DarkWallet has brought a number of truly interesting and important innovations to the market, too bad development was abandoned.
- HD, Tor Support, Stealth Address
- Trusted Node
- Market’s first stealth address wallet
- Integrated escrow service useful for decentralized markets
- Integrated coin mixing
- No longer being updated
- Still deemed not safe for serious use
- Chrome extension download, complicated set up
Dark Wallet doesn’t really seem to be updating. Check out Samourai instead.
“IMPORTANT this wallet is NOT STABLE or SAFE, and at this point you should use it with real money only at YOUR OWN RISK.” This is the message that greets entrants to the darkwallet.is site, and does little to inspire confidence in the project. This cannot be! One is inclined to exhort. How is it that two years after initial launch and at least $50k in crowdfunding the product is no closer to stability and seems as if development has been suspended?!
Could it be that Cody Wilson and Amir Taaki, the latter a brilliant developer, the former a courageous provider of 3D printed gun blueprints to any 10 year old with an internet connection, suffer from attention deficit disorder? After releasing his alpha, did Amir, satisfied that he demonstrated his prowess, simply bugger off to something else, not bothering to finish what was started?
In our opinion at least, Dark Wallet seems to be more of a prototype than a stand-alone product. Mr. Taaki, with support from Peter Todd (or the other way around, not sure) released the first workable stealth address solution and showed how a coinjar integration would look. This also explains the relative neglect of the product from a security standpoint – perhaps it’s role is to facilitate real-world testing of these new innovations on the test net and with small amounts of real coin. And indeed, newer products, most notably Arcbit, have integrated stealth addresses in a more secure environment and in a more user-friendly way.
And despite Mr. Wilson’s statements that “It’s just money laundering software,” which seem to be both counterproductive and self-serving (I am still causing a raucous and I am a rebel!) this is an important product. Bitcoin allows anyone who knows how the ability to surveil private transactions at a level unparalleled by cash, credit card or bank transfers. Insufficient privacy protections not only allow snoopers to determine the amount of money Marks have in their wallets, they also might be able to identify IP addresses which starts to get scary. While Taaki and Wilson seem mostly preoccupied from their interviews on how Western governments might infringe on privacy to our detriment, there is nothing stopping authoritarian governments or unsavory individuals from doing the same thing.
In any event, the product is functioning, if unstable, as a chrome and firefox browser extension which we’ll review directly.
Download the link from this github link, unzip the file and save it on your desktop. Open chrome (or firefox, we use chrome), click the hamburger in the upper right hand corner, go to more tools and then extensions. Enable the developer tools box located in the upper-right corner of chrome://extensions and click “load unpacked extension”. The Darkwallet extension will appear in the table. Click on the icon to launch the wallet.
You will be asked if you would like to proceed with real bitcoin or the testnet, and reminded that the software is in alpha and should be used at your own risk. Take your pick, and create your first wallet.
After inputting the wallet name, sticking in a password and choosing your language, be sure to jot down the 12-word mnemonic displayed on the screen, which you will then be required to type back in to confirm they have been properly transcribed. You’ll then find yourself in the lobby, which is quite smart looking. Each wallet is automatically set up with three different “pockets”, business, spending and savings. Users may easily add additional pockets with a click on the plus sign. To add multisig wallets requiring approval from multiple signatures click on multisig funds and add fund managers using either QR code, public address or stealth address.
Each pocket is automatically set with a stealth address. Stealth addresses are long number strings which act as intermediary between the sender and the recipient address, which is then unlocked by the recipient address out of view. The sender must encode in the transaction a nonce used to unlock the recipient address which can only be read by the recipient – it’s basically like sending bitcoin to a new address and providing the recipient the private key. For a more in depth discussion on how this works, check out this reddit thread.
When you send money, you are also offered the option to use their coinjar function, which mixes payments with other Dark Wallet users, thus making it nearly impossible to understand which bitcoin went where. This function is dependent on achieving enough of a critical mass of users to contribute to the mixing, which is not yet feasible.
Senders may also choose to send coin to an escrow address, which is meant to facilitate commerce – and perhaps in the grand scheme of things is envisioned to support openbazaar (Taaki and Wilson’s decentralized marketplace). The idea is that the payer would send X amount of coin to an escrow address and the sender of the purchased item would send Y amount. The payer would release the funds to the sender upon delivery, and the sender would be discouraged from not shipping the delivery because his own funds are at stake.
We don’t rate darkwallet very highly for security – and to be honest, we would imagine the security holes could be exploited to undermine privacy. The choice to set up Dark Wallet as a web wallet is an interesting one, considering that web wallets are the most insecure choice available. (Perhaps, again, this was done to ease integration into openbazaar or something). Of course, much effort has been put into securing the firefox and chrome extensions, but this is not the most secure option.
I am not sure if installing this as a developer as a chrome extension adds a privacy or security aspect, but from a usability aspect it is pretty poor. Additionally, the advanced features offered come with very little explanation – it seems the product is directed entirely to developers and serious crypto anarchists. We would expect second generation products to focus more on usability – one can see this with arcbit.
OK, so as we have outlined above, DarkWallet offers innovations that are of value to bitcoin. They most likely will have applications that might be used or expanded upon outside of the cryptocurrency world as well. What a cool example of how the community gets to share in innovation in real time, to test out new products that could become essential components of crypto technologies used in the future.
What it isn’t is a product that should be used by anyone with any considerable amount of real money, except those that have a greater understanding of how these things work than I, and can make the decision without actually reading this article.