The 'Official' Grin GUI Wallet

I just wanted to say a few things about our missing ‘official’ GUI wallet, and propose an idea that could help us find it.

I know that the approach members of the core team have taken toward GUI wallets is a bit of a sore point, and I completely understand this. Grin currently has usability problems, and having a nicely packaged ‘official’ GUI wallet that works on all platforms seems like a glaring omission that would go a long way toward addressing them.

GUI wallets are something that that I personally have been of two-minds about for just about the entire duration of this project. I’ve often thought that we should just bite the bullet and put one together. I even started an experimental one at one point just before launch, only to abandon it in favor of lower-level foundation work that seemed a bit more important at the time (and that I have more experience doing). But every time I’ve thought about it or floated the idea to other core members, I’ve always come back to the conclusion that this would be the wrong approach to take. This is even more true now than it has been in the past.

I like to think that the team is correct in taking a long-term view when it comes to proritising very limited resources, and the fact of the matter is that none of the core developers believe that creating an ‘official GUI’ wallet is the best use of their time or strengths at present. With the last of our two hard forks coming up fast, most of the developers would prefer to focus on important long-term architecture and protocol work.

So why not employ some of the fund to outsource it? I don’t personally believe it’s that simple. GUI projects (or indeed any project with a heavy design element) require a lot of ongoing feedback and management, and the design requires just as much ongoing maintenance work as any code. The effort and skills required to maintain an official GUI wallet are just as large a consideration as creating one in the first place, (if not larger).

This is not to say that I don’t think it’s important for the community to have easy-to-use, reliable wallets. As a matter of fact, I think that usability is currently Grin’s biggest problem. If you’ve followed the work I’ve been doing since launch, a lot of my time has been taken up with creating a set of APIs that enable downstream developers to create their own wallets and experiment with their own solutions to transaction-exchange challenges. There is also plenty of effort underway to standardize on formats and protocols before our last scheduled hard forks. Though I know it can seem frustratingly slow, the current approach is that the core team would prefer to continue to focus on what it can do best while also providing and supporting APIs and Infrastructure to make it easier for other developers to do the stuff we’re not great at.

And thus far, this strategy appears to be at least partially working, with the existence of several solid GUI wallets testifying to that. Niffler pretty much embodies the vision of a cross-platform GUI wallet that makes full use of the wallet APIs we’ve provided. Ironbelly has done all sorts of work to make the Grin wallet libraries usable on mobile. Grin++ has provided an all-in-one solution that uses its own architecture but is no less valid as a wallet that should be acceptable for use by the community.

However, I can completely understand that having no ‘official’ Grin GUI wallet is frustrating and confusing. Despite the presence of several very good wallets, the team thus far been very reluctant to fully endorse any of these community efforts. There are many reasons for this; a desire to remain impartial and fair, not wanting to discourage new approaches, and particularly issues around security and liability.

But however we got here, the end result is that we’re in a catch-22 situation whereby GUI wallets exist but it’s unclear to many, (particularly to newcomers) whether they’re endorsed or considered safe to use because they’re not ‘official’.

So I’d like to float an idea to address this:

If we had a process via which a particular wallet implementation could become “Approved by the Grin Community” (as is done with certain Monero wallets,) they could then be prominently listed alongside all of the other materials as fully endorsed by the community for use. In order to reach this status, the wallet would need to meet a set of criteria meant to strike a balance between security and inclusiveness. We’d need to sit down and think about what the exact criteria are, but they might be something like:

  • Must be 100% open source and use open source libs
  • Must adhere to all Grin RFCs and standards
  • Must be kept up to date with the latest Grin releases (within reasonable timeframes)
  • Must have a mutual disclosure agreement with the Grin project
  • Any non-standard features or custom protocols must be clearly labelled as such and ‘use at your own risk’
  • Somewhat community audited… and I’m not talking about exhaustive expensive audits, just that there have been enough community eyeballs on the code to determine nothing obviously malicious is going on (this one will be hard to get exactly right)

This list is not meant to be exhaustive or final, but the main point is that the criteria should not be onerous, be relatively easy-to-follow and should aim to not exclude any good-faith projects from meeting them. There is still quite a bit of thinking (for @joltz in particular) as to a set of criteria that can strike the best balance, but I’m fairly sure it’s doable.

This would hopefully get us where we need to be with GUI wallet availability without duplicating efforts. Good GUI wallets exist that are already better than what an ‘official’ effort would come up with and can continue to be improved and refined, hopefully with the renewed focus that would come from them being as ‘official’ as they can be.

I’d also hope that this would encourage more people to apply their skills to these projects. Contributing to these wallets is just as worthy and helpful to the community as contributing to the main Grin project, and this would preserve the perception of this fact. For instance, someone with a bit of design skills could be directed to improve a particular Niffler screen (for instance,) as opposed to getting hit with the daunting task of “build us a GUI wallet”.

Interesting in hearing thoughts on this approach, particularly from the authors of such wallets and whether such a scheme would work for them.

19 Likes

This is a fantastic idea. Let me know how I can help.

7 Likes

I like the idea, let me know how I can help! Thanks!

I like this idea too.

Approved by the Community” Monero wallets are something like these ?

I think they’re the ones getting listed at

This is exactly the sort of thing I think that would help with community engagement and great coming from core team member @Yeastplume - well done!

So for an overall approach, I suggest we proceed something like:

  • Collect feedback (in this thread and the wallet-dev channel) as to what the criteria should be
  • @joltz and I will collate and present a draft set for review
  • Create a short, sharp RFC so the criteria is properly recorded
  • We start working with interested wallet authors to get their efforts approved and ready for endorsement

Just a caveat that this is isn’t all going to be done at once and will take some elapsed time to roll out (particularly given the amount of other work going on,) but hopefully this initiative becomes a long-running thread that will continually improve the state of our community wallets.

3 Likes

I know we’ve discussed this before, but bitcoin also takes this approach. https://bitcoin.org/en/choose-your-wallet?step=5

FWIW: bitcoin.org is a privately held website, in no way related to the current Bitcoin Core development team…

1 Like

True, but it’s still the unofficial “official” bitcoin website, in the same way that grin.mw is Grin’s.

1 Like

Or it could rather be more like bitcoincore.org.

Usability is everything. I m supporting this idea.

1 Like

It is open-sourced and has many contributions from bitcoin-core and blockstream employees among many others. Other than people’s beefs with cobra, calling it a privately held website is a bit of a stretch. It is not bitcoin.com
https://bitcoin.org/en/about-us#owntxt-title

Regardless, their wallet choosing tool is very cool.

Yeh, prolly more elaborate than Grin could hope for right now but great concept…
https://bitcoin.org/en/choose-your-wallet

Great idear @Yeastplume . We do not need a perfect solution including security audit right now. Just some community endorsement and extra eyes on the code would mean new user will feel a lot safer using these wallet softwares. This proposal and community endoresement is also great for the unity of the Grin community. And no worry, I think most of understand the decission and need for the core team to focus on… wel the core, as the name suggests :wink:.

4 Likes

Wallet Listing on grin.mw

It can be beneficial to list available wallets for users on the primary website for Grin, especially considering that there is not a GUI wallet in the mimblewimble github organization and that most users will want to use a GUI wallet.

There are two primary possible identified paths to support this, each with their own tradeoffs for the community.

Option 1: Approval curated by core and security teams

The core and security teams can review and curate each wallet listed on grin.mw by manually reviewing to ensure they adhere to all RFCs and building confidence in the wallet developers ability to responsibly handle vulnerability disclosures.

Pros:

  • Low chance of a malicious wallet being listed
  • Guarantee that all listed wallets are compatible
  • Ability to more seamlessly deploy security fixes across wallets

Cons:

  • Approval is subjective without an exact checklist of steps that can be followed to ensure the core and security teams have a high degree of confidence (which may not be possible to produce in a comprehensive way)
  • “Gatekeepers” become responsible for determining whether a wallet will be listed (and by extension used) in the Grin ecosystem
  • There is still no guarantee of eliminating the possibility of malicious wallet activity

Option 2: (Almost) any wallet can be submitted and ranked before listing

Any wallet developer can submit their app to be rated by the core and security teams according to the same metrics used by bitcoin.org. Once rated the wallet will be listed. Wallets are removed by verifiable cases of (willful or not) malicious wallet activity. Wallets that do not verifiably follow accepted RFCs are not rated or considered for listing.

Pros:

  • Less centralized, more open listing method
  • Helps users find the right wallet for the right use
  • No “gatekeepers” subjectively determining which wallets can be listed
    • Though there are still “gatekeepers” doing the ratings

Cons:

  • With a low barrier of entry some users could lose funds to a malicious wallet before it is detected and removed from the list
  • Users may not be able to trust any of the wallets listed if there is a mix of “trustworthy” wallets with those that aren’t

Option 2 seems like a decent compromise of openness and quality. However there is a much higher chance of fund loss due to a malicious wallet being listed in option 2. Option 1 doesn’t guarantee a wallet won’t be malicious in the future either so we do want to avoid giving a false sense of trust or security. Maybe there is a mix of these that will produce the best result. It is important that whichever direction is chosen, users are aware of the risk of malicious wallet activity.

Just wanted to share these thoughts ahead of the next governance meeting https://github.com/mimblewimble/grin-pm/issues/290

4 Likes

Option 2 looks better ‘if’ long term wallets are being separated from new admissions. This opens the door for everyone to submit their own wallet. This will lower the bar for new developers to participate in the grin project and it also makes it more divers. I believe this is good as it stimulates to contribute, innovate and also important it blocks a lot of potential fud of people being butt hurt when they can’t submit their wallet.

At the end of the day I firmly believe that every regular person picks a well known wallet like Grin++ or Ironbelly above some new unknown wallet. For the obvious reason.

1 Like

As I also posted here:


I think it is best to go for option 2, however, give special status to wallets that are endorsed by the Grin core team, passed security audit (Grin++) community endorsed (Grin++, Nifler, IronBelly?).
So simply provide anyone who visits the main website with all the information we as community have on Grin wallets so they can make an educated decission themselves. I agree with @bluimes that it is good to list all wallets to not block innovation or alternative wallet solutions even though most people will go for secure wallets that are endorsed.

2 Likes

(In reference to joltz’s comment)
I would suggest a different sort of compromise between the two.

List wallets that have proven themselves over time; Wallets that gained considerable community traction and trust. The ‘community’ includes both vocal users and actual developers. It’s not measurable, but nothing in this domain really is.
The result is that no new wallets are listed, but the core team doesn’t have the sole responsibility to identify bad actors.

Regarding the concern of perhaps a new, innovative wallet not being featured, I’d make the claim that giving it a period of skepticism and careful trust through the opportunity of acquiring a more ‘sophisticated’ user base organically (aka through community communication channels), would be a very reasonable requirement, as part of the effort in protecting new users stumbling upon Grin for their very first time.

4 Likes

Hello everyone! tell me how with Bibox to withdraw Grin to the wallet Grin ++ v1.0.1 What to write in the fields and what is the address of the brothers from the wallet?[https://www.dropbox.com/s/zh8zl509b5dwxd6/%D0%A1%D0%BA%D1%80%D0%B8%D0%BD%D1%88%D0%BE%D1%82%202020-05-20%2015.05.40.png?dl=0](https://www.dropbox.com/s/zh8zl509b5dwxd6/Скриншот%202020-05-20%2015.05.40.png?dl=0)