The “3 Dec 2024” edition of the Polkadot Digest mentioned: “Are you still using Polkadot.js App, even if you’re not a developer? Try one of the many other, more user-friendly wallets out there: Wallets and Extensions · Polkadot Wiki”
Sure, ok. But only Polkadot.js provided us with the following level of privacy:
The dedicated page on our wiki has many fields helping us differentiate between wallets, but nothing about privacy:
Is there an app that works similarly as polkadot.js then? Is there one where I could even send funds and connect to my own node? I mean we’ve been critical (fairly) of Metamask and such, but at least with that wallet I can do all that I need to do, privately.
Let me address some of your concerns as it relates to Nova Wallet.
We do not send any clicks, pageviews, or events to a central server
We do not use any trackers of analytics
We don’t collect keys, addresses, or any information - your information never leaves this machine
Answer) All of the above can be addressed by reviewing our Privacy Policy (Nova Wallet — The Leading Mobile Wallet for Polkadot). This is why you will never see Nova Wallet make claims such as “$xxx is stored in Nova Wallet” - the only claim we make are the total number of tokens that are staked to our validator, which you can find directly from the chain itself.
Your comment about connecting to your own node
Answer) You can connect to your own RPC endpoint using Nova Wallet, you can find out how to do that here: Add Custom Node | Nova Wallet Wiki
Much like it says on the Polkadot JS popup, we are not in the information collection business (even anonymized).
I love @Leemo 's response - it’s complete and doesn’t leave anything to doubt, I think.
For the sake of discussion, some may also be concerned about the RPC endpoint as well.
One option is obviously to add a trusted node (custom node) as in that Nova Wallet Wiki link provided by Leemo. Transactions would be propagated from the node (IP).
To counter that an extra option (especially for wallets that do collect data) would be to proxy their wallet’s RPC requests through a mixnet. The way this works selected RPC requests are forwarded through a mixnet, so the RPC server can’t know your IP and know which IP may be related to which wallets, assets, blocks, etc.
This doesn’t work for Substrate-based chains out of the box (RPC and chain definitions would have to be added), but if anyone wants to implement it, they can. Once one Substrate chain is added, others could be easily added as well.
The source code for xx Network cMix relay can be found here. Whitelisted RPCs and individual network definitions/endpoints (Polkadot, Kusama, etc.) would have to be added so that proxxy.xx.network can surface and use those in network selection step.
It currently works for Ethereum-focused wallets like Metamask. More details can be found here.
This is similar to using a Tor exit node, except Tor doesn’t mix (it creates multiple hops) and there may be more eyes watching Tor network.
@Leemo as soon as I install and run the supposedly latest version of Nova I could find of Github, the apps tells me I don’t have the latest version and points me to Google Play to get it; a bit odd.
Either way, are there plans to have the app on IzzyOnDroid or even ideally F-Droid itself?
I just set up Nova wallet to use my own rpc and I have to say the process is nicely simple.
Unfortunately, however, this is not sufficient for privacy.
I question the last statement.
Even if I use my own rpc, the wallet does display historic transfers. This data can’t come from my rpc node. It must come from an indexer, given the swift performance. AFAIU the indexer is run by Nova. This also means that whoever runs the indexer can link my accounts (because my IP may have requested the history of two or more different accounts at the same indexer)
So, strictly speaking: your data DOES leave your machine if you use Nova. Is there an option to opt out of the convenience function to show history?
I’m not assuming any bad intentions here. Maybe Nova could feature privacy-hardening features like indexer opt-out?
I agree with @resilient4820: we need a good solution for this. Currently I use polkadot-js extension exactly for its fine-granular control. And don’t get me wrong: If you use polkadot-js extension without knowing what you do, privacy is a lot worse than if you use Nova, because over time you linkably leak all your public keys to all parties who run rpc nodes
That’s not my point. Of course the chain is transparent.
The question is if your wallet leaks more information than necessary. Such as using an indexer which links multiple of your pubkeys to the same user - and their IP address.
I don’t perceive that privacy is high on the priorities of this project. It is unfortunate because privacy can be very useful to protect our stakeholders.
I see a fair number of people pushing towards more KYC and physical meetings. I actually think it’s great because our project is also very much a gathering of awesome people. But it should not prevent us from making sure our services are also embracing privacy, everywhere possible.
I see what you mean. I should have noticed the comment earlier.
To be fair to Nova, how many users run own indexer? My guess is <1%. Of course, it would be “better” to have the option of using arbitrary indexers, but for what’s almost surely <5% of users, that would be something I’d expect from a “privacy wallet” not from general purpose wallet that claims to not track users.
If I want to have “more” private transactions (haven’t had the need on Substrate so far, but I did use that on other chains), I use a spartan client or CLI. I don’t use a wallet with rich features, I just create and sign a transaction…
