In February 2015 we started Samourai with one goal: create the most anonymous and secure mobile bitcoin wallet. Our mission reads:
We are privacy activists who have dedicated our lives to creating the software that Silicon Valley will never build, the regulators will never allow, and the VC’s will never invest in. We build the software that Bitcoin deserves.
We made a few decisions early on, one was to get our product in the hands of users as quickly as possible, these users, our alpha testers would be able to simultaneously test the wallet functionality and more importantly help shape the future of the product to meet their needs and demands.
In order to get Samourai to our testers quickly we use used the popular blockchain.info API to obtain balances and push transactions to the network.
On Friday, poop_wallet_narwhal noted this reliance on the blockchain.info API as a point of failure and a privacy problem in a post on Reddit titled “Samourai is the most private and anonymous bitcoin wallet is false.”
Relying on one sole API is not only a bad idea architecturally, it also requires trust. We must trust blockchain.info not to share information passed to the API with other parties. So how are we dealing with this?
- We knew this was a point of failure right at the start and we’ve been working to remove reliance on all third party API’s. We decided early on to only use third party API’s during the Alpha stage.
- We have stated on our website and in our private alpha tester group our current reliance on API’s and our plan to phase them out.
- We enabled Tor and VPN support in the wallet very early on to provide mitigation against the privacy loss from using the API’s
Thanks to our group of Alpha testers, Samourai is developing into a product that is close to market ready and we’re confident we’ll make good on our mission and goals. We sincerely thank all our testers and those in the community supporting what we are trying to do. And we even thank poop_wallet_narwhal for pointing to real concerns in our privacy model.