RE: Account Security Is Hard. The Edge Wallet Does It Right.
I always think about trust whenever I see an app like this. I "trust" my bank because I have to trust a bank and have been with them for long enough that based on their past history I'm relatively certain that they won't rip me off. And even if they do, I assume that the federal goverment's consumer protections will protect me (though we can obviously have a conversation about whether that's a good assumption).
One of the problems that I've had getting in to cryptocurrency is this trust. While I can trust the math as much as I'm able to understand it (though I'd be lying if I said I completely understood it) as a developer I have a harder time putting trust in a software package from another developer and my phone.
Without being a security expert, how do you go about vetting a wallet such as this to know that when they say they have no access to my currency that they really don't?
It's a good question, Omni. For me, "trust" in the banks is completely lost because I've been paying attention to what they've been doing worldwide and because the purchasing power of the dollar is constantly being eroded. Some who are living pay check to pay check are fine with that, but they don't realize how much value is being stolen from them. For those who can ride the volatility waves, cryptocurrency is the future, we're just a bit too early right now for price stability as a daily currency until the market cap grows much, much larger.
As to trusting the software installed on a phone, that's a really big deal. That's why, up to this point, I haven't ever recommended a mobile wallet app. Having met their team and the CEO and talked with them directly about the security model they've implemented, I felt it was worth giving them my trust. Am I able to look at the source code of the binary that is directly installed on my phone? No. Ultimately, I do have to trust someone in that regard. For that matter, I have to trust the phone itself also. At the same time, I don't store much money on my phone anyway. Most of my holdings are on a Ledger Nano S, but even then, I have to trust that manufacturer and all the software vendors they work with.
Ultimately, I trust the cryptocurrency system more than the banking system because government regulations, from what I've seen, don't protect consumers as much as they create monopolies. When HSBC got their hand-slapped for outright drug cartel money laundering, it barely phased them. They just keep on doing whatever they want to do. At least in this space, reputation matters because we have choice.
I guess that's why I convert so much of my fiat money into liquid assets (beer).
In all seriousness though, the problems I've had with the banking system seem like they'll only get worse going forward, and I trust the US banking system more than I might trust some outside of the United States. With inflation working against saving as it does, a little more volatility isn't necessarily a bad thing for me. You can't have a whole lot of upside without facing some risk.
As for using cryptocurrency as a daily currency, the lag with Bitcoin makes it really difficult to take seriously. Whether I'm transferring it to an exchange to convert to USD or sending to a reseller, the amount of time it takes to process compared to just entering a credit card number is a pretty big hurdle. Steem seems to be snappier by design from what I've read, but I'm not enough of an expert to really know if that's really a feature of the network or just a byproduct of popularity.
I'll probably be trying the Edge wallet since I need something on my phone, and the implicit trust I have in you using it is better than I have in any of the other wallets I've heard of. I imagine the volume of currency you'd be dealing with on your wallet is an order of magnitude greater than what I'm dealing with, so if you don't get ripped off I probably won't either.
Well, as I said, I don't put more than a little spending money on a mobile wallet. Most of my holdings are in hardware storage.
STEEM (3 second confirmation times) is much faster than BTC because it uses DPOS (you can read more about that here) instead of POW. It's cooperation instead of competition.
For the record it is open source which means that anyone can inspect the code. There are vetted teams integrating Edge into their applications, including Augur & Wings and a growing list of teams.
The Edge team has invited security experts to inspect their code, but you can also never be 100% certain that something is completely secure.
While open source is awesome and I trust it more than closed source for security, just because the code is able to be audited doesn't mean that someone with the skills to do so have actually audited it. How long was that OpenSSL bug around last year before it was found?
I mean, I'm still going to try this one out, but how a technical end user that is not a security expert properly vets something like this is not an easy problem!