Re: Wasabi Wallet - Total Privacy For Bitcoin

Quote from: JollyGood on September 11, 2024, 08:53:27 AM

As Ginger Wallet is effectively a clone built on the Wasabi Wallet source code, the same issue would probably apply to them unless they modified something within the code when they released their wallet. In the event the wallet is no longer accessing the designated URL, if it will be as simple as replacing it with another they should have announced provisions for that possibility (with a set of instructions) with every new release.

Quote from: BlackHatCoiner on September 10, 2024, 09:16:13 PM

I just checked the source code, yet again. Indeed, there is a BackendUri variable pointing to "https://api.wasabiwallet.io/" by default: https://github.com/WalletWasabi/WalletWasabi/blob/e8a6e55737b554276948a403aab2fb070b3fe671/WalletWasabi/Helpers/Constants.cs#L12.

This means that if wasabiwallet.io is ever taken down, everybody's client software will need to update, with another backend. And until that new API server is created, distributed and updated in a new version of the client, Wasabi users cannot access their wallets. Why is this designed so centralized and permission-requiring?

I think the reason for these designs being so brittle compared to let's say the Bitcoin protocol itself is because the development team assumes their program is going to be the only one functioning with this sort of API, such that in case the service does go down (like Samourai), it spells death to the API they're using as well (bye bye Whirlpool).

If people see that there are other teams with forks of their software and they still use a similar sort of API, they should at least try to reach out to the other teams to attempt to coordinate a common standard for the backend/API or whatever is behind the scenes so that users can easily switch from one to another. But that's hard to do unelss you gather all these people at a Bitcoin conference.