Not too familair with Vexl, but it seems like it doesn't solve this...
Couple points:
1) Vexl acts as an exchange, just like Bisq or Robosats, except it's more recent (not long-standing) AND it has a company behind it - Big red flag. That's not how DEX open-source protocols work, they gain something, somehow, or intend to at some point. They're VC-funded.
2) IF you can buy directly via Vexl, as in, trade fiat in Vexl, you're linking your ID (you moved fiat in the legacy insitution from A to Vexl, at a certain time, on a certain day) with a BTC transaction - At which point Vexl doesn't need to ask your consent for KYC, it already has it. IF this is the case with Vexl integrating fiat, that's another HUGE red flag.
3) Checking their github, there are no reproducible builds. You cannot be certain that what you download on mobile is, at ANY degree, equivalent to what source code is displayed. Another big red flag.
4) They only distribute apps via official stores, no open source stores, nor via github itself.
Having reviewed points 1, 3, and 4 in particular, these red flags only show up when companies have something to hide. When they're open source as they claim, they are ENCOURAGED to not centralise power over development (Vexl Foundation), to make guide users to reproducible builds AND to have the .apk openly available.
I kinda wanted to shill for peachbitcoin (nprofile…76er) here but sadly can't, their frontend code is solely verifiable and backend isn't open-source, unfortunate.
Mobile DEXs need to do better.
Uxellodunum
npub14u…tgg48
2024-03-24 14:19:20
in reply to nevent1q…p3pa
Author Public Key
npub14un6d98pa48kleqjjqfe5jqekxpdcwd7lkwc2hm3s2z4gmd60j8sstgg48Published at
2024-03-24 14:19:20Event JSON
{
"id": "9affa568327d02c30b41931a44ec6167d74b6b59c13a5d19242b87559e5d0f62",
"pubkey": "af27a694e1ed4f6fe41290139a4819b182dc39befd9d855f718285546dba7c8f",
"created_at": 1711289960,
"kind": 1,
"tags": [
[
"p",
"0904cd8792f87042bae46ff1d24516dbd4ee3d3fcdf9d8f52d7016a5100b8c70",
"wss://relay.damus.io/",
"mooz"
],
[
"p",
"0ef71642330610c2b8d5387a56d96257fa60a9436614d2728f8188bf7ba58a98",
"wss://nostr.oxtr.dev/",
"makrokoppen"
],
[
"p",
"47276eb163fc54b3733930ab5cfd5fa94687a1953871a873ad4faee91e8a5f38",
"wss://nostr.lu.ke/",
"satsdisco"
],
[
"e",
"b13a5971cb54266a8407104faeb83f7fa35929212858631a8a44338b6c020fd6",
"wss://nos.lol/",
"root"
],
[
"e",
"6be168d050c91c43274cae86c6e3e3d9047918e37eef4dbd19e8fd9841d7c51d",
"",
"mention"
],
[
"e",
"2de6e8589d9d97f8990249c4d1ae3185690d92a6e0247c0fdf19667d84d58a24",
"wss://nostr.oxtr.dev/",
"reply"
],
[
"p",
"a47457722e10ba3a271fbe7040259a3c4da2cf53bfd1e198138214d235064fc2",
"wss://relay.proxymana.net/",
"peachbitcoin"
]
],
"content": "Not too familair with Vexl, but it seems like it doesn't solve this...\n\nCouple points: \n1) Vexl acts as an exchange, just like Bisq or Robosats, except it's more recent (not long-standing) AND it has a company behind it - Big red flag. That's not how DEX open-source protocols work, they gain something, somehow, or intend to at some point. They're VC-funded.\n\n2) IF you can buy directly via Vexl, as in, trade fiat in Vexl, you're linking your ID (you moved fiat in the legacy insitution from A to Vexl, at a certain time, on a certain day) with a BTC transaction - At which point Vexl doesn't need to ask your consent for KYC, it already has it. IF this is the case with Vexl integrating fiat, that's another HUGE red flag. \n\n3) Checking their github, there are no reproducible builds. You cannot be certain that what you download on mobile is, at ANY degree, equivalent to what source code is displayed. Another big red flag.\n\n4) They only distribute apps via official stores, no open source stores, nor via github itself.\n\nHaving reviewed points 1, 3, and 4 in particular, these red flags only show up when companies have something to hide. When they're open source as they claim, they are ENCOURAGED to not centralise power over development (Vexl Foundation), to make guide users to reproducible builds AND to have the .apk openly available. \n\nI kinda wanted to shill for nostr:nprofile1qyd8wumn8ghj7un9d3shjtnswfhhs7tdv9hxztnwv46z7qg4waehxw309ahx7um5wghx77r5wghxgetk9uq3yamnwvaz7tmwdaehgu3wd36ju6m99uq3wamnwvaz7tmjv4kxz7fwxpuxx6rpwshxxmmd9uq3samnwvaz7tmjv4kxz7fwvd6hyun9de6zuenedyhszrnhwden5te0dehhxtnvdakz7qpq5369wu3wzzar5fclhecyqfv683x69n6nhlg7rxqnsg2dydgxflpq3876er here but sadly can't, their frontend code is solely verifiable and backend isn't open-source, unfortunate. \nMobile DEXs need to do better.",
"sig": "4493e6e688258127ca4062b60df2bea4a2f6c52e70a3a4350af9fb1887dfd915758e3f3aa0eb13691522c96e0e5ca84548e380280b050594a14c39402865c81a"
}