Wallet Scrutiny

Sun May 31 01:14:54 UTC 2020

Hi list,

I would like to present what I've been working on since November and also ask
for feedback as I see there are a whole bunch of projects around that might have
solved issues I try to solve, too.

As an Android Bitcoin Wallet maintainer I cared a lot about reproducibility
since I took over 3 years ago but I saw it was no topic even among technical
people. I know I don't tell you anything new but even most Bitcoin users do not
care about drastic scenarios like the release manager under duress that could
empty all the wallets of all the users. Therefore I started a project to change
that: WalletScrutiny.com

It analyses Bitcoin Wallets for Android for the potential of all the users
losing all their money at once. Obviously custodial and closed source wallets
fall into this category and public source code is not enough neither. Only with
reproducible builds and every update getting **reviewed** can we hope to catch
the key leaking back doors.

Therefore I am currently working on the automation of the collection and testing
of updates: Google allows to release different binaries to different groups of
users. An app that detects update-events will collect updates where they happen
and submit them to the server where the re-build is triggered automatically.

The **review** part I intend to tackle with
* provider commitments to not release 80k lines of code changes on short notice
* provider commitments to pay bug bounties

Wallets with said commitments could trigger an alert if a non-reproducible or
rushed binary is found in the wild and thus actually protect users.

I hope to expand WalletScrutiny to
* iPhone (I expect the situation to be dark there)
* Desktop (Linux distros, Mac, Windows. With Linux I guess you guys can help)
* Non-Bitcoin Wallets (Altcoins)
* Non-Wallet apps (TOR Browser, Signal IM, Covid19 tracker, ...)

I see fdroid is involved in the RB community but does not require builds to be
reproducible. Probably from that corner I could learn a thing or two. Also
fdroid is strict about the license being OSI compliant while for my project I
only care about auditability.

I today learned you call them rebuilders: I need those. Else my list will
forever just be the list of that wallet dev who says his wallet is verifiable
and "ours" not. Signed rebuilder reports should help to give such a list weight.

All the above is too much for a single fighter but I see there is some RB
community, so maybe together we can bring more awareness for RB.

Kind Regards,

Leo Wandersleb