- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time; if nothing changes, it likely won’t be the last.
Since the snap store is proprietary, canonical should be liable for it.
Yeah especially since they had a “verified safe” label on it in the snap store web page.
Indeed
The opposite of this would set a terrible precedent
It’s sad, but as a crypto user I’d be sketched out enough about using a centralised hot wallet app like Exodus in an official capacity, let alone entering my private key in something installed via a 3rd party app store. This probably happens on the Play Store a few times a week, and that’s on a bigger platform with a full security review process. It’s ultimately unavoidable.
Bitcoin is just a scam in general.
“Bro, I’ll sell you this really complicated number. No one else has it.”
“What can I do with it?”
“Sell it for more money to a bigger fool than you.”
"I’m in.*
That’s not fair. You can also ruin the environment with it, it’s baked into the technology.
It’s actually not. If the energy used to mine is sustainably generated, there’s nothing BTC can do to hurt the environment.
IMO the fundamental problem with all (PoW) cryptos is the assumption that computing power is distributed fairly when it’s clearly not. Building microchips is not easy, it would not be hard for a government who wanted to to amass >50% of its nation’s compute power.
And PoS assumes that you’ll never end up in a situation where a small number of users own the vast majority of the wealth…(lol)…and that even if they could they would be disincentivized from destroying their own wealth. But the ability to devalue a society’s currency has immense value, especially if you’re powerful enough to be positioned to fill the vacuum with something of your own design.
And the last holdout argument is that “the network belongs to the people, if the people don’t like certain behavior on their network, they can fork a version without it”. Except that no lay-person will ever make a decision like this. Virtually every single crypto miner downloads someone else’s code and runs it without question. You can’t have accountability in a distributed system if it relies on intelligence and integrity that doesn’t exist (or the cost of which is unreasonably high).
The environmental cost is a red herring, but that doesn’t mean the technology isn’t fundamentally flawed as a currency. Maybe for other, more technical applications, but not currency.
Edit: consider the situation where I hook my own solar panel to a PC and just mine Bitcoin with it. Does this hurt the environment? Of course not. Is it a good use of the power being generated? Of course not. Do people have any reason to be outraged at me doing this pointless thing? Of course not. That’s my point.
Now if I hooked a gas generator up to the PC, that would be another story.
If the energy used to mine is sustainably generated, there’s nothing BTC can do to hurt the environment
Except of course, use the sustainable energy that was otherwise used for actually useful things.
The real fundamental problem with crypto is of course that it is just going so great.
use the sustainable energy that was otherwise used for actually useful things.
But you could use that argument against literally anything you don’t like.
Consider the situation where we live in a society where 100% of energy generated is sustainable. Now imagine the society faces a problem where 90% of that energy is being sold off to private citizens to use for whatever they choose, be that mining crypto, or space heaters (same thing, really) and as a result the society’s infrastructure is left without enough energy (hospitals, emergency services, etc). What would you say the solution is in that situation?
deleted by creator
Yeah, that tracks.
Energy is never generated, power is, from energy conversion.
Also “energy” and “sustainable” intersect with a word called entropy.
“Bro, I’ll trade your food for this fancy piece of paper”
“What can I do with it”
“Trade it for more food with a bigger fool than you”
“I’m in”
(Not saying that you’re wrong, just your argument is stupid)
The problem with most crypto compared to regular money is that it’s often seen as an investment. However, one of the most important factors for a currency that is used in everyday transactions is stability and predictability. Money is supposed to ease trading goods and services as a universal middleman. It’s not supposed to make someone rich who invested first.
Of course there’s also inflation and deflation with regular money but as soon as that’s getting out of control, it typically leads to serious economic issues.
Not to sound like a shill or anything but that’s what’s great about monero. Its actually used on a daily basis as money because it wasn’t designed to be an investment vessel. Unlike most crypto currencies monero is one a few if not the only crypto currency that could suffer from inflation as there is an unlimited supply however this works out in avarage uses favor as there’s no scarcity based value which means there’s less speculation trading leading to a more stable price. I’m not sure what the long term effects of having an unlimited supply of monero is but their justification is that it’s a predictable fixed ammount added which will prevent hyper inflation.
Once again I’m not a crypto shill, I’m literally saying investing in crypto is a bad idea and to only use it for it’s utility.
It’s seen as an investment, yes. Those are important factors for a currency, I agree.
Is there a part where you meant to connect these dots to substantiate the first statement about it being a problem that it’s seen as an investment?
Edit: I get it, you’re saying it’s a problem with the idea that Bitcoin should be used as a currency in everyday transactions. I don’t think that’s a popular use case for Bitcoin, though. I wouldn’t use “digital gold” for everyday transactions, similarly to how I wouldn’t use real gold. That’s not really a problem with Bitcoin though, more of a misunderstanding of it
“Trade it for more food with a bigger fool than you”
Or of course buy any other commodity that you require in life. Which isn’t the case with any crypto.
That only works if you find someone who accepts your money. The difference to crypto is that most people accept money, only few accept crypto
Of course based on that definition. Fiat currency is the same. Just without the complex number.
I am really not a huge fan of crypto. But honestly all modern (post gold standard) money. Is entirly based on users confidence in the nations backing it. The proof of work used for bit coin. Really is no more a matter of faith in folks dumb enough to buy it from you later.
Uh oh, you’ve awakened the crypto bros…
That’s how all currencies work.
“Bro, I’ll sell you this piece of paper with a number in it” etc.
That’s a bit how currency works in general, the only reason why that piece of paper / metal has value is because we agree that it does (mainly large banks will back it). People also buy and sell currency
The issue is around it being seen as an investment more than as a currency?
Its a currency. The finance sector us cancer for commoditizng everything. They’ve caused famines by markets trading of food.
So you think Blackrock fall into a scam too?
Ppf. It’s digital currency. It’s not a scam.
You sound like an 80-year old who refuses to use debit cards because they aren’t cash.
Targeting linux desktop. Damnn
Are we finally famous?
Truly, the year of the Linux desktop!
For all the wrong reason, I can totally see some coiner bro tweeting this headline going “this is why your should use #windows when handling your #bitcoin” 🙄
It’s a good thing bitcoin is more secure than fiat money
Lol
It is on the FlatHub as well.
That’s is the genuine one. There is a genuine company called Exodus for Crypto. The problem is that a scammer made their own clone and nobody verified whether they really are from the Exodus company.
If you check the manifest on Flathub you’ll see they verified it belongs to the real Exodus
Yes. You are right. Thanks. Just listened to the Linux Matters podcast episode about this. Crazy.
That one apparently is legit: https://floss.social/@sonny/111966204515001155
42,396 installs… Holy removed.
Edit, from the article:
This “Exodus” application published in the Snap store was indeed a scam application. There is a genuine organisation that developed a real, seemingly ’legitimate’ cryptocurrency wallet application. This is not that.
Any chance that the FlatHub one is legit?
Apparently the Flathub one is indeed legit
I mean FlatHub isn’t safe in general. You could just target someone downloading the package and give them a malicious package instead. FlatHub doesn’t check sigs, so its a hot mess
They seem to be doing more on that side than Canonical is. But I agree, it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked before publishing.
I hope this is a wake up call for Snaps and Flatpaks.
Apps from the repo have the security, which is why I always default to the distribution repo
it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked Brexit before publishing.
Brexit?
Damn autocorrect…
Its not terrible but its certainly not great either
Its pretty terrible compared to normal OS package managers.
How so? I just open up gnome software an search for the application I need
Cryptographic verification of the packages authenticity
The repo is gpg signed. I don’t know why you think thats not sufficient.
“packages” don’t exist like traditional distros. Its a large repo of data.
Point me to the documentation that describes this
https://ostreedev.github.io/ostree/man/ostree.html - GPG verification section
This isn’t even the right project’s documentation
… I assumed you knew the basics.
Flatpak uses ostree for all data. https://docs.flatpak.org/en/latest/under-the-hood.html
I’m disappointed you criticize the project so harshly with no knowledge of it.
No, my point is that if flat pak doesn’t document that they cryptographically verify the authenticity of packages, then they dont.
Even the ostree docs say that it supports it gpg encryption. It supports it. It doesn’t enforce it. That depends on the implementation.
I will continue to harshly criticize projects that leave users vulnerable. Want to prove me wrong? Link me to the flat pak docks that clearly say that all packages are cryptographically verified after download and before upload.
It’s produced without upstream involvement but does seem to be legit so far. I placed a post seeking clarification about the Flatpak situation on Reddit 6 months ago. I quickly got a response after posting it. However, the response was from some scammers and I never got a response from the company behind it itself.
deleted by creator
That is an absolutely fascinating article on the technical operation of a scam app. A definite warning to us all. Also I was very interested to read the terms and conditions of the Snap Store, specifically section 14: Limitation of Liability (which could be titled “Sorry, You’re removeded”).
I don’t like bitcoin, it’s an environmental disaster that had potential but has turned into a highly volatile speculative device beloved by libertarians, grifters, and scammers. I do feel for the person who lost the coins, that cannot be a very nice experience to deal with.
LOL, you should have DYOR and used a cold wallet. You clearly don’t understand the complexities of Bitcoin, have fun staying poor!
/s