Bitcoin Forum

Just my opinion but I like to know how other Electrum users think of it.

I think Electrum has too many features for the average user and certainly for the hodler. I'm mainly a hodler and have no real use for invoices and the lightning parts in the wallet. Invoices is more for people who do many transactions or even for entrepreneurs who need the invoice part. Many people even get confused about it. The lightning part should be a separate wallet, if you ask me.

Something I remember considering safety is "the less features software has, the less the attack vector is for malware". For a hodler this is very important. For me an Electrum version with send and receive options including setting automatic and manual fees would be enough. Coin control is also very nice. That's about all I need.

What are your opinions? Would you prefer a slimmed down version (like the older 2.x and 3.x versions) or do you like it more the way it is now?

Greets.

You do not have to use lightning network on Electrum. If you are a holder, you can create an electrum cold storage or going for M-of-N multisig wallet on Electrum, you have no issue with the lightning network so far you do not use it. You also do not have to make frequent transactions as you are a holder, you are in full control of your coin.

Why don't you just ignore the lightning network?

Take note of older versions lower than 3.3.4 it's vulnerable to any phishing attacks. So we don't prefer to use a lower version than using up to date version of Electrum.

Hackers are developing from time to time so it is advisable to use the latest version than using the lower version of Electrum. It's not a problem having a lightning network in your wallet it won't run if you didn't open a channel.
I'm actually not using them but I already have experienced opening a channel and using their lightning network. The advantage is you can get fewer transaction fees than the mainnet and the transaction is almost instant.

If you want to use Electrum for cold storage then just ignore the whole lightning feature it won't be a problem having an offline wallet with the latest Electrum wallet.

What are you looking for from a software wallet every day if you are a hodler?
Shouldn't you be having your Bitcoins stashed away in a well-kept hardware wallet or some offline address you generated.

And why do the other features bug you so much if you are rarely going to see or even use them?  ;)

I disagree. I think it is good to have many features in a software, some of which are very advanced. But that doesn't mean that software has to become hard to use for regular beginners. Those advanced features could be hidden under an advanced option where the user has to enable them or access them manually after seeing a warning that they are entering "advanced mode". Like the console option that Electrum has.

For example the UI could change to have a button under Tools saying "enable advanced mode" and then make all those features appear.

I somehow agree with OP. Important: somehow.
Electrum is the swiss knife of Bitcoin light wallets. It is recommended by basically everybody. But it can be a pain for the newbies; I remember it was confusing even for some older users with the changes introduced in 4.0.

Electrum could use some predefined modes. No changes in functionality at all, just (UI/visibility) settings. (I'd go for at least 3 levels though).
A newbie mode should have only the super basic tabs and buttons, a medium one would have more.. and the advanced users... can enable all they want in the (advanced) settings.
It could be a bit of work in the UI and finetuning the modes. And it clearly means a lot more settings to be made up, but the result may worth it.

Advaned features such as lightening, coin control and console have been located in separate tabs and I don't think they make any confusion for newbies. By default, these tabs are not visible and any user who enables them should have some information about them.

In my opinion, the only thing which may need to change is how invoices work.
The expiry time makes many newbies think that addresses expire and they have to make the transaction before that time. In my opinion, it would be better if electrum only generated an address once a user clicks on "New address" button and there was another button for creating requests.

If you don't use features, just hide them: Electrum > View > Hide Channels.
As for the malware attack: I'd say you're keeping too much money in a hot wallet if you worry about that. Besides, removing features from Electrum won't change the risk caused by other software you have on your system already.

If you really want to slim it down: it's open source :)

Electrum can be used as a hot/cold and watch only wallet, so I don't see any problems there. It is my number one BTC (SPV) wallet.

This could indeed be the one size fits all, although I still think unused features should be removed entirely (maybe available as downloadable extra modules).

Hiding isn't enough in my opinion, see above.
Yeah, I was hoping someone else would do that as I'm not smart enough to fork the project...

Greets.

Removing the features completely would.. what, make the exe smaller? I don't see a real benefit there.
On the other hand, although some may be experienced bitcoiners, may have issues installing and verifying extra modules. Or the installer will need to be more complicated.
Moving the code out, making everything "pluginable" would also mean hella lot of work.
If you also keep in mind that Electrum works from same code on multiple different operating systems, you'd see that splitting electrum would be counterproductive (much more effort and no actual benefits).


Even asking for UI changes means "making requests" for an actually free program. So the developers may or may not consider it.
However, this is discussion. Electrum devs may not pay attention to what we write here. If this kind of requests are to be made, one should write them into Electrum git: https://github.com/spesmilo/electrum/issues

But features unused by you are not unused by everybody. It is far easier from both a development point of view and an end user point of view to simply hide the features you don't want to use than have to install multiple additional add-ons for the feature you do want to use.

If your concern is the attack vector presented by additional features, then your risk model is probably all messed up.
If you are using Electrum as a hot wallet, then it is incredibly unlikely your coins will be stolen by some bug in how invoices are generated, but rather from something like clipboard malware or malware stealing your wallet file.
If you are using Electrum as a cold wallet, then it is even more incredibly unlikely your coins will be stolen by some bug in how invoices are generated, but rather from you accidentally connecting your cold wallet to the internet or from a physical attack on your cold storage.

Electrum wallet is open source, so if you don't like something you can always fork it and remove what you don't want to use.
In theory this could be done but the question is who is going to maintain this release and fix all the bugs that could always come up in future.
You would need to be a developer or to hire someone to do this for you, but I think this is just a waste of time and money.
Lightning Network is getting more popular every day and more exchanges and services are adding support, so I think it would be wise to keep LN in Electrum.

This shouldn't be that complicated though because as I said above this could be seen as a UI issue so you don't have to remove the feature, you just have to hid it in the UI so that the average user doesn't have to deal with the confusion those "advanced" options may cause.
You don't necessarily need to fork the project either, you could ask the devs to start working on hiding the features under advanced features for example.

But features used by you are not used by everybody.
We need figures to make sense. This was the purpose of this topic but nobody says if they actually using invoices or lightning other than for testing...

I don't think my risk model is messed up as it's the only thing I don't have under my own control which I always consider the biggest risk.
Servers sending malicious messages (in the past) illustrates this perfectly. The software didn't stop anything, my own caution saved me.

Greets.

If you are a hodler like you said in your first post, but you saw the arbitrary messages that malicious server operators posted in the past, you are using Electrum as a hot wallet and that's not the recommended way. The positive thing is that you didn't fall victim to the phishing messages. If you used Electrum as a cold wallet, you wouldn't have to worry about server messages, LN, invoices, etc. You can't drown if there is no water and if you are in a desert.  ;) 

Sorry, I don't see it. If you don't want to use some of the features, don't do it. It really is that easy.

Electrum wasn't developed to fit just one type of person. I have never used an Invoice on Electrum. But I have also never clicked on it by mistake or just for the fun of it. I have never used the console tab either (can be switched on/off from the settings), but I have never accidently opened it when trying to generate an address. Just use the stuff you need and forget about those you don't.

I never said I have only one wallet/setup/electrum/device. My hodling wallet and stacking wallet are on different devices and have a different setup.
You can (if you want that) even run different setups/electrums on the same device by combining the installed, stand alone and portable versions of electrum.

Hiding features doesn't make them go away. Hiding possible vulnerabilities doesn't make them go away...

Greets.

Which vulnerability did you heard of recently partaining to Electrum wallet? But that does not mean vulnerabilities are not getting fixed though.

I thought you have been provided absolute solutions to this above, electrum is still one of the best light client wallets, but you may not like some features on it, then you can hide it, if you thinking hiding it is not enough, Electrum is fully an open source wallet, you can reduce the features to the ones you prefer.

Possible vulnerabilities and bugs can exist in the most basic features of Electrum as well. In theory. When Electrum allowed servers to send out arbitrary messages, it didn't support the Lightning Network. But it still allowed something that shouldn't be there. If you limited your Electrum client to just receiving, sending, and generating addresses, something could be found in the randomness of the seeds, address collisions, and so on.

Electrum is a good Bitcoin wallet with important features. If it gets chopped up into parts and pieces where you will be forced to install or opt in for separate functions, people will just switch to something else.   

I do see where you are coming from, and I completely agree that unnecessary and extraneous features or tools add additional attack vectors. I've said as much before about a hardware wallet which has games on it, and about installing a bunch of other software on any device which you are using to hold large amounts of bitcoin.

However, Lightning support (for example) is neither unnecessary nor extraneous. Electrum offers a wide range of functions which some users don't use, such as multi-sig wallets, coin control, RBF, Lightning, and so on. As bitcoin develops, then more features will be implemented, such as taproot. Many people want and use these features; some don't. If you don't want these features, then don't use them. If you feel they are posing an unnecessary risk for you, then use different software or a different set up which completely mitigates such attack vectors, such as an airgapped device.

Which is better to have several options or not to have a choice? If you don't want some of the "advanced features" don't use them, or rather don't use any service if you don't understand how it works otherwise you may end up losing your money and no one may be able to help you.

Electrum wallet is not that wallet that cares a lot about GUI, so if you are looking for the interface and an easy-to-use wallet for newbie, you may want alternative options ----> https://sparrowwallet.com/

Hmm... Seems everyone here want to discuss my security model instead of electrum's.
Every software developer knows that removing (unused) code makes software less vulnerable because it reduces the attack surface. That's a fact. Strange that some people defend extra features (extra code) even if they are not using them...

I was not looking for a solution, as I had no problem with electrum to begin with, but only venting an opinion to make electrum more safe en more user-friendly.

@Pmalek (https://bitcointalk.org/index.php?action=profile;u=112493): FYI I see you merited a reply (https://bitcointalk.org/index.php?topic=5394184.msg59834513#msg59834513) with false information. Electrum is suitable for hodlers.
=> https://electrum.readthedocs.io/en/latest/coldstorage.html (https://electrum.readthedocs.io/en/latest/coldstorage.html)

At least someone understands what I'm saying. Although you don't agree with me, you give a funded opinion.

Greets.

Nobody is disagreeing with your "fact" here but what nobody agrees with is your false assumption that there is unused code or features in Electrum that needs to be removed.
Maybe you should explain explicitly why you think a certain feature is unused?

You can't talk about facts without providing some yourself. In one of your posts you said that "many people" are confused with Electrum's extra features. Even if that's true (which you haven't proven with statements from those many confused people), that doesn't make them useless. It just means that people don't know what they are, but that's their fault. If you don't know what something is or how to use it, you check the documentation, do a Google search, or ask on a forum, such as this one.

I am curious about why you think you get to decide what is OK and what isn't? I have said previously that I don't use Electrum's LN, but if I given a chance to get rid of it and my vote determines its future, I would vote against having it removed. Just because I don't need it, what right do I have to decide what others can do?

If you are a hodler like you said, and you use Electrum as a cold-storage (which I assume you do), how can a vulnerability in one of the features you don't like affect your wallet? If it's a properly set up cold-storage, no one can take advantage of anything over the Internet. It shouldn't be possible to establish a connection from your PC. If you have full-disk encryption and password-protected open-source OS with private keys and seeds stored offline, no one can steal your personal information even if given physical access to your computer.     

Electrum's coverage is around 60%, which is not very bad (https://coveralls.io/github/spesmilo/electrum?branch=master)
I did not check exactly which lines are uncovered, but knowing developers and product's reliability we may assume all the critical parts are sufficiently tested.
Everyone may use SonarQube to see quality of code and make their own opinion about it.

I do not know if OP is mentioning features which are not (or rarely) used by end-users or pieces of coda which are not called/not used. It is true that code cleaning is always a good idea, but if there is code which is never used, I do not see why it could be dangerous (creating a new attack vector). It would be just annoying for developers.

I have to agree with you .... I will rather prefer a slim version of Electrum with all the basic features you need... than a feature rich version of Electrum with bells&whistles you almost never use. (Make those add-ons for the people who wants to use it)  ::)

As you said in your post.... loads of features increase attack vectors for more exploits and that is not what we want. Now you have a feature rich wallet with a lot of holes and weak security. (This will also force regular updates and fixes and newer version of the software.. that will open up opportunities for hackers to exploit that too) - Solarwinds hack was done via an update ==>  "install the malicious code into a new batch of software distributed by SolarWinds as an update or patch." Source : https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know     ::)

I would agree with you if Electrum had a history of people taking advantage of various bugs and vulnerabilities that weren't fixed and tested thoroughly before they got rolled out as new features. But I don't remember such incidents that caused serious problems. Maybe someone can refresh my mind?

Just because there weren't any in the past, doesn't mean there won't be any in the future. It's better to be safe than sorry. However, this is still a suggestion to fix something that isn't broken in the first place.

To answer your question: Just as an example... Maybe a future (or present) feature can be used to activate the (built-in Wifi) network adapter of my device which I carefully disabled? Maybe it works as a trigger for other software or even OS components to start the network adapter? We will not know it until the day it actually happens. That's what they call vulnerabilities/exploits.

Even more, I think it's very twisted reasoning to defend extra features because of others who remain silent in this topic. Also, I'm not asking the actual removal of features but merely suggesting there could be multiple electrum versions with different features or extra features could be offered via downloadable plugins/extensions.

Right, you suggest that we wait until it's broken? We all know how all those wallets with lots of features end... with lots of vulnerabilities/bugs and very frequent (risky) updates!
Electrum is the best and safest BTC (SPV) wallet we have today, let us keep it that way by keeping things simple.

Greets.

That's the problem and the point I am trying to make. You are not supposed to have network adapters and WIFI cards present in your airgapped system. They should be physically removed. If they aren't there, a bug, vulnerability, or malware can't activate something that doesn't exist. That's why I said properly airgapped device.

Unfortunately, we are going back to your security model again. If your security model mitigates most attack vectors, you don't need to worry what is going on with the code in the features you aren't using.

You are not accepting that this topic is about electrum's security model and not about mine. In your opinion I should mitigate all vulnerabilities and flaws that electrum has and will ever have. Twisted reasoning again, the software itself should be as secure as possible to begin with.

Since we're going in circles, I'm not going to reply again if it's about my security model.

Greets.

You are welcome to take your suggestions to Electrum's GitHub (https://github.com/spesmilo/electrum/issues), explain your reasoning, and propose new solutions. Anyone can create a new issue thread. Who knows, maybe you will even get some support by the community. I remain skeptical, but that's just me. Maybe the Electrum developers even have a way to check how often a feature of their software is used. Although that would look like spying on their customers. Ask and see if there is any data that can back up your theory of unused and unwanted features.   

I find Electrum's feature set quite basic and somewhat just right for me. I'm not missing something, it feels just right. I'm no newbie and chose Electrum deliberately because of its reputation as a well maintained SPV wallet.

I understand the OP's viewpoint, but disagree to remove features as I believe this could make software development and maintenance more complicated and thus likely more error prone. Following OP's philosophy you'd need to agree to a more basic set of features. I guess many users might have very different minimal feature sets to agree on. This could distract new users who'd need to execute further actions to add some features they're missing. A plugin systems adds more complexity and likely opens new attack surfaces; you'd have to carefully check each plugin to be genuine and not tampered with...

As long as Electrum has a feature set that serves many users, it will stay an attractive wallet. This is motivating for the developer(s) and possibly also attracts more people to engage with maintenance and further development. Splitting the wallet into a basic and advanced version isn't easy and wastes dev energy and complexity.

The OP's example of some feature of Electrum reactivating some network devices is in my view rubbish as this shouldn't be a function of a wallet to mess with network devices (yes, I get it, it was only an example). I'd see this clearly as an error of the OS or other parts of the running system but not Electrum's. You shouldn't blame all glitches to the wallet, though.


Electrum is my main wallet of choice, I run my own Bitcoin node and Fulcrum server to feed my Electrum wallet with my own blockchain data set. I don't want my wallet to restrict me. All I need with a wallet I find in Electrum. I won't say I use every feature of Electrum, but I'm very fine with it that I could if I had to. That's what I love with Electrum.

I want to add that even if you have a Wifi adapter in your laptop, Electrum (or any other application running with user permissions) shouldn't have access to enabling it. That's something you can disable on a system level, requiring root access to turn it back on.
I expect the threat coming from Electrum itself to be smaller than potential threats coming from other software on the average PC. If you want to remove features from Electrum to reduce potential attack vectors, you'll need to do the same to your entire operating system.
So keeping it offline is much easier ;)

There's a reason for that: Electrum security can't be seen on it's own. It's not a standalone device, it's a small part of much more software you're using.

Exactly (to the bolded part above).  Electrum isn't hard to use if you're just sending and receiving bitcoin--and certainly not if you're just holding coins long-term.  If the latter is the case, you don't even have to see the available features all that often unless you're checking your balance like a madman. 

I don't use 1/3 of the features Electrum offers, but I don't find their presence to be intrusive and I'm not sure why OP does, or why he thinks the wallet should be simplified.  I say as long as security remains strong, load it up with as many features as possible and keep them out of sight so advanced users will use it and less advanced ones (like me) will still feel comfortable doing the same.

And if you're just storing coins for the long term and using Electrum to do so, all you really need is either a piece of paper or metal to put the seed phrase on, and a place to store the addresses for receiving coins if that's necessary.  A hardware wallet, as others have suggested, doesn't even offer any additional benefits that I see.

This is much of a better option but also you can even decide to use a watch-only wallet along side the Electrum cold storage. This is the guide below which for ease reason, will require two devices, any or both Electrum on computer or mobile phone can be used as watch-only or cold storage.

https://electrum.readthedocs.io/en/latest/coldstorage.html

The master public key can generate addresses which is what watch-only wallet is using to generate addresses, but can not be used for spending but for only tracking transactions (the reason it is called watch-only) because no private key or seed phrase is imported (no spending). The watch-only wallet can be used to making unsigned transaction which would be transferred to the the cold storage wallet (in which the seed phrase that can generate the private key, or the private key itself is imported) through USB or QR (QR code recommended) to be signed on the cold storage device which is transferred back to the watch-only wallet through USB or QR code to broadcast the signed transaction.

But any of the option used, it is still truly highly important to backup seed phrasen (like on a paper or steel sheet), having like 2 to 3 backup in different locations.

Hardware wallet can be useful for people that want to use altcoins, but not necessary and not a better option for bitcoin users that go for cold storage like Electrum cold storage which is better. Also, unlike buying hardware wallet from the company that are selling it which can sell your data or in which the data can be breached by hackers like the Ledger Nano data leak, what was most painful during the leak were people calling (although speaking different language) people that bought Ledger Nano directly from the company that they will visit their home. That is threatening.

He says that more features (which also means more code) could create more possibilities to attack the software due to a vulnerability somewhere. In essence, his opinion is not wrong. The bigger the codebase is, the greater the chance that a mistake was made somewhere that was overlooked. His problem though is that he doesn't want people to question his own setup. But if he changed his own methods, there would be no reason for the Electrum developers to simplify their app and allow users to handpick what they want to install and what not. And even if they do, there is no guarantee that such a vulnerability wont be discovered in the most basic feature the wallet has.   

But there can be a building as high as Burj Khalifa but resistant to storm and heavy rainfall, but there are several low buildings that are not resistant to wind and heavy rain. There can be wallet with simple codes but vulnerable to attack just like you mentioned later while Electrum is still known to be safe.

I did not want to repeat myself, but I seek pardon. Electrum gives answers to it all. If he does not want to use what the public are using, according to what LoyceV posted before, Electrum source code is completely (100%) open source, he can slim it down. This is the only option left which I will not even advice him to do if he is not professional enough in the field for him not to make what is not known yet vulnerable to be easily vulnerable against attack.