December 22, 2022

ℹ️ Open Source of TonSafe

Introduction

TonSafe is a TON wallet that provides safe and secure TON asset management as well as TON payments. At the moment, it is not open-sourced yet. Here we explain why.

Being not open-sourced does not mean that the TonSafe is not secure to use. Open source also comes with its advantages and disadvantages.

On the one hand, open-sourcing a product allows everyone to review and verify if there is any malicious codes embedded in the products, helping to build trust and transparency. It also helps the product to improve and evolve with support from developer communities. Developers can review the codes and locate any possible vulnerabilities, thus enhancing product security.

On the other hand, most people without technical backgrounds might not be able to truly audit the open-sourced codes and verify if they are secure, while the open source actually makes it easier for hackers to exploit potential vulnerabilities and bring harm to users. Therefore, from users' perspective, it is difficult to tell whether open sources bring more benefits than risks.

Furthermore, as software development is a complicated process, even if a product is open-sourced, it's very likely that users won't be able to tell if the codes on the current products they are using are actually consistent with and compile from the open-sourced codes.

Overall, TonSafe is not open-sourced yet. But open source has always been in our consideration. In the future, we might also choose to open source part of the codes based on the actual situation, just like Apple and Microsoft did.

Let us also remind about the popular TON wallet which has some current 80% of TON wallet market share: it achieved all its promotion by the TON Foundation and all of its current popularity as a closed source code wallet for a full year. Only recently did it open its source code (albeit with the above mentioned provisos as to verification) and this did not stop mass adoption by TON users no matter that we contend the quality of that wallet from a user experience and safety perspective is inferior to TonSafe.

Security

As explained above there are positives and negatives for open sourcing code. The above introduction applies to the TonSafe wallet and its current position on code where we believe there is no compelling overall benefit to open sourcing the front end code, however, users can easily verify for themselves the following:

  1. App Stores: checking the app stores you can verify that TonSafe does not have or make any use of your private data. This can also be verified on iPhones by making use of the Privacy Report: the iPhone monitors all data going in and out of your phone and Apple makes this information of exactly where the wallet connects to and sends any data easily visible to you in the Settings > Privacy > Privacy Report. This is also how we could monitor some months ago how Tonkeeper connected to all manner of privacy invasive sites and IP addresses around the world, including Google and other data-mining companies. This was one of the many reasons why we developed TonSafe as a need for a private secure wallet.
  2. The above can also be verified by more technical people via the use of full packet analysis of outgoing data. There is only one outgoing data connection to the API.

As mentioned earlier, the front-end of TonSafe is not open source for the reason that there is no compelling benefit at this stage given all the above. However, what about the interface to the blockchain (the API) and the blockchain itself?

These are both open source and we believe that the benefits of that outweighs the negative. Here is our thinking about the API, why we chose the open source API provided by Whales team and not the Ton Foundation's own API, and whether that may change in future.

Open Source API

Although TonSafe could have developed our own API it is important to understand that this is a really big undertaking. The safe and secure front end development of TonSafe took 6 months of programming and around a half million dollars investment and we are happy with the results as we were able to dedicate sufficient highly qualified resources to the task. However, developing an API from scratch that would be secure and reliable would have required as many resources again, without any early returns, but more importantly it would in our view need to be open source and extensively reviewed by independent and qualified parties: another expensive affair.

We did not need to re-invent the wheel here, there are at least two open source professionally developed APIs for TON. Given the importance of API to security we took a look at both and decided that although both were usable and appear very well designed and secure, when we started the TonSafe project only one had been independently reviewed. The TON Foundation's own API had not yet been reviewed by qualified independent experts, and although the TON Foundation's own programmers are highly qualified they cannot independently review their own products.

This left us with the Whales API which was independent of the TON Foundation and in fact was having some very open conflicts with the Foundation on social media, yet, had been verified by the experts from TON Foundation as being secure. It was thus decided to use this API for TonSafe: it is open source and has been independently reviewed by qualified experts in the field.

For those who do not understand the role of an API, in brief, it is an interface between the front end (wallet app on your device, i.e. TonSafe) and the "back end" which in this case is The Open Network blockchain where your wallet accounts actually reside as "smart contracts" which code cannot be manipulated by bad actors after deployment.

Being open source means that this code can easily be reviewed, and unlike with a front end from a wallet without significant market share, there are many more users with a vested interest in actively checking the code for a popular API, thus giving the benefit of open source versus closed source for this part of the payment system.

Open Source Blockchain

The third part of the payment system in use by TonSafe, or actually the first part since it is fundamental to everything, is The Open Network blockchain itself. This has therefore the highest number of users with a vested interest, since everything on TON has to use it, and therefore being open source is a no-brainer.

Meanwhile it has also been assessed by Certik, as to its strong points and weak points (weakest point appears to be a lack of decentralization, but this is beyond the topic of this post.)

Therefore we believe that we have used best practices in our assessment of the use of the TON blockchain, the open source API, and the development of the TonSafe front end wallet.

Independent Reviews

Naturally we welcome independent qualified reviews of TonSafe front end code however this will require several factors, and these have not been met by any of the other TON Wallets, including the TON Foundations own wallets and Whales wallet:

  • Professional guarantees of security of code to remain confidential after review, given that it is still closed source for the above reasons.
  • Complete independence from any other project and indeed from TON itself.
  • Costs: we do not have funds currently to finance such an inspection. We believe it is in the interests of the TON Foundation to show their care to TON users by financing such an inspection and not only for their own wallet above mentioned.

Until then, as stated, no TON wallet has met the criteria of an independent review. We ourselves have noted some of the weaknesses of the incumbent wallet duopoly which our lead tester has highlighted on his personal blog.

We believe that it is not enough to simply trust those with lots of money and influence, on a still quite centralized blockchain and power dynamic such as TON. The recent fiasco of centralized exchanges should show that this is irresponsible.

It is for the benefit of the entire industry that there is an open, fair and independent assessment as well as decentralized control mechanisms for the TON ecosystem.

Even though we have identified many weaknesses of competing wallets front ends, we have not published these so as not to compromise them further, nor to give them an advantage when they receive almost all of the current promotion from the Foundation.

On the other hand, naturally, in spite of our best efforts and qualifications there could be weaknesses in TonSafe as nothing can be absolutely perfect. We hope that the future holds better cooperation among competing products for a better ecosystem.

Competition

It is clear to us that our model and market is not the same as existing TON wallets nor those other wallets which are multi currency and support TON.

There are different wallets that can serve different interests depending upon your priorities and needs.

TonSafe is in our view the undisputed leader in professional use, small business use, user experience, support, educational material and safety and this remains our focus.