Samourai Wallet Review: Privacy-Focused Bitcoin Wallet
Samourai wallet is a pretty well established Bitcoin-only mobile wallet for Android that is fully focused on user privacy and security of funds.
It is one of the more innovative wallets available for Bitcoin and has many features not available in other wallets. The Samourai aligns itself with the principles Bitcoin was founded upon, namely fungibility, security, transparency, financial privacy, and decentralization.
However, are these claims reasonable is the wallet really safe?
In this Samourai review, I will give you everything that you need to know about the wallet. I will also give you some top tips that you need to consider.
Samourai Wallet Basics
As mentioned above, Samourai is a Bitcoin-only Android mobile wallet. The wallet is open-source and is coded in Java and the code can be examined on Github here. The wallet remains in pre-release and is on version 0.99.60 so we can expect the 1.0 release coming very soon.
The Samourai is totally focused on the privacy of users and the security of your funds. The team uses the phrase “A modern bitcoin wallet hand forged to keep your transactions private your identity masked and your funds secured” to describe the Samourai. Assisting in this privacy-centric focus is the inclusion of VPN and TOR support.
Samourai was also on the cutting edge as one of the first mobile wallets with support for SegWit transactions. This support helps lower transaction costs for users, as well as getting the network ready for the implementation of the Lightning Network.
For mobile wallet users this is important as the Lightning Network will no doubt be extremely helpful for mobile wallets due to the retail applications of Lightning.
Unfortunately, there’s no support yet for multi-sig in the Samourai, but it does allow for the creation and management of multiple accounts. The lack of multi-sig means the wallet is less useful for businesses and teams since it prevents jointly controlled accounts. The inclusion of support for multiple accounts does help individuals keep their personal and businesses uses separate.
You can clearly see the Samourai wallet developers are committed to the original principles of Bitcoin through their design of this wallet and through their own statements. As they’ve said themselves:
We are privacy activists who have dedicated our lives to creating the software that Silicon Valley will never build, the regulators will never allow, and the VC's will never invest in. We build the software that Bitcoin deserves.
Samourai Privacy Features
I’ve already mentioned the basic privacy features of TOR and VPN support in the Samourai wallet. These allow you to cloak your IP address, but there are a host of other features in the Samourai that can be used to obscure your blockchain transaction history (and Bitcoin balance) from prying eyes and blockchain analysis. Each transaction lets you choose just how many of the privacy features you’d like to apply.
The default transaction in Samourai will do all of the following:
- Gives a new wallet address for every incoming transaction. This prevents someone from finding out your wallet address and then looking up every single transaction you’ve ever made (and likely your Bitcoin balance as well).
- Matches any “change” you receive back to the wallet type you’re sending to (SegWit or non-SegWit).
- Randomizes “change” outputs to avoid type-matching linkages that can be caused by frequent wallet address changes.
- Uses BIP 126 to minimize references to past transactions from the Samourai wallet, thus decreasing the traceable metadata produced by the wallet.
Taken all together, the Samourai wallet does everything it can to minimize the possibility of anyone making connections between your transactions and learning your total balance and transaction history.
Users interested in additional privacy can also enable the Ricochet feature that is unique to the Samourai wallet. With this feature enabled your transaction is routed through a series of additional addresses before arriving at its final destination. This disguises the origin of the payment. There is a fee of $2.50 plus additional mining fees for using the Ricochet service.
Samourai has also included the use of payment codes, called PayNyms, which allows you to receive payments from anyone without revealing your actual address. The code doesn’t divulge your receiving address and it can be reused without harming your privacy as there’s no way to link it to a specific address. Unfortunately, this option is supported by many other wallets, making its usage limited.
Samourai Fee & Transaction Features
Samourai also brings many features that benefit the transactional economy of Bitcoin. One of those, called the “smart fee”, is Samourai monitoring network congestion to suggest an appropriate fee. Or users can set their own fee if they like.
And if you set a fee that’s too low don’t worry. Samourai also supports Replace by Fee, which allows a fee that is too low to be bumped up, ensuring your transactions don’t get trapped in the block.
The combination of these two features helps keep transaction fees lower for Samourai users. And since Samourai is a mobile wallet this is especially important, because you shouldn’t have very much Bitcoin stored on a mobile wallet.
An additional useful feature included in the Samourai is Batch Spending. This allows you to combine many smaller transactions into one large transaction. This can be very helpful when mining fees are high and you have a lot of transactions to make. Samourai is the only wallet to offer this type of transaction batching, and it can save you up to 30% on mining fees.
There’s also support for the Child Pays for Parent (CPFP) feature, which allows a recipient to get any stuck transactions confirmed by paying an additional fee. While this is an expensive way to get transactions confirmed, it can be useful for getting time-sensitive transactions confirmed and delivered.
Samourai Security Features
As you might expect, your private keys are fully encrypted and they never leave your device. And because the Samourai wallet is a hierarchical deterministic wallet it generates a seed phrase when the wallet is initialized.
This seed phrase generates your private keys and must be recorded and stored safely as it is needed to restore the wallet if you ever lose your mobile device, or if it is stolen, broken, or otherwise becomes unusable by you.
There is one additional function of the Samourai related to backups that is different from nearly every other Bitcoin wallet, and that’s the ability to test your backup phrase to ensure it works properly.
Every transaction made with the Samourai requires the entry of your PIN (5-8 digits) for approval. Each entry randomizes the PIN on the screen, this prevents screen capture software from logging your PIN entry. It’s also critically important you don’t allow anyone to observe the digits you enter as your PIN.
The Samourai also allows you to connect to a Bitcoin Core full node, which gives you the ultimate in privacy and security. By connecting to a full node your Samourai is able to receive blockchain data from your own full node.
The Samourai isn’t supported by major hardware wallets yet, but for added security, it does work with the OpenDime hardware USB stick. Simply plug-in your OpenDime to your phone and verify a balance, receive a payment, or sweep funds to your OpenDime.
Google Play Store Demands
One downside to the privacy of the Samourai is that it is only available from the Google Play store. Google is one of the companies that’s become synonymous with thefts of user data and improper use of that data, which makes this not best for user privacy.
Moreover, this limited availability has another big downside. In January of 2019, the Google Play Store instructed the Samourai developers to remove their security features. This includes the Remote SMS, the SIM Switch defense and the Stealth mode.
The Samourai developers were not happy with this request and applied for an exemption from Google. This was rejected even though the developers listed the risks particular users faced in a range of countries.
The developers had to decide between these features or their listing. Given that the Play Store was their only method of listing the files, they had to acquiesce. So, with an update that came not too long after that, they removed these security features.
However, the developers are looking at expanding the distribution of the app. In a blog post announcing the removal they stated:
In the coming months we will expand our distribution model to include self hosted APK downloads and inclusion in the open source F-Droid app store. These versions will all include the Stealth Mode, Remote SMS, and SIM Switch Defense features
Apart from the benefits of being able to host whatever the like through these distribution channels, users will also get the benefit of additional privacy. For example, self-hosted APKs can be downloaded by anyone without having an account and F-Droid is a Play Store analogue that respects user's privacy.
So, given that the Samourai wallet is likely to re-introduce these record breaking security features in a later update, we will include it in the rest of this review.
The Samourai Stealth Feature
One of the very cool features of the Samourai wallet is its Stealth Mode. It’s this feature that’s led to the development team calling Samourai “a bitcoin wallet for the streets.” When stealth mode is active the shortcut for Samourai disappears from the mobile’s desktop display. If you want to access the wallet you need to dial your PIN like a phone number.
While this isn’t completely foolproof and a knowledgeable person who has access to your phone can find out if Samourai is installed, it will deter most snoopers who might be doing a casual inspection of your phone for installed apps and wallets.
Samourai Remote Commands
One final unique and interesting feature included with the Samourai is their Remote Commands. A remote command is an SMS sent to your phone and containing your Samourai PIN that instructs the Samourai to respond with your backup wallet seed phrase or to self-destruct.
This means if your phone is ever lost or stolen you can remotely retrieve your funds, sending them to another wallet, and then destroying the Samourai wallet on the lost/stolen phone. You can even have the Samourai SMS to a specified phone number in the event your phone has its SIM card switched out, giving you control of your wallet even when the SIM card is moved to a different device.
As a warning, it is a good idea to play with the self-destruct feature of Remote Commands before you fund your wallet. And also keep in mind that if the Remote Command sends your seed phrase unencrypted it can easily be intercepted, thus compromising all the wallet’s security features.
In short, write down your seed phrase and don’t rely on the Samourai Remote Command.
Conclusion
When it comes to privacy and security, the Samourai combines many different features and functions, some of them unique to the Samourai, into a well-designed and useful Bitcoin wallet. Best of all, the developers have made the wallet simple to use for newcomers to Bitcoin but loaded with powerful features for more advanced users who need them.
Samourai is already a very good wallet and can become an excellent wallet once it is fully ready for release. The lack of hardware support is a weakness, but that is expected to be corrected in future versions. And while some might complain about the lack of multi-currency support, this wallet was never intended as a multi-currency wallet, and it performs exactly as designed.
Of course, the main question now is how long it will take before the developers are able to release an update that will include the previous security features. It is not a deal breaker without these features but it does open certain people up to the risk of physical theft and extortion.
However, if you live in a country that is relatively safe and these threats are not present, then the Samourai Bitcoin wallet could still be an option. This is of course assuming you are not bothered by the lack of multi-sig capability or multicurrency support.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.