Another good reason to avoid snap

[AndyMH]

If you can't trust the content:
https://popey.com/blog/2024/02/exodus-b ... k-swindle/

[AZgl1800]

I have never trusted bitcoin from the beginning, there isn't any authority over its' value, or certifications, like there are for Credit Unions and Banks.

[TitForTat]

Yeah... due to lack of authority, the crypto and actual money behind is just gone. No way to recover anything of it with on a legal way. Sadly, there are many naive people thinking that they have to "invest" in the "future of money". As I personally do see this with friends and family who have no knowledge at all and just start to jump on the hype-train of crypto because people tell them to do so.

Excellent opportunities for such scammers, using securtiy short comings like we see here.

Talking of "the money is gone... is from your mom..." https://www.youtube.com/watch?v=zhkkzDojzHY
Just for a laugh Love Silicon Valley!

For "power users" only https://www.youtube.com/watch?v=3r1z5NDXU3s

Sorry for the offtopic part of my post, got carried away We actually need a separat topic "spaces over tabs, vim over emacs - dos and donts using linux (mint)"

[Peter Linu]

There is an Exodus program in LM Software Manager that looks awfully like what the article describes!

[Hoser Rob]

The thing about bitcoin that gets me is that its fans don't trust government fiat currency, which is one thing, but they trust internet security more? That just seems nuts to me.

[MikeNovember]

Hi,

There is also an exodus flatpak available in flathub. It is not made by exodus.

The answer is simple: when you speak of security products, or cryptocurrencies wallets, use the original ones, downloaded from the developer website.

An example: Veracrypt is available as a deb from its website and from an unofficial PPA. Why to use the PPA?

At the opposite, Firejail can be downloaded from its website, but also from an official PPA, mentioned on the website.

Going back to snaps: on snapcraft.io, for each snap, the publisher is mentioned. You can be confident if the publisher is Canonical or the original developer.

On flathub, the original developer and the publisher are mentioned. There is a link to the flatpak version GitHub, where you can check how is the flatpak built. But how many people do this? Publishing a flatpak is similar to snap; you create a GitHub account, publish the files and use a bot to build the flatpak. Once the flatpak has been said tested, it is published on flathub.

So, trust your distro repositories, trust the files downloaded from reputed developers websites (LibreOffice, Mozilla, Thunderbird, Vlc, Gimp, Veracrypt, Audacity...), trust the "official" PPAs, trust the flatpaks, snaps and AppImages published by their developers, be careful for other PPAs, flatpaks, snaps and unofficial AppImages.

Regards,

MN

[GreenIsBest]

The answer is simple: when you speak of security products, or cryptocurrencies wallets, use the original ones, downloaded from the developer website (...) for each snap, the publisher is mentioned.

So, trust your distro repositories, trust the files downloaded from reputed developers websites (LibreOffice, Mozilla, Thunderbird, Vlc, Gimp, Veracrypt, Audacity...), trust the "official" PPAs, trust the flatpaks, snaps and AppImages published by their developers, be careful for other PPAs, flatpaks, snaps and unofficial AppImages.

It gets even "funnier" when it's about crypto. Last time I checked, one of bitcoin's (and crypto's in general) motto is "Don't trust, verify" and "Do not to trust any claim you cannot verify yourself".
It is even on it's official manual and manifest, as not just one of its core values, but also one of the motivations why bitcoin was ever created in the first place; to move from a gov-controled system, to one of self-sovereing and individual responsability.
The foundation of the "bitcoin/crypto is better than fiat" arguments, is that you can and should verify everything yourself, and take charge of securing your own stuff, rather than trusting someone else to do it for you.

So it only adds insult to injury that, even disregarding all of bitcoin and crypto's value and merits (or lack thereof), this and almost all other crypto scams are a direct result of its victims failing/refusing to abide by its most important tennet, so they never have anyone to blame but themselves.

[MikeNovember]

Hi,

In fact cryptocurrencies are made to be used directly by people: I buy something from you, I send some fractions of bitcoins to you.

The problem occurs when people use exchange platforms (they create an account where they put their bitcoins) or tunnels (to change bitcoins to ethers): as soon as they are intermediates, it is insecure.

But, today, it is not possible to avoid intermediates: it would need an economy entirely based on cryptocurrencies, where your work is payed in cryptocurrency and where you can buy anything using cryptocurrency.

We are far from this, and there is still a very large place for fraud.

Regards,

MN

[MikeNovember]

Hi,

I compare today situation of Linux, with several stores (flathub, snapcraft.io, AppImage hubs) as the one of smartphones with Apple Store and Google Play Store. Since Linux market share is increasing, scammers are tempted to use Linux stores to spread malevolent software.
Flathub and Canonical, and AppImages various hubs, will need to better filter the apps they offer, and to dedicate more power force or computer force to test them.
And, with the increasing number of applications available as flatpaks, snaps or AppImages, we can expect this problem will increase.

App Store and Google Play Store are full of forged applications, resembling to original ones, despite the efforts made by Apple and Google to filter them. Regular campaigns are done to exclude these apps from stores (but they stay on the smartphones where they have been installed).

Windows is more open than iOs or Android, considering the various ways to install programs: you can download them from Microsoft store (filtered?), chocolatey (no warranty), portable applications (https://portableapps.com/ and https://www.winpenpack.com/en/index.php) and any place from internet, including by clicking on links on social networks, one of the best ways to spread forged programs. And a lot of Windows users don't want to pay for programs, prefer pay ones to free ones (Photoshop preferred to Gimp) and want to install pirate versions of the pay programs, taking a lot of risks. It is probably the reason why antivirus software is needed on Windows.

macOS is a bit better protected: by default you cannot install programs downloaded from internet, but you can configure this (allow programs from Apple store only, allow signed programs downloaded from internet, allow unsigned programs downloaded from internet). But macOS users are used to pay for their applications, and mostly download them from the official store. Sometimes apps are removed because they infringe Apple conditions of use, but Apple doesn't say much about the presence of scams in its store.

Regards,

MN

[MurphCID]

Well said MikeNovember! I agree completely.

[diyliberty]

I can see this becoming a problem as Linux becomes more popular it becomes a bigger target. I don't know how apps are published to the various distribution app stores. I hope they are photographically signed by the developer, scanned for malware and tested in a sandbox. Even that can't stop everything as scam apps still get past Apple and Google regularly even though they scan and do an automated sandbox test before publishing.

As a user, I don't install any software less than six months old and I do a web search on an app before I install it. I can't imagine putting half a million dollars worth of Bitcoin in a wallet app that was just a few days old.