Bitcoin Forum

As far as I know, when you're using Electrum in SPV move you're asking some servers to retrieve your addresses' balance.

I was wondering whether there was an option for Electrum to send false requests to those servers so that you confuse it about the addresses you truly own.. is there any way to enhance your privacy through it?

I'm looking for either this or using a new Tor route/identity for each balance request so that address balances never get requested from the same IP. The main principle is the same: I'm looking for a way I could use Electrum with Tor without telling a certain server which addresses I truly own..

Even, if you connect with different VPN, I do not think this will work. I am not expert in this but I know you know Bitcoin core is the answer for such privacy you need or any other reputed full client wallet.

You can create a read only wallet with many other addresses. Combine that with offline signing and you're safer too.

Electrum isn't very centered around privacy so you will find it hard to do anything with it. Confusing the server with multiple addresses can be fairly inefficient and would be ineffective if the transactions would be broadcasted through it anyways.

Manually changing the Tor circuit could work but doesn't solve it being more resource intensive, depending on how many addresses you want to hide it in. I'm thinking that you're wanting to mimic the behavior of Wasabi wallet, so I'd say just going to it would solve the issue and make your life easier. If you insist on using Electrum, you can probably get better privacy by running an Electrum private server on a RPi or an old computer.

I don't think this would do very much for you. To my knowledge, electrum will request balances/transactions from each of your addresses that have received transactions in the past, plus the next xx depending on the size of your keypool. This means your last request would expose all of your addresses to the electrum server.

A better solution would be to run your own electrum server that you exclusively connect to.

Interesting suggestion but I'd say it is risky.
If you choose addresses that may be known (eg from an exchange or a an individual) it may become apparent that they don't belong to you.
Another risk would be choosing a seemingly harmless address but end up being mixed up in some shady activity and unintentionally linking your address (and possibly more info about yourself) to those activities.
If the number of additional addresses is large it could also significantly slow down the wallet's performance as the number of outputs and the wallet size grows.

It should also be apparent that you are querying addresses that do not belong to you.

Electrum will query [gap limit] addresses with no transactions going to them. This means you should query an address before it ever receives a transaction. If you don't query the address prior to it receiving a transaction, any electrum server 'spying on you' will know the address might be a decoy.

Not in the case of a watch only wallet.

Let's say I keep my full wallet permanently airgapped. Whenever I receive a transaction to a new address, then I copy that address across to my internet connected computer and add it, along with 9 other decoy addresses which have also just received their first deposit, to my watch-only wallet. I keep all my empty gap limit addresses offline and therefore never queried.

Thanks for the replies. The closest solution I can get to is the one suggested by @LoyceMobile.

What is the safest way I can get a list of those "decoy addresses" though? It doesn't make sense to add decoy addresses if I don't take them safely as well, right..? :D

Also.. I thought this could be a good addition to Electrum's code as well: as soon as you set up a watch-only wallet, for each address you list it adds X more decoy addresses and although it does ask for the balance of each of them, only yours are shown up. If privacy can be improved through SPV as well, why not?

EDIT: read-only wallets are the same as watch-only ones, right?

You probably have to choose it carefully. If you accidentally choose the wrong kinds of address, those associated with more of an illicit activities, it could be used against you though I highly doubt so. You probably have to choose a huge pool of addresses to be able to hide your own addresses within them and that could lead to a degraded experience when using it. If your primary purpose is to just see if there are any transactions which are related to your address, just use blockexplorers with Tor.
That is something like Bloom filters I suppose. The caveat is that the Electrum servers does have some limitations and could result in a significant slow down if you make too many queries. It doesn't help that the solution would only work when you're querying addresses and not when you're sending any transaction.

If I may ask, would you consider Wasabi Wallet instead? That will be more suitable for the purpose.

They use different Tor identities for each connection with BIP158 filtering as mentioned prior to that. Their docs actually has a comprehensive overview of it[1]. Using a privacy-centric wallet is far better than using a wallet that doesn't do anything for it's privacy and attempting to modify it to enhance it's privacy; Electrum is just not for privacy. I'm not exactly sure how the communication between the server as well as the Electrum client operates, perhaps someone can shed some light as to whether Electrum does transmit anything that could identify specific Electrum instances?


[1] https://docs.wasabiwallet.io/why-wasabi/NetworkLevelPrivacy.html#full-node-by-default-block-filters-over-tor

I don't think you can add 9 decoy addresses if you are only using a light wallet. In order to identify additional addresses that have received their first transaction, you would need access to the full blockchain, aka a full node. If you have access to a full node, it defeats the purpose of running a SPV client, and you also might as well run your own electrum server if your full node is not local to you.

Also, one purpose of using a watch-only wallet is to tell you when certain addresses receive transactions. It is not uncommon to request a payment from someone, and not receive it right away. If you are adding addresses to your watch-only wallet prior to the addresses receiving transactions, any spying electrum server would know the address belongs to you.

You can use a random selection of funded addresses (https://bitcointalk.org/index.php?topic=5254914.0), used addresses (https://bitcointalk.org/index.php?topic=5265993.0) and freshly generated addresses.

Watch-only is the phrase I was looking for indeed.

You can add any address you see posted when someone asks for a payment.
There's a risk though: you don't want to accidentally request a payment to someone else's address, so you need to rely on the Labels.

Electrum can do this.

A similar approach is implemented through Bloom Filters (BIP 37) (https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki).
But those have been shown to be insecure and to basically not improve your privacy at all.

You can add some "decoy addresses" as mentioned by others, but keep in mind that this will barely (if at all) improve your privacy.
I honestly wouldn't count on it.

If you want to somewhat preserve your privacy, do not use electrum at all. Or at least with your own full node.

Can you please explain how it can do this while keeping this in mind:
From a technical perspective, I believe electrum can add additional addresses that are not associated with the user. However, I don't believe it can identify which addresses to use (which is my point).

You'll need to use manual coin control. You can do this either per address:
https://loyce.club/other/Electrum1.png

Or per input:
https://loyce.club/other/Electrum2.png
Hold CTRL to select more than one.

Alternatively, and even easier, you can Freeze all decoy addresses:
https://loyce.club/other/Electrum3.png

Too bad Electrum can't import a combination of private keys and (decoy) watch-only addresses. Now you need an offline wallet to sign transactions.

It is not only about de-anonymizing you.

If you connect to the same server (or to multiple server which are owned by the same entity) through different IP's, he will still know it is you. Simply by looking at the addresses you are interested in.
And in this case, you might get wrong data transmitted (transactions confirmed / not confirmed / not received / wrong block height / etc..) to your client.
A targeted attack is still possible, regardless of the IP you use to connect to that server.

Further, what if the adversary is the person in control of the VPN server you use?


There are SPV wallets with good privacy available (Wasabi, Samourai).
Trying to improve electrum to be more privacy-focused is not as easy as using a VPN or Tor. If you are serious about your privacy, don't use electrum.

Which is what we're concerned about. Let's say I have 100 addresses and I am cautious about spending their outputs separately. I don't want to link them all to a singular identity; I have used different pseudonyms across various services and I've used it to pay for anonymous hosting, used an exchange on one, etc etc. If my SPV wallet queries all of the addresses on the same server, there is a high chance that all of the queried addresses belongs to the same person and thus negating the benefits of me so cautiously segregating all of the addresses from each other.

Most people would not want anyone to be able to link a group of addresses together. That might not be your focus or definition of privacy but it certainly is for loads of people.

Here: https://docs.wasabiwallet.io/why-wasabi/NetworkLevelPrivacy.html#wasabi-s-solution. Not all SPV wallets are created equal.

The MAC address is completely irrelevant since it can be spoofed. No one cares about the MAC address of your wifi/ethernet card.
Further, linking those addresses together can be too information already.

This means all of your purchases can be linked to one entity. Each of those purchases tells something about you. While a single one wouldn't even be close to deanonymize you, all of them might be.
Because you are that single person in the intersection of all those purchases.
People seem to be obsessed with IP addresses. That's not the only thing which makes you vulnerable. By far not.




Yes.
Wasabi is probably the best one, followed by Samourai.

I think you are misunderstanding my point. In your screenshots, you list 1NXY as a "decoy" address, and this means this address is not associated with you in any way. When you are adding addresses to your watch-only wallet, electrum does not have any way of knowing that 1NXY had recently received a transaction for the first time.

In other words, every time you receive a transaction, you will need to give electrum 9 addresses that have just received transactions for the first time, but you have no way of finding 9 addresses that meet this criterion to give to electrum.

Let's say you do have 100 addresses and you're worried about an Electrum server spying on you: would you be better off connecting to the same server each time, or a random server? If you limit it to one server, chances are they're not keeping logs. But if you use a different server each time, at some point you'll hit one that spies on you. And once it knows which addresses belong to the same wallet, it can keep using that information even if you never use the same server again.

It was mainly hypothetical, and I haven't used this yet, but you make a valid point. It's going to be a lot of work finding addresses from for instance block explorers.

---

---

Another solution: if you don't want anyone to know certain addresses belong to the same owner, you should use separate wallets. If you don't use them at the same time, and choose a random server (and random VPN or Tor IP) each time, only the few addresses within each wallet can be linked together. And as a bonus, you can't accidentally create blockchain evidence by including multiple inputs in one transaction.

If you use a block explorer, you are giving up any privacy you gained from implementing using watch-only wallets with 90% decoy addresses, as the operators of the block explorers will know which addresses you are looking up.

I think at the end of the day, if you are using a SPV wallet, you need to accept the incremental reduction in privacy as a cost of using such wallet. As I previously mentioned, you could run a full node on a VPS that your SPV wallet could always exclusively connect to, in order to get most of your privacy back in exchange for an incremental reduction in security, and an incremental increase in cost.

You seem to be assuming that there is only one use case for Bitcoin and that ends after you purchase your Bitcoins. Having a bunch of addresses linked to a single identity is a threat to privacy, that is the truth. It doesn't matter who you are, if someone links a group of addresses together, that is more than sufficient for someone to start linking transactions together and potentially expose your identity with any lapse with the subsequent transactions.

---

That is your biggest threat to privacy and again, I'm not sure about your trajectory of arguments when we come to this topic. You can't really be too paranoid when we're talking about privacy. But I respect your opinion, people view privacy differently.

Basically any information which identifies you. Nor necessarily directly you, but anything which describes a subset of possible entities.

An example would be the script type you use. Bech32 transactions make up a total of less than 10% (estimated; a year ago it was roughly below 7%).
Together with for example the usual quantity you transact with and/or specific timeframes you usually transact, this further reduces the anonymity set.

This could be used with non-bitcoin related pieces of information to make your profile more specific.
Just as you are being tracked across the internet. Not through your IP address, but through cookies and other specific configurations such as your screen size, color depth of your screen, language, specific browser and/or OS version, etc..
I remember reading (don't know where currently) that such information (a pc/browser configuration) can be used to track one person out of a million. With ~5 million people for example visiting a specific website or using a specific service, your anonymity set could be shrinked to 5.


Obviously this shouldn't be generalized, and i am not saying that you are being tracked or are surfing/transacting with an anonymity set of X, but it's not as easy as changing your IP address to not get tracked / identified.
This applies to an electrum server as well as browsing the web.
Using Tor also doesn't guarantee you perfect privacy. People doing illegal stuff there get caught relatively often. Sometimes it is because of the link to their real identity (e.g. cash flow) but sometimes it's because of their behavior and/or "wrong" configuration.
The whole privacy- and anonymity aspect is not as easy as one might think.

How hard is it to run an electrum server from scratch? There are a few implementations out there and even a "personal" server, but I couldn't use that as it severely limits which wallets can connect to it (I would like to connect using multiple Electrum wallets.)