Are the Nyzo web-based tools safe?

That's a good question. Yes, they are safe, but we neither expect nor hope that you trust us on that fact. We want you to see for yourself.

If you are running a native app that you didn't compile and build yourself from source, and you want to independently verify the security of that app, you'd have to run a packet sniffer, and you'd have to understand the content of every single packet that the app transmits. Over an encrypted connection, this is impossible.

Our web-based tools are different. They run entirely in your web browser, and you can see every line of code that they are executing.

If you look at the source of the pages, you will see that none of them include any outside JavaScript. All of the scripts are included inline for easy review. Look through them. In the wallet, look at where we are sending information to our server, and look at what information we are sending. At some point, we are using your private key to sign a transaction. Make sure that we are calculating the signature properly, and make sure that we are sending only the appropriate information to our server.

If you want to be sure that we don't change the code of one of these tools after you have reviewed it, save a copy to your computer and run that copy instead.

If someone is able to obtain your private key (for Nyzo or for any other cryptocurrency), they will be able to take any coins that you have in your wallet, and there's no way to get those coins back. Be smart about the risks, and educate yourself on how to keep your private key out of the hands of people who would try to steal it from you.