Bitcoin Forum
February 23, 2020, 08:47:53 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How bad (or good) my privacy is if I run a SPV wallet?  (Read 169 times)
butka
Full Member
***
Offline Offline

Activity: 434
Merit: 221


View Profile
July 03, 2018, 05:19:03 PM
 #1

Obviously, if I run a full node, I can query the copy of the public ledger locally, and my privacy is very strong. Nobody but myself is able to see what addresses I'm interested in.

On the other end of the spectrum, if I let some centralized system (web wallet) hold my keys, then obviously I have given up my privacy.

But what about if I run a SPV client (wallet)? Then the client has to rely on other full nodes in the system to query for addresses. And let's suppose that the nearby nodes are honest and that I'm not concerned with security. But what about privacy? Can it potentially be compromised by say some third party intercepting my queries and collecting a list of my addresses?

In particular, Electrum, as far as I know, is SPV wallet. How strong my privacy is with Electrum?
1582447673
Hero Member
*
Offline Offline

Posts: 1582447673

View Profile Personal Message (Offline)

Ignore
1582447673
Reply with quote  #2

1582447673
Report to moderator
1582447673
Hero Member
*
Offline Offline

Posts: 1582447673

View Profile Personal Message (Offline)

Ignore
1582447673
Reply with quote  #2

1582447673
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582447673
Hero Member
*
Offline Offline

Posts: 1582447673

View Profile Personal Message (Offline)

Ignore
1582447673
Reply with quote  #2

1582447673
Report to moderator
1582447673
Hero Member
*
Offline Offline

Posts: 1582447673

View Profile Personal Message (Offline)

Ignore
1582447673
Reply with quote  #2

1582447673
Report to moderator
1582447673
Hero Member
*
Offline Offline

Posts: 1582447673

View Profile Personal Message (Offline)

Ignore
1582447673
Reply with quote  #2

1582447673
Report to moderator
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1316
Merit: 1207


people run from rain but sit in bathtubs of water


View Profile
July 03, 2018, 05:54:17 PM
 #2

Obviously, if I run a full node, I can query the copy of the public ledger locally, and my privacy is very strong. Nobody but myself is able to see what addresses I'm interested in.

On the other end of the spectrum, if I let some centralized system (web wallet) hold my keys, then obviously I have given up my privacy.

But what about if I run a SPV client (wallet)? Then the client has to rely on other full nodes in the system to query for addresses. And let's suppose that the nearby nodes are honest and that I'm not concerned with security. But what about privacy? Can it potentially be compromised by say some third party intercepting my queries and collecting a list of my addresses?

In particular, Electrum, as far as I know, is SPV wallet. How strong my privacy is with Electrum?


I've looked into this myself a little bit but i wasn't really able to find anything, I primarily rely on the answers of these users,

Electrum works differently from a lot of other SPV clients. With Electrum, users are required to connect to Electrum servers. The way blockchain.info track the IP transactions is to see who relayed the transaction to them first. If you're using Electrum, the only possible IP address you would see there is the server's. This does not mean that your privacy is preserved; Electrum servers can see all the addresses in your wallet.



neither!
bitcoin transactions do not contain any IP information and blocks in the blockchain contains these transactions. in other words no IP address is recorded.
if by any chance you mean blockchain.info website then the IP address they list is different, it is the IP address of the node that sent them the transaction first. it may be the Electrum node or it may be another node that is just relaying that tx.

regarding privacy and Electrum the only thing that happens is that when you connect to an Electrum node you are asking them for your transaction history so you give them all your addresses which means that node sees all your bitcoin addresses and can connect them together and also record your IP address and associate these two together. whether they do it or not is another discussion.
in other words there are two things here: they see list of all your bitcoin addresses and link them together even if they are not connected + your IP address. you can hide your IP but you can't hide your address list.

As stated above, i'm not sure if this is actually the case, but i'd be slightly worried if it is, since that would imply that there (potentially) really is no such thing as *privacy* while using electrum without a proxy.

It's weird how there's nothing available on this topic, especially if what pooya87 is saying is true. (Think about the information a single node could possibly gather about it's users right?)

butka
Full Member
***
Offline Offline

Activity: 434
Merit: 221


View Profile
July 03, 2018, 06:20:32 PM
 #3

As stated above, i'm not sure if this is actually the case, but i'd be slightly worried if it is, since that would imply that there (potentially) really is no such thing as *privacy* while using electrum without a proxy.

It's weird how there's nothing available on this topic, especially if what pooya87 is saying is true. (Think about the information a single node could possibly gather about it's users right?)

Exactly. Thanks for providing this information. Strangely enough, I was under the impression the there should be some privacy still present while using electrum. So their servers may choose to keep my data if they wanted, or they may choose to delete it. No, that it matters too much to me personally, but in any case it's good to know.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1918
Merit: 2208

Use SegWit and enjoy lower fees.


View Profile WWW
July 03, 2018, 07:00:49 PM
 #4

AFAIK Electrum and few other SPV wallet use Bloom Filter to protect user's privacy.

Basically Bloom Filter ask info about transaction from lots of address where many isn't actually used by the wallet to obfuscate the full nodes/server and obviously it increases size of requested data. Bloom Filter have configuration how much "privacy" or obfuscate needed at cost of data usage.

So, if the SPV wallet use Bloom Filter or other similar obfuscate features with proper configuration, i would say user privacy should be good enough unless they're targeted.

More info :
https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki
Mastering Bitcoin 2nd Edition, Chapter 8 - Bloom Filter

butka
Full Member
***
Offline Offline

Activity: 434
Merit: 221


View Profile
July 03, 2018, 07:31:37 PM
 #5

AFAIK Electrum and few other SPV wallet use Bloom Filter to protect user's privacy.
Well now if they use Bloom Filters to query the blockchain from their servers, the question still remains is the privacy compromised between the local copy of Electrum I have installed and their servers? Or you want to say that these filters are used right from my local Electrum?
hatshepsut93
Legendary
*
Offline Offline

Activity: 1428
Merit: 1120


( ͡° ͜ʖ ͡°)


View Profile
July 03, 2018, 09:15:57 PM
 #6


In particular, Electrum, as far as I know, is SPV wallet. How strong my privacy is with Electrum?


Check out Electrum Personal Server, it's like connecting your Electrum wallet to your own Bitcoin Core node, so you can use all the features of Electrum without the drawbacks of privacy.

https://github.com/chris-belcher/electrum-personal-server

Sadly, I myself haven't used it yet, so I can't help you with any questions regarding it, but from the description of this project it sounds like exactly what you might need.

butka
Full Member
***
Offline Offline

Activity: 434
Merit: 221


View Profile
July 03, 2018, 09:40:05 PM
 #7


Check out Electrum Personal Server, it's like connecting your Electrum wallet to your own Bitcoin Core node, so you can use all the features of Electrum without the drawbacks of privacy.

https://github.com/chris-belcher/electrum-personal-server

Sadly, I myself haven't used it yet, so I can't help you with any questions regarding it, but from the description of this project it sounds like exactly what you might need.

I didn't know Electrum Personal Server existed. It would require running a full node, which is not yet something I'm willing to do, but I'm planing to in the near future. It would be a great combination, as I like Electrum's features and its user interface and running a full node will definitely make Electrum more private and secure. Thank you very much for the hint.
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
July 07, 2018, 02:54:56 PM
 #8


Check out Electrum Personal Server, it's like connecting your Electrum wallet to your own Bitcoin Core node, so you can use all the features of Electrum without the drawbacks of privacy.

https://github.com/chris-belcher/electrum-personal-server

Sadly, I myself haven't used it yet, so I can't help you with any questions regarding it, but from the description of this project it sounds like exactly what you might need.

I didn't know Electrum Personal Server existed. It would require running a full node, which is not yet something I'm willing to do, but I'm planing to in the near future. It would be a great combination, as I like Electrum's features and its user interface and running a full node will definitely make Electrum more private and secure. Thank you very much for the hint.


Just use Bitcoin Core as a wallet too, but in a separate airgapped safe computer. In an online computer, you run the full Bitcoin Core node, here you have watch-only addresses to see actually how much money you have and keep track of finances. In an airgapped computer, you run Bitcoin Core node offline, and store the keys there for offline raw transaction signing. This is the best possible scenario that I can think. Electrum's seed thing is unsafe due possible key derivation schemes and having your wallet.dat safe is a better alternative unless someone can prove me wrong.
hatshepsut93
Legendary
*
Offline Offline

Activity: 1428
Merit: 1120


( ͡° ͜ʖ ͡°)


View Profile
July 07, 2018, 10:05:48 PM
 #9


Just use Bitcoin Core as a wallet too, but in a separate airgapped safe computer. In an online computer, you run the full Bitcoin Core node, here you have watch-only addresses to see actually how much money you have and keep track of finances. In an airgapped computer, you run Bitcoin Core node offline, and store the keys there for offline raw transaction signing. This is the best possible scenario that I can think. Electrum's seed thing is unsafe due possible key derivation schemes and having your wallet.dat safe is a better alternative unless someone can prove me wrong.

Electrum is by no means "unsafe" in the strict cryptographic meaning of this word, if it was, there would be tons of warnings by experts, like it happened when the last vulnerability was found. If I understand you correctly, you are referring to the vulnerability that requires the knowledge of both master public key and any of the individual private keys. To obtain those keys, attacker would need to either break into the system or use some social engineering to convince the victim to give those keys up, which essentially would mean that any crypto system would be defeated, because they all rely on total secrecy of crypto keys. Realistically, this vulnerability could only be exploited in some big organization when multiple people need to access the same wallet, and someone decided to just give individual private keys from different addresses, not knowing that when combined with master public key, all other addresses get broken. But if someone uses Electrum as their own private cold storage, there's no huge difference in security between it and Core, and this is why Electrum became so popular - it has very good user interface with good functionality, especially for cold storage.

Evil-Knievel
Legendary
*
Offline Offline

Activity: 1274
Merit: 1160



View Profile
July 15, 2018, 03:37:40 AM
 #10

AFAIK Electrum and few other SPV wallet use Bloom Filter to protect user's privacy.

Basically Bloom Filter ask info about transaction from lots of address where many isn't actually used by the wallet to obfuscate the full nodes/server and obviously it increases size of requested data. Bloom Filter have configuration how much "privacy" or obfuscate needed at cost of data usage.

So, if the SPV wallet use Bloom Filter or other similar obfuscate features with proper configuration, i would say user privacy should be good enough unless they're targeted.

More info :
https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki
Mastering Bitcoin 2nd Edition, Chapter 8 - Bloom Filter

Unfortunately not @ Bloomfilters:
Have a look at how Electrum subscribes to watch the user's addresses: https://github.com/spesmilo/electrum/blob/master/electrum/network.py#L1204

But even if it did use a bloom filter, the moment you make an outgoing transaction, you're doomed!
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
July 16, 2018, 12:56:11 AM
 #11


Just use Bitcoin Core as a wallet too, but in a separate airgapped safe computer. In an online computer, you run the full Bitcoin Core node, here you have watch-only addresses to see actually how much money you have and keep track of finances. In an airgapped computer, you run Bitcoin Core node offline, and store the keys there for offline raw transaction signing. This is the best possible scenario that I can think. Electrum's seed thing is unsafe due possible key derivation schemes and having your wallet.dat safe is a better alternative unless someone can prove me wrong.

Electrum is by no means "unsafe" in the strict cryptographic meaning of this word, if it was, there would be tons of warnings by experts, like it happened when the last vulnerability was found. If I understand you correctly, you are referring to the vulnerability that requires the knowledge of both master public key and any of the individual private keys. To obtain those keys, attacker would need to either break into the system or use some social engineering to convince the victim to give those keys up, which essentially would mean that any crypto system would be defeated, because they all rely on total secrecy of crypto keys. Realistically, this vulnerability could only be exploited in some big organization when multiple people need to access the same wallet, and someone decided to just give individual private keys from different addresses, not knowing that when combined with master public key, all other addresses get broken. But if someone uses Electrum as their own private cold storage, there's no huge difference in security between it and Core, and this is why Electrum became so popular - it has very good user interface with good functionality, especially for cold storage.

I see an huge risk. In one hand it makes sense that if someone manages to get just one private key, it would mean your entire security model is weak, but still, im so paranoid about the fact that all future keys generated forever in your Electrum wallet would be compromised due seed derivation. The attacker may not automatically steal all of your funds (as they would do if they got possession of a classic wallet.dat file), because the attacker may way for a long time for you to create a booty big enough to pull the plug. So as you receive payments and buy more and your stack grows the incentive goes higher for the thief to move funds.

We must consider all possible angles of attack. I think it may not be worth the risk, I will stick to wallet.dat, even if it sucks not being able to "have your wallet in your head".
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!