Dan Guido

ICYMI last night, the existence of a second cryptographic vulnerability in @zecwallet applications this week means you have to draw the conclusion that these apps are not safe to use and require serious design reconsideration before regular use.https://twitter.com/SarahJamieLewis/status/1236137690900258818 …

Hi @sarah. It’s my understanding that the developer addressed the issue with TLS validation being off by default quickly. Regarding your conclusion, I believe that @trailofbits did an audit recently. @acityinohio would you mind reposting that report here?

Hi David. The lack of TLS validation is the tip of the iceberg. Both zecwallet projects lack a considerations for a secure design, I know this because I've found and reported numerous issues with both over the last few months. An audit is not the right tool to fix that.

The entire point of my conclusion was that there are very real & practical privacy issues in apps where zcash is used that need consideration and that aren't being given consideration while these apps are also being promoted widely (and the security patched versions less so)

I stand by my conclusion. There is a very real need for the development of robust threat models for ecosystem software and the resources on the development side to incorporate those into design and testing.

Agreed. There are some difficult trade-offs between security and performance/usability that need to be navigated by shielded light clients. I believe that users with "life and limb" threat models should use full nodes and appropriate layered network privacy solutions.

That is completely besides the main point, the other cryptographic vulnerability referenced in the first tweet was in the full node version of zecwallet. We're not talking about trade-offs here, we're talking about fundamental (lack of) secure design practice.