No 'full node', my coins ?

[Tuffers]

Hi.

Sorry, new here.

Got some coins from a variety of exchanges and withdrew to my Ledger Nano S.

Then read article saying 'no full node = might not be your coins'.

I don't have the knowledge (or computing space) to run a full node.

How much of an issue could this be for me and is there any way to verify the coins are legit and in my cold storage.

I'm not a trader, I intend to keep them as long as possible.

If this has been answered before, could someone point me as to where.

Thanks.

[o_e_l_e_o]

The common saying is "Not your keys, not your coins". You do not need to run a full node to know that the private keys within your Ledger device are storing the coins you think they are.

is there any way to verify the coins are legit and in my cold storage.

You can look up the addresses generated by your Ledger device on a block explorer such as blockchair.com. If you see yours coins present on the addresses, then the coins are effectively in cold storage. (Note that coins are never actually "in" your hardware wallet - all that is in your hardware wallet are the private keys which allow you to spend those coins. The coins never leave the blockchain.)

When looking up your own addresses on a block explorer, if you are concerned about privacy then you should do so via Tor, so as not to obviously link your IP address to your bitcoin addresses.

[ranochigo]

I think it should be more of having access your private keys or not. The benefits of having a full node mainly lies within the fact that you're validating the blocks yourself as compared to most SPV wallets which Ledger relies on. SPV wallets functions on trusting the longest chain difficulty-wise to be valid, while this doesn't guarantee that the blocks are exactly valid, it would prove that there is sufficiently high proof-of-work on that chain itself and would be probably valid. This shouldn't actually cause any issues or pose as a security risk in normal use. The privacy aspect would favour full nodes greatly though.

If you have to get a second source for the transaction, you can try querying the transaction ID or the addresses on the blockexplorers as an alternative source.

[Tuffers]

Thank you both, that has put my mind at rest.

I'll check the address via a separate pc.

[BitMaxz]

There are two wallet options the custodial and non-custodial wallets if you are going to use an online wallet mostly those wallets are custodial wallets that you don't have full control(Mostly exchange wallets).
Like o_e_l_e_o said it mostly says "Not your keys, not your coins" I never heard that someone said "No full node, not my coins".


If you want to own a bitcoin always use non-custodial wallets like Electrum or wasabi.

Read this "Blockchain Explained: Custodial vs Non-Custodial Wallets" and this "Custodial vs. Non Custodial Wallets - "Not your keys, not your coin" Explained."

[xenon131]

I never heard that someone said "No full node, not my coins".

coin control.

[xenon131]

Having own  hands on  validation is good  for privacy and adds to decentralization but  has no  effect on  the coin control.

While it's true, there are some notes,
1. There are light wallet wallet which offer decent privacy such as Wasabi Wallet.
2. The full node have far bigger benefit to decentralization only if you allow incoming connection and properly configure your router (where only some user know about it or how to do it).

 That is true.

[bob123]

1. I would stay away  Wasabi's  mixing feature  because it is ideal tool for the adversaries    ^{to taint your addresses}, but sure this is my personal choice.

How is your conclusion to "stay away from coinjoin" ?
The authors don't even consider the case where coinjoin is used. Simply because their methods wouldn't work.

It only allows to know that the coins come from a coinjoin. And if there is 1 transaction in-between, you already can't be sure anymore whether they belong to the same entity.

From the paper:

This assumes that the user is versed in privacy and does not for example reuse addresses. It also assumes the use of techniques such as CoinJoin to prevent addresses from being connected. These techniques add additional overhead and are too advanced for the average Bitcoin user so they received little to no traction

and

The counter-example to this would be the CoinJoin (9) principle. This effectively allows multiple disparate entities to include their unspent outputs into a common transaction. But it also requires a party to act as a synchronizer between all other parties. This creates a high level of complexity which leads us to believe that such principles are rarely used.

I don't see why one would discourage from using coinjoin based on this.

[ranochigo]

Paper is  centred on  the method to  spoil addresses  with tainted coins rather then privacy . It doesn't matter  from which address  such  coins would come. CoinJoin is perfect tool for such kind of attack as it is capable to hide adversaries' addresses.

If you are using a mixer or using Bitcoin in general, most of your coins or addresses are already tainted, with the varying degree depending on the definition of "taint". If you're having issues trying to use tainted coins, then you're going in the direction of "Bitcoin is NOT fungible". If that's what you're thinking then it would be better for you to try to get some newly mined coins and avoid using any other Bitcoins. It is by no means a reason for people to stop using CoinJoin but it is a reason for people to stop using services that defines tainted coins.

Not a good idea ^{Bitcoin over Tor}. " In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can delay or discard user’s transactions and blocks"

The paper is quite outdated, 2014 and there are thousands of reachable onion Bitcoin nodes which ensures that the traffic are unaffected by any rogue exit nodes whatsoever. The paper basically described a Sybil attack over Tor, or at least that was what I understood from skimming through the paper. I assure you that Tor gives you as much privacy as you can expect. Your ISP or your VPN provider has a higher chance of doing whatever is described in the paper.

Wasabi wallet, when used without a Bitcoin Core instance still provides more than sufficient privacy, using BIP158 and to reduce the signature by selecting multiple Tor nodes to fetch relevant information. It also uses Onion nodes only, and taking the exit nodes out of the question.

Yeah, but 8333 is default one.

Yes. But it doesn't change the fact that running a Bitcoin node without the default port will still help the network to be decentralized. The gossip protocol makes it such that port 8333 is not mandatory and it'll still be easy for people to connect to your node via some random port.

[ranochigo]

The problem has been aggravated over time.  As of 2020 ^{24% of exit nodes} have been controlled by hackers.  

No. The problem doesn't exist because we do not use exit nodes if you're using nodes with onion address. In the scenario that Wasabi wallet's Tor address fails, it's fallback server has enforced HSTS which prevents SSL stripping. Sybil attack are expensive to execute, at least for Bitcoin Core. You cannot continue the chain without sufficient valid POW and it would definitely be more profitable to just mine legitimately if you have that ability to mine a block.

Zero chance for both of them. I'm using dVPN.

Traffic has to go through an outpoint for that, unlike Tor which keeps the connection within the network.

AFAIK, seed nodes prefer to communicate via 8333 port, or I'm wrong with that?

DNS Seeds doesn't matter. You're connecting to, not from. Yes, clients prefer 8333 over nonstandard ones.

[tranthidung]

Then read article saying 'no full node = might not be your coins'.

I don't have the knowledge (or computing space) to run a full node.

As other said, you only need a private key or mnemonic seed (depends on wallet) of your wallet in order to control bitcoin in that wallet.

• https://notyourkeys.org/
• https://www.lopp.net/bitcoin-information/recommended-wallets.html
• Mastering Bitcoin - The Bitcoin network
• Miners and Nodes (see the explanation for nodes)
• What Is A Full Node? & Support the Bitcoin network by running your own full node

How much of an issue could this be for me and is there any way to verify the coins are legit and in my cold storage.

If you don't care much about your privacy, you can use Electrum wallet and use it as cold storage (you need 2 computers)

• TUTORIAL: How to use Electrum (for advanced users) (See point #4 for Cold storage)

[ranochigo]

AFAIK less than 25% of all nodes have onion address. Having all nodes with such addresses is bad because bitcoin (I mean net) becomes dependable on any bug in TOR protocol. Recent event has shown that. Generally speaking,  running node on TOP  is a bad idea because you automatically  fall into the focus of those who are responsible for the country security. Hope you will understand what I'm talking about.

Yes. Which is why we don't enforce Bitcoin to be on Tor only! Running node on Tor doesn't single you out, I do not understand what you're trying to get here. Running a node on Tor will not allow anyone to identify your IP, conversely, running it on Tor will obfuscate your privacy sufficiently. Running a node on Tor would definitely be more secure than you running a node on the internet, running a node on Tor will not allow your ISP or whoever identify that you are running it, connections are encrypted from point to point.

It has,  but neither ISP nor VPN provider has the relation to that outpoint.

Yes. So do you understand that the paper that you've linked is about MITM which is also relevant to dVPNs and poses a security risk, perhaps even more so than your VPN provider or ISP and arguably less security and privacy than Tor?

I don't think this is very productive, if at all and should be shifted to a separate thread if you'd like as any further discussions could be a little off topic. From the discussion, I've inferred these points:
1. Tainting whatever coins or UTXO you have doesn't matter. It shouldn't matter because you're using CoinJoin and it doesn't automatically make you culpable of any illicit activities that the funds are responsible for. Not a reason to avoid CoinJoin.
2. The research on breaking Tor's privacy is outdated and infeasible. The nature of Bitcoin onion nodes keeps it within the onion network, eliminating rogue exit nodes. Having Bitcoin onion nodes is NOT bad, it helps people to circumvent regional restrictions and to maintain their privacy. Tor does not make Sybil attack much easier or cheaper. The nature of Tor doesn't result in the privacy to be broken easily. It is the way to go if you have to preserve privacy.
3. Decentralized VPN is a rebranded Tor. It does not mean that it is better, just a less tried and tested way to essentially achieve the same thing.

[bob123]

Paper is  centred on  the method to  spoil addresses  with tainted coins rather then privacy .

Which is completely irrelevant to CoinJoin.
There is literally not a single reason to bring up that paper as a reason to "not use coinjoni".

Not a good idea ^{Bitcoin over Tor}.

I know that paper very well.
This is practically not easily doable anymore.

The network has grown significantly. While this still is possible in theory, practically it is irrelevant. Especially if you don't make huge blunder, like allowing to connect via clear net or connect via Tor and clear net from the same node.
This might have been a valid attack vector in 2014, but is negligible nowadays. Especially if you know what you are doing.