I guess, I was asking for both.
Thank you for the detailed answer!
It never occurred to me that they might put anything wallet-specific on their servers. I thought everything was done on the client side. But yes, is possible that they cache on the server to provide a faster user experience. But I really do hope that only public keys are stored on server if any keys at all.
Possible, but: I’m using a lot of apps at the same time with the same wallets and so far they did not have any problems to synchronise transactions done by the others. If they were that bad in keeping track, (change) addresses used by other apps would also be a problem, wouldn’t they?
That’s a very interesting point, although you are right: Selecting from all UTxOs irrespective if internal or external chain probably gives better results.
I could at least look at the others that are open source. One of the very few disadvantages of my favourite wallet app that it is not.
Ah, yes the web shop example (it only needs to derive public keys on the external chain, not the internal one) is interesting. Seems to be kind of voided by Cardano’s (or at least its wallet apps’) decision to encode the stake address everywhere, so it is all very much non-anonymous, anyway. And – even in Bitcoin or with undelegated Cardano addresses – you can, of course, still do a lot by tracing transactions and guessing, which of the outputs might be a third party and which might be a change address belonging to the same person.
Watch-only needs the derivation tree structure, but not necessarily the division into external and internal chain. Chain and single address are derived non-hardened, so it should be enough to store the extended public key of the wallet (
m/1852'/1815'/0' for single account wallet apps,
m/1852'/1815'/2', … for the wallet apps that support multiple accounts) to derive all public keys, all addresses on all chains without the possibility to ever generate a private key.
I have to take a closer a look at which public keys they request from the Ledger, when next connecting them all. And if the different apps do something differently there.
Yes, thank you very much!
I’m still not ruling out that they just do it out of “tradition”.