From 331498a97c33acafd52032eef8e94ea5a674436d Mon Sep 17 00:00:00 2001 From: Linda Lee Date: Wed, 10 Jun 2020 12:43:05 -0500 Subject: [PATCH] Update README.md - clarify that this is maintained by ECC - delete duplicate sentence about the wallet threat model (kept in the disclaimers, deleted in the intro). - delete "Traffic analysis, like in other cryptocurrency wallets, can leak some privacy of the user." --we agreed that we didn't want to give off the impression that our wallet is worse than other apps, when it is actually better for privacy. - delete "We recommend backing up your seed and using this with amounts of funds..." --we reiterate that this is not a product, and Taylor has looked at our code enough to feel confident about our wallets not losing funds. - delete "We aim to make it as beautiful as it is useful. Internally, we will continue to extensively use it to innovate and interate on everything from [protocol changes](https://electriccoin.co/blog/introducing-heartwood/) to [lottie animations](https://lottiefiles.com/popular). Of course, Zcash has a strong history of being open-source, even when it's difficult. It would be easier to keep this internal-only so that we could fill it with crash-reporting and feedback tools but, instead, we decided to disable those things and make it available as a community resource." -- this takes away from the point that this is only for dogfooding, and that this is not a product. --- README.md | 30 +++++++++--------------------- 1 file changed, 9 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index a804fa1..f5c0ecb 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,10 @@ # zcash-android-wallet -Android wallet using the Zcash Android SDK that is maintained by core developers. - -Please see the [wallet app threat -model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) -for important information about the security and privacy limitations of the -wallet. +An Android wallet using the Zcash Android SDK that is maintained by ECC developers. ### Motivation -[Dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) - _transitive verb_ - is the practice of an organization using its own product. This app was created to help us learn. We aim to make it as beautiful as it is useful. Internally, we will continue to extensively use it to innovate and interate on everything from [protocol changes](https://electriccoin.co/blog/introducing-heartwood/) to [lottie animations](https://lottiefiles.com/popular). Of course, Zcash has a strong history of being open-source, even when it's difficult. It would be easier to keep this internal-only so that we could fill it with crash-reporting and feedback tools but, instead, we decided to disable those things and make it available as a community resource. Please take note: +[Dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) - _transitive verb_ - is the practice of an organization using its own product. This app was created to help us learn. -## This is not a product. This is a tool. - -But it is also something we're committed to maintaining and relentlessly improving. So that we can make our libraries that it is built on stronger and more useful. +Please take note: the wallet is not an official product by ECC, but rather a tool for learning about our libraries that it is built on. This means that we do not have robust infrasturcture or user support for this application. We open sourced it as a resource to make wallet development easier for the Zcash ecosystem. ### Setup @@ -33,21 +26,16 @@ cd /path/to/zcash-android-wallet ## Disclaimers There are some known areas for improvement: -- We strongly recommend that you only use this for small amounts of funds (less than 1 ZEC). Perhaps begin by using it to create a brand new wallet. -- Traffic analysis, like in other cryptocurrency wallets, can leak some privacy - of the user. -- The wallet might display inaccurate transaction information if it is connected - to an untrustworthy server. -- Since this was created as a dogfooding tool, think of it less like a wallet and more like a proof of concept, which can result in bugs up to and including loss-of-funds -- So **please backup your seed phrase** and wallet birthday (block height) -- This app has been developed and run exclusively on `mainnet` it might not work at all on `testnet` -- Getting feedback was one of the original design goals of this app so it is mainly intended for learning and improving the related libraries that it uses. + +- This app so it is mainly intended for learning and improving the related libraries that it uses. There may be bugs. +- This wallet currently only supports receiving at shielded addresses, which makes it incompatible with wallets that do not support sending to shielded addresses. +- The wallet requires a trust in the server to display accurate transaction information. +- This app has been developed and run exclusively on `mainnet` it might not work on `testnet`. See the [Wallet App Threat Model](https://zcash.readthedocs.io/en/latest/rtd_pages/wallet_threat_model.html) for more information about the security and privacy limitations of the wallet. - - If you'd like to sign up to help us test, reach out on discord and let us know! We're always happy to get feedback! + ### License MIT