On January 7, 2019, Samourai Wallet posted that they were being forced to omit three key features from their privacy-centric bitcoin wallet. According to reports, Google Play asked the three-year-old firm to remove Stealth Mode, SIM Switch Defense, and Remote SMS Commands before uploading Samourai’s 0.99.04 update to the platform. Finding the omissions too grave, the wallet provider released a direct APK download of a previous version on GitHub the following day.
Skirting the “Walled Garden”
Samourai Wallet tweeted on January 8, 2019, that they had released the source code for their wallet on GitHub due to draconian policies from Google. In the repoed version, users can continue to enjoy three key features which protected users from some of the most common OpSec attacks. One of which is rendered useless following one of Samourai Wallet’s security measures: Sim Switch Defense.
We've made version 0.99.03 with full Stealth Mode, SIM Switch defense, and SMS remote commands available via direct download APK on GitHub – please install only from this source and double check the SHA-256 hash. https://t.co/4nuegUlAiX
— Samourai Wallet (@SamouraiWallet) January 8, 2019
A recurring theme in 2018, has been cases of SIM swaps in which a bad actor gains access to a victim’s SIM card, and all its corresponding information. This access is earned via a simple phone call to a service provider who, following a handful of simple questions about the person’s identity, eventually yields the SIM card’s information to the caller.
In the past, this kind of threat offered hackers a bounty of credit card information, personal data, and bank accounts. And despite the nature of the information at risk, the trend shows no signs of stopping. In January 2016, the Federal Trade Commission (FTC) reported a total of 2,658 cases. A figure which barely crossed 1,000 cases three years earlier.
The synonymous rise of cryptocurrencies and hot wallets, those which can connect to the Internet and common for mobile applications, have been yet another lure to SIM cards. In August 2018, BTCManager on the case of Xzavyer Narvaez and Joel Ortiz who reportedly hijacked a number of different phone numbers to rake in nearly $5 million in bitcoin. The two belonged to a larger organization, members of which were leveraging roughly the same vulnerabilities.
To protect against this, Samourai Wallet’s FAQ explains that the SIM Switch Defense, once activated, will send an SMS to a user’s trusted mobile number whenever the SIM is compromised. From there, holders are able “to send remote commands to [their] wallet even if someone has changed or spoofed [their] SIM card.”
Unfortunately, this and two other services are not allowed according to Google Play’s policies. Stealth Mode disguises the fact that the user has a cryptocurrency wallet on their device from onlookers, while Remote Commands contribute the efficacy of the SIM Switch Defense.
Community Outcry: What Is Censorship-Resistance?
Naturally, the crypto ecosystem took to Twitter to deride the difficulties facing Samourai Wallet and to support the team’s mission to provide a highly-secure, highly-private product. The grander narrative, however, is one which will continue developing until the ethos of decentralization is fully realized.
Whether or not commentators can rightly call Samourai’s challenges unjust or outright censorship, they do reveal the location of each and ever bottleneck that exists on the Internet.
Already, news outlets have been reporting on Paypal, MasterCard, Visa, Patreon, Twitter, and Coinbase censoring certain users from enjoying the benefits of these platforms. Even Steemit, a blockchain-native social media platform, has recently banned the group responsible for holding hostage sensitive data pertaining to the 9/11 attacks.
The responses from each of these groups reveal ethics which on one-hand can protect from natural travesties while on the other, oust contentious voices with ease. No matter how one cuts it though, censorship is censorship. The more important question is at what point does it become too much?