Nostr

Not too familair with Vexl, but it seems like it doesn't solve this...

Couple points:

1) Vexl acts as an exchange, just like Bisq or Robosats, except it's more recent (not long-standing) AND it has a company behind it - Big red flag. That's not how DEX open-source protocols work, they gain something, somehow, or intend to at some point. They're VC-funded.

2) IF you can buy directly via Vexl, as in, trade fiat in Vexl, you're linking your ID (you moved fiat in the legacy insitution from A to Vexl, at a certain time, on a certain day) with a BTC transaction - At which point Vexl doesn't need to ask your consent for KYC, it already has it. IF this is the case with Vexl integrating fiat, that's another HUGE red flag.

3) Checking their github, there are no reproducible builds. You cannot be certain that what you download on mobile is, at ANY degree, equivalent to what source code is displayed. Another big red flag.

4) They only distribute apps via official stores, no open source stores, nor via github itself.

Having reviewed points 1, 3, and 4 in particular, these red flags only show up when companies have something to hide. When they're open source as they claim, they are ENCOURAGED to not centralise power over development (Vexl Foundation), to make guide users to reproducible builds AND to have the .apk openly available.

I kinda wanted to shill for nostr:nprofile1qyd8wumn8ghj7un9d3shjtnswfhhs7tdv9hxztnwv46z7qg4waehxw309ahx7um5wghx77r5wghxgetk9uq3yamnwvaz7tmwdaehgu3wd36ju6m99uq3wamnwvaz7tmjv4kxz7fwxpuxx6rpwshxxmmd9uq3samnwvaz7tmjv4kxz7fwvd6hyun9de6zuenedyhszrnhwden5te0dehhxtnvdakz7qpq5369wu3wzzar5fclhecyqfv683x69n6nhlg7rxqnsg2dydgxflpq3876er here but sadly can't, their frontend code is solely verifiable and backend isn't open-source, unfortunate.

Mobile DEXs need to do better.

Grafton @ Vexl 1y ago

You can’t buy directly in vexl, vexl is not a wallet does not touch your bitcoin or your fiat. Vexl is more of a tinder for bitcoin p2p no kyc matching. What you and the counterparty do it entirely on your terms. Vexl has no knowledge of it.

I’m not sure you dug deep into what Vexl actually is. Check this out: https://blog.vexl.it/how-to-do-peer-to-peer-trading-on-vexl-6745f3954ae9

It’s a web of trust model that is based purely on common contacts but does so in a completely anonymous way.

https://blog.vexl.it/understanding-vexl-security-privacy-and-building-a-web-of-trust-867710d4a6fe

Reply to this note

Please Login to reply.

Discussion

Uxellodunum 1y ago

I think that's exactly the problem though - It's a web of trust, not of verifiability. As far as the user experience, it works very much like like Bisq or Robosats.

You put up orders in a P2P market, users take the orders looking for the users with the best reputation, exchange details for payment using E2EE, and trade.

The problem is, that's what it says it does, and that's what it seems to do when you use it. You can't be sure, because you can't verify what the app is actually doing code-wise.

That being said, I like the ideal of the web of trust - You end up transacting with people you know, hence the risk is significantly lowered. The problem is a web of trust does away with randomness, and thus properties such as plausible deniability which are important when you're looking to protect either your privacy or anonymity online.

Maybe I don't want my friends to know I bought or sold BTC - I suddenly become singled-out and cannot participate in the network Looking through.

Having read through the article and checked the website and github, it also seems to not employ an escrow system, and instead payments are done fiat-first. I foresee the amount of problematic trades in such a model are going to be way increased IF you NEED to trade with someone outside of the previously setup web of trust. That's a big problem.

Grafton @ Vexl 1y ago

Well the thing is that it scales, the larger your network grows the more connections you have and the easier it becomes to trade.

This eliminates the need for escrow, as you are trading with people that you share a lot of contacts with. Sure you might trade with someone you know, but based on the web of trust you can decide if you want to trade or not.

Your real world reputation is important, if I buy on a p2p service with escrow that is a financial institution and I have to trust a 3rd party, my name appears in a total random persons bank account that could potentially be a problem for me in the future.

If I need to sell bitcoin often this creates even more problems with my fiat bank as they you ned permission to use their service.

It does not work like robosats or bisq as they have an order book Vexl does not. Vexl you only see offers from people in your web of trust.

Vexl is fully open source and all the code is available and you can verify that here https://github.com/vexl-it/vexl we just received a grant from open sats as well.

Vexl is not a for profit business and has no plans or ability to monetise, Vexl aims to create a tool that gives anyone the ability to transact, people have adapted it to be so much more that that, farmers are selling eggs, and honey, people are finding jobs via Vexl.

I want you to be skeptical, I want you to dig and I want you to bring up things that you for see being a problem as the only way we can build things that get better and better is with feedback. I implore you to dig further.

Vexl scales, we know that as you can see it in the Czech Republic, its pure p2p, the only people who know anything about your trades are you and the counterparty. You can decide your own threat model, you can decide if you feel comfortable sending via bank transfers, but I don't need to do that when I can easily pay cash for bitcoin on my way home from work and never leave a trace.