 | First thing is first, there is no 100%. Like Ledger should've made that clear as day when they pulled their stunt. While a project might be open source, it depends on your skills and the trust of of others to find problems and keep up with updates. Sites and so on can have bugs into. And so on. And it doesn't even have to be the company pulls a Ledger. Look at what happened to Curve. So with that in mind, you need to understand something called risk tolerance. Risk tolerance:Basically, you're finding the max amount of risk you are OK with. So for example, some people don't do liquid staking or staking at all because they view it as too risky. While others find that risk to be acceptable. A good example I know of is Trezor hardware wallets. A common theme is pulling the info directly from the device. Well, this requires physical access to the device itself. Many view this as an acceptable risk because the chances of someone breaking in and stealing the physical device itself is actually low in most cases. Even more when you add in extra layers like pass codes or the SD trick. The point is, you need to know where to draw the line to being OK with something and not. And this line will move time to time. So don't fear adjusting things even on a per case thing. ___________________________________________________ Situation:So the situation at hand for this example is I made a review post about Wallet Guard. A unique tool to help you clearly see what a smart contract wants you to do. I highly recommend taking a look if you view it within your risk level. Anyways a u/humour-is-good said the following. This is actually a very very good thing to point out, and a good start. And I will show you how to verify things. Find the IP addresses:I find the best method if you are using Windows is command prompt. It might seem scary but it's actually pretty simple. We are going to do a tracert command. What this command does it shows you every place your data goes when going to a given site. This is an extremely great tool when doing networking to figure out what is causing the slow down. But it is a good tool for cyber security to see if you might be taking for a loop somewhere. The command in this case you want to use is Here is an example. Note I took out personal info So this does verify with at least their claim with one of the links. Now we go to the links themself. https://www.criminalip.io/en/asset/report/99.83.190.102 https://www.criminalip.io/en/asset/report/75.2.70.75 I will be getting screenshots from the bottom one since there is a direct match in IP address. I never could get it to verify on the first, but it shows more of the same. So the first thing you will see is Basically, it doesn't look too good from the big scary thing on the left. And I think this is where their research ended. But details is important. Note this Over 2000 links connect to this. If it you look into it, it's a AWS server. Then if you look at the abuse records most came around before wallet guard was even a thing This in itself doesn't prove or disprove anything. And what this basically means is, it is the same way a VPN works- everyone shares the same servers so if one person looks up something bad, everyone else using that server is also thrown in with this "bad reputation". But each person or in this case company is 100% seprate. It's like how I can have my photos on a Google photo server, someone else can have theirs on the same one. If they do something stupid it doesn't mean I'm apart of that stupid. But in this case, this service is marking everyone that uses that server as bad. It's dumb This should only be applied to single use servers which is pretty rare now in days. Like it's an out dated way to measure this if you don't take the extra steps. Anyways, you can go to the whois to figure out info on the domain itself and where it is based in. In this case it's with GoDaddy https://www.whois.com/whois/walletguard.app Obviously take that with what you will if it matters at all to you. But this doesn't prove or disprove anything. The next step is Open source: Now in this case the thing isn't that big, but in other cases it could be hard to go through it even if you know what you are doing. And many cases there is no open source. So you basically have to look at your risk tolerance. In this case, the open source project is https://github.com/wallet-guard/wallet-guard-extension/tree/develop I personally went through it and didn't find any problems. HOWEVER, I'm 1 person using my 1 set of skills. I believe in the future AI will help on this A LOT. But for now, I highly recommend looking into it to see if I miss something. But as far as I can tell, it's all good. Reviews:This isn't a 1 stop thing, but a good way to see what is up is by looking up reviews on the thing on Youtube and other places. Keep in mind you might run across a Ledger, but this can at least help you gather some info. There is a few more things to get into, but from here it depends on the tool itself and it gets into general info like researching the group that makes the tool, interacting with the community, and so on. All basic basic stuff. Conclusion:Hopefully this guide will help you verify given tools you use. Again, there is no 100% and you need to know your risk level. Like what are you OK with and not. Don't let someone force you to use something you aren't 100% OK with. A lot of time your gut is trying to tell you something based on your life experiences. Look into it with logic and see if what your gut is telling you is the truth. No research is the worse thing you can do. Bad research is at least better than no research. But you want to try to aim for at least good enough research because it is highly unlikely you have the time, energy, resources, etc to look at every last variable with every last thing you use. So you need to lean back on the risk tolerance level. If you have any questions, please feel free to ask. [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments