove any wallets that don't support self-hosted light wallet servers. The higher the % of Monero users using hosted light wallet servers, the worse privacy becomes for ALL users of Monero. Any wallet that doesn't safely support the use of a self-hosted Light Wallet Server (any server that follows the Light Wallet API spec) should not be recommended.

  2. Add more clarity to the privacy dangers of using the default 'hosted' light wallet server in these wallets. It's not just that your privacy can be 'lessened'. It's that all of your past, current and future incoming transactions tied to that view key will be recorded and saved, even if you decide to stop using the wallet. Usage of the default behavior of that wallet lowers the privacy of all users of Monero, and additionally, significant information around a spend (not the spend amount itself) is leaked when using Light Wallets with a server out of your control.

SamsungGalaxyPlayer commented 1 year ago

1 would include the official wallets, Feather, Cake, Monerujo, etc. I don't see a reason to remove wallets that don't have this feature at this time. Perhaps a year after formal official wallet support (?). Unless you mean the removal of light wallets that rely on a set centralized server.

lalanza808 commented 1 year ago

+1 - would love to see a stronger push for self-hosted LWS setups.

@SamsungGalaxyPlayer just the light wallets section: image

erciccione commented 1 year ago

Remove any wallets that don't support self-hosted light wallet servers

I disagree with the complete removal, but i agree we should expand the warning or put these wallets after the self-hostable ones.

Add more clarity to the privacy dangers of using the default 'hosted' light wallet server in these wallets

I agree. Any suggestion about the specific phrasing? I would keep it short, or, if we want it longer, we might exand the "light wallets" Moneropedia entry to include all the information we want.

CryptoGrampy commented 1 year ago

Regarding complete removal:

  1. If a light wallet doesn't allow users to input a custom server URL, they are essentially profiting off of the reduction of system privacy in Monero for the reasons stated above. Why on Earth would we put thousands of XMR per year into the further development of the privacy protocol if we also push users (via suggestion on getmonero.org and the reddit sidebar) into wallets that give users no choice but to give up their transaction data to propriatary black box data collection. It makes no sense.

  2. Considering the substantial amount of server resources required to monitor thousands+ if not hundreds of thousands of wallets in a light wallet server, doesn't it seem a little strange that a wallet company running these servers doesn't make it easy for users to use their own personal server resources to reduce compute cost? Could it be that the in-app exchange offered by the Light Wallets isn't the only funding mechanism for their companies, and that they may be following the footsteps of countless other companies that sell user data?

  3. If CakeWallet @SamsungGalaxyPlayer only allowed users to use Cake's Monero node, there would be a mass uprising in the Monero community. Why does a wallet like Edge get a pass in this regard?

Regarding phrasing:

Let me mull this one a bit. I agree that short is always best, but it may be good to reach out to MRL or Monero-Dev to get an full and accurate understanding of the risks associated with these wallets in conjunction with a hosted server; it's a much worse situation than most people understand.

SamsungGalaxyPlayer commented 1 year ago

I'm for removing lightweight wallets that don't allow using a custom server. Maybe I'll change my mind with Seraphis/JAMTIS, but not now. The privacy leak is significant, and should not be recommended.

plowsof commented 1 year ago

MajesticBank noted on IRC that the edge app is the only one to have trackers https://reports.exodus-privacy.eu.org/en/reports/co.edgesecure.app/latest/ (if this would play into any decision making)

jermanuts commented 4 months ago

As I said at https://github.com/monero-project/monero-site/pull/2143#issuecomment-2002555434 you are putting a lot of trust in these Web-based wallets to not serve you a backdoored client from the server by dynamically serving JavaScript code to the browser to handle cryptography, creating wallets (stealing seeds) and when using an existing wallet etc.

They are too much of security risk to recommend.

EDIT: https://www.devever.net/~hl/webcrypto

detherminal commented 3 months ago

changing the section's name might also be a good choice. feather is neither mobile nor light but it is still there.

SyntheticBird45 commented 3 months ago

What about "Roaming" instead of "Lightweight". This is the only use case fwiw