adrienne pfp
adrienne
@adrienne
Potentially dumb question that’s been on my mind since first learning about crypto: When you enter your seed phrase into a wallet, how do you know the provider isn’t doing something else with it, like storing it in a log somewhere? It happens with passwords - how are wallets different, why should we trust them?
10 replies
0 recast
0 reaction
adrienne pfp
adrienne
@adrienne
Famously happened at Twitter And I may or may not have seen log files with passwords in places I’ve worked as well https://www.bleepingcomputer.com/news/security/twitter-admits-recording-plaintext-passwords-in-internal-logs-just-like-github/
1 reply
0 recast
0 reaction
adrienne pfp
adrienne
@adrienne
Appreciation cast for: Farcaster for being a place that welcomes potentially dumb questions 💜💜 And For everyone who contributed information and perspective ✌️🥰
0 reply
0 recast
0 reaction
san pfp
san
@san
TLDR - you don't This is why use open source wallets as much as possible. Slope, a solana wallet logged the seed phrases to sentry (the logging system), and lots of users got drained last year.
1 reply
0 recast
0 reaction
timdaub pfp
timdaub
@timdaub.eth
Open source
1 reply
0 recast
0 reaction
Dan Romero pfp
Dan Romero
@dwr.eth
You don’t :)
2 replies
0 recast
0 reaction
jonwalch pfp
jonwalch
@jonwalch
I use a hardware wallet. Hot wallet for meaningless amounts of funds in case what you said or something else bad happens.
0 reply
0 recast
0 reaction
Jackson 🎩🍖 pfp
Jackson 🎩🍖
@jacks0n
Sounds like we need ability for apps to prove they are using an open source package. Then I could know eg the wc app is using some seed vault package that doesn’t let them access the raw data. Ofc they you get around it but it would help prevent developers making common infosec mistakes. Make safety easier
0 reply
0 recast
0 reaction
Zach Harris pfp
Zach Harris
@zachharris.eth
This might be the most faraday cage anti psyops post I’ve read on WC to date. Truth is, you don’t.  Somebody with a black hat, and some moderate skills could packet sniff / decrypt / intercept unless there is some crazy NSA grade encryption going on behind the scenes upon auto generation. Talk to @bias.
1 reply
0 recast
0 reaction
Shane Glynn pfp
Shane Glynn
@cno
Short answer: you don’t. Longer answer: open source and hardware wallets mitigate most of these concerns but, still, we are all fundamentally trusting someone else’s opinion that the seed phrase is not stored.
0 reply
0 recast
0 reaction
deep substrate foliated tomato pfp
deep substrate foliated tomato
@tomato.eth
The answer is: You don't! This is why you should use a hardware wallet. The wallet software should never be given your seed phrase.
1 reply
0 recast
0 reaction