Electrum - Trezor (any hardware wallet) privacy question

[Coin-Keeper]

I might need someone that actually runs an Electrum node/server to get this question answered with certainty.  The privacy concern I am starting to investigate is the device # of the hardware wallet being displayed/captured (and potentially retained if a server is nefarious).  This could someday become an issue depending upon WHO controls a website or server.  One of the benefits of BTC is that via "extended seed words" you can have unlimited hidden wallets.  BUT- if your hardware wallet device # is being retained then it would be quite trivial to connect device # XYZ to numerous mpk's making ALL your wallets anything but hidden. e.g. Trezor's site always grabs my Trezor device #s and it is reflected in the url's.  Sure there is a button to "forget" the device, BUT from a security perspective how can I be sure that is happening.  Answer, I can't.

Please is there an Electrum server operator here that can connect a Trezor to their system and see if those device #s are viewable at all?

I am a coder and before I spend my time trying to work on a GitHub suggestion where we could spoof the device # using small code on the SD card, I wanted to see if my concerns have merit.  I am happy to use Electrum servers as opposed to other sites, but I need/want this question answered.

Be honest.  Would many here have an interest in their Trezor T's transmitting a different device # every time you connect them to the internet? Of course I mean optionally, because there is a use case scenario where some want those retained for speed.  This could be a trezorctl loaded option.  I would immediately use such an option.  Just a thought.

[HCP]

Unsure about ElectrumX or EPS... but with electrs (and debug level set to "Trace") I cannot see any obvious hardware ID that is passed through from Electrum... Of course, "Absence of evidence is not evidence of absence", so that doesn't necessarily mean it's not there, just that it's not being displayed or debugged by the electrs server software.

Additionally, I think you might be looking in the wrong place to start with... you would probably be better hunting through the Electrum client code to see if the deviceID is even being read/used by Electrum itself... after all, it can't pass the deviceID to a server if it doesn't have it.

Perhaps ask on the Electrum github if the Trezor (or any hardware wallet) device ID is being read by the client when you attach it.

[Coin-Keeper]

HCP,

Those are some good ideas.  I just know that when I have one of my Trezors connected and I am looking through Electrum; I can pull up my device # in obvious places like advanced settings to change things.  Seems like if Electrum can see it anywhere/anytime it might be available to server/nodes depending upon how Thomas V has locked the code to/from the electrum network servers?

The thing that got this running in my mind is when I connected a Trezor to trezor.io.  While there I glanced at a dummy wallet and observed the device # is captured in the url.  How in the world can that be a good thing for my privacy driven mindset?  I was sitting behind VPN's so I am OK, but this device # is a bad thing especially for users with multiple "hidden wallets".  Major unmasking possibility in the wrong hands.


Thomas V,

Any chance you are reading along here?  If anyone would be the ultimate authority on this it would be you.

[HCP]

Your comments made me go looking... I had honestly never noticed the "Trezor Settings"!!?! (probably because I mostly use the Ledger and clicking the Ledger icon doesn't do anything )


Yes, it would appear that the wallet can read the DeviceID... which, as you say, could indeed be problematic for "plausible deniability" if a nefarious server received both the DeviceID and master keys...

I would guess this is not unique to Electrum either... and that any Trezor compatible wallet would be able to read this data

[pooya87]

i can't think of any reason why your client sends any information about where your wallet is coming from (the hardware wallet) to a server and i can't find any indication of it sending soft_device_id to the servers in network class but you should go through the code yourself to make sure.

locally it has to fetch this information about the hardware wallet you connected and keep track of the hardware wallets to pair it with your wallet.

[DireWolfM14]

i can't find any indication of it sending soft_device_id to the servers in network class

I think the OP's question is whether the server code can be manipulated to request that information.  Electrum client does have access to the device ID, and it would make sense that it's not sent it to the server, but are there any safeguards prevent the server from accessing the device ID?

I wish I could read the code to audit it myself, but I'm afraid I have a steep learning curve to overcome with Python.

[Coin-Keeper]

locally it has to fetch this information about the hardware wallet you connected and keep track of the hardware wallets to pair it with your wallet.

I realize this is an Electrum thread, but I am reminding readers that Satoshi Labs grabs the device # for sure and even uses it in the connection url's ----- bothersome for sure!

Back to Electrum:

Also, I don't think you need device # to pair it with your wallets.  I would much prefer the code to use mpk's for pairing because those are NOT device specific.  Think of a use case where a user has e.g. 4 wallets thinking that 3 of them are "hidden" and one is a decoy for the $5.00 wrench attack.  BUT they are not hidden in a bad server scenario since all mpk's ever connected could easily be paired with the device # if its retained in memory.  In other words NOT hidden at all!

If a device # is required to make things work then I suggest a code manipulation where a Trezor T "spoofs" the device # just like I do on my linux systems for MAC.  Every time the T was connected it would be a different device # (unless you wanted it to remain static).  There is tons of room on the SD card for such a simple task.

[HCP]

I think the OP's question is whether the server code can be manipulated to request that information.  Electrum client does have access to the device ID, and it would make sense that it's not sent it to the server, but are there any safeguards prevent the server from accessing the device ID?

As far as I can tell... it is mostly simple request/response initiated from the client... That is to say, the client sends a request, the server sends a response.

However, as per the Electrum Protocol, the client does receive "notifications" when it has "subscribed" to receive updates regarding various scripthashes.

But this is not the server querying the client as such, it is simply sending a message with the updated data.


Also, from my limited testing on my personal electrs server, the requests made from the client when using a Trezor, look much like the requests made from a client using a "standard" wallet. I don't see anything obvious in the raw request data that would enable you to differentiate between the two types of wallets.

I realize this is an Electrum thread, but I am reminding readers that Satoshi Labs grabs the device # for sure and even uses it in the connection url's ----- bothersome for sure!

I guess that's because the wallet "client" and "server" are essentially the same thing when using the Satoshi Labs web wallet... but yes, deviceID being transmitted in URL plaintext is a bit of a privacy concern.

[pooya87]

i can't find any indication of it sending soft_device_id to the servers in network class

I think the OP's question is whether the server code can be manipulated to request that information.  Electrum client does have access to the device ID, and it would make sense that it's not sent it to the server, but are there any safeguards prevent the server from accessing the device ID?

well it doesn't matter what the server  does, the only important thing is whether the client answers to such requests. otherwise the server could also ask the wallet to send the master private key to it easily but obviously the client won't respond.

the safeguard would be the Network layer having no access to the device ID and client not having any support for such requests.
the source code should be analyzed though. i spent 25 minutes yesterday and didn't find anything but it is best if someone with more experience in python and familiarity with Electrum code to look into it.

[Coin-Keeper]

the safeguard would be the Network layer having no access to the device ID and client not having any support for such requests.
the source code should be analyzed though. i spent 25 minutes yesterday and didn't find anything but it is best if someone with more experience in python and familiarity with Electrum code to look into it.

Agreed, but now to find a definitive answer.

I guess Thomas V doesn't respond here much, but this thread subject is kind of important I think.  I will wait a day or two and if all is still silent I may bring this over to GitHub.

[pooya87]

I guess Thomas V doesn't respond here much, but this thread subject is kind of important I think.  I will wait a day or two and if all is still silent I may bring this over to GitHub.

his account hasn't been online for nearly 2 months. you may want to send him a personal message since by default users receive an Email when they get a PM and that may get his attention.
https://bitcointalk.org/index.php?action=pm;sa=send;u=3137

[Coin-Keeper]

PM sent.   Stay tuned!