Changing inaccurate factoids

[btchris]

I just happened to come across a "factoid" (actually MZ pointed it out) that seems inaccurate to me:

There are several different types of Bitcoin clients. Hybrid server-assisted clients like Electrum get a lot of their network information from centralized servers, but they also check the server's results using blockchain header data. This is perhaps somewhat more secure than either server-assisted clients or header-only clients.

That last clause "or header-only clients" is what seems inaccurate to me. Could someone point me to a rationale for that clause, or alternatively recommend how we could get it removed?

I find it a little bit concerning because it might encourage Electrum's use over a P2P SPV client, and AFAIK there's no tx-validation-security reason to do this. There may be a reason to prefer P2P SPV clients when it comes to privacy issues vs Electrum/Stratum.

[1714885362]

1714885362

[1714885362]

1714885362

[1714885362]

1714885362

[Muhammed Zakir]

Thank you, btchris for taking the time to post to resolve this!

P.S. I am also curious to know the answer.

[Quickseller]

The factoids were written by the donators. Each donator got to have one factoid to submit/publish as part of their reward for donating.

There are a good number of factoids that advertise sites that have been defunct for years

[redsn0w]

The factoids were written by the donators. Each donator got to have one factoid to submit/publish as part of their reward for donating.

There are a good number of factoids that advertise sites that have been defunct for years

I think them should be fixed or not?

[btchris]

The factoids were written by the donators. Each donator got to have one factoid to submit/publish as part of their reward for donating.

Thanks for clarifying, I didn't realize that. I suppose if it's effectively an ad, and is accompanied by the standard ad disclaimer, then it's not really a big deal if it's a bit inaccurate.

[theymos]

Those informational factoids were mostly written by me. That one is correct. Electrum uses both Stratum servers and SPV, so if these sources of information disagree then Electrum should warn the user (though I don't know how good it actually is about this). This makes it stronger than either method alone.

[btchris]

Those informational factoids were mostly written by me. That one is correct. Electrum uses both Stratum servers and SPV, so if these sources of information disagree then Electrum should warn the user (though I don't know how good it actually is about this). This makes it stronger than either method alone.

Isn't the source of the block headers and Merkle branches for SPV the Stratum servers?

IOW, with Electrum you're registering your addresses with one or more Stratum servers (out of 14 I think globally, if that matters) for tx notification purposes, and you're asking for blockchain headers and Merkle branches from those same servers for SPV.

With P2P clients, you're submitting bloom filters to one or more full nodes (out of thousands globally) for tx notification purposes, and you're asking for blockchain headers and Merkle branches from those same servers for SPV.

I'm definitely not an expert on Stratum, so I could be wrong here, but these two methods appear fairly similar to me (except for registering individual addresses vs. a bloom filter).

[theymos]

Isn't the source of the block headers and Merkle branches for SPV the Stratum servers?

Hmm, I thought that Electrum connected to the Bitcoin network, but it looks like you're right.

I guess calling it a "hybrid" wallet is therefore maybe not accurate. However, most SPV clients (all clients based on BitcoinJ) only ever connect to nodes returned by the centralized DNS seeds, and there are fewer DNS seeds than Stratum servers. So Electrum is more decentralized, and they are also not vulnerable to Sybil attacks, which the DNS seeds are not smart enough to provide much protection against. So I still think that Electrum's way of doing things is more secure than, say, Bitcoin Wallet for Android's.

Privacy-wise, SPV is probably better in normal circumstances because you don't have to give anyone a list of your addresses. (Though sending a peer a Bloom filter still gives them info about your addresses that they might be able to use to trace you.)

[btchris]

most SPV clients (all clients based on BitcoinJ) only ever connect to nodes returned by the centralized DNS seeds, and there are fewer DNS seeds than Stratum servers. So Electrum is more decentralized,

We're comparing 5 seeds tracking thousands(?) of full nodes vs 14 Stratum servers... 14 > 5, and 1000 > 14—it's difficult to judge which is more decentralized IMO.

and they [Stratum servers] are also not vulnerable to Sybil attacks, which the DNS seeds are not smart enough to provide much protection against.

That's a good point, but conversely collusion among Stratum servers, with their small count, is easier (and likewise for dns seed servers).

I think it's too hard a comparison to reach a conclusion of one method being more "secure" than the other. Of course, the factoid doesn't say "more secure", it more carefully uses "perhaps somewhat more secure", so if you still think "or header-only clients" should remain, I'll just drop this