Data I'm exposing when using other server on Electrum

[DTalk]

When we use Electrum wallet, we have to use some random electrum server unless we do own one. I have no problem relying on someone while using Electrum wallet as I use Electrum for a very small amount of transactions which I do regularly. I used to save some little funds in my Electrum wallet. However, sometimes, I have to receive the fund from my main wallet too. As I don't use mixer most of the time, it's connecting me directly with one of my addresses from my wallet. I can use different addresses when transacting, so no issue when I send. My other addresses aren't getting connected with one another.

But, since I'm relying on other servers, am I leaking any info? I think YES. But what are they exactly? What data can a server monitor when I'm using that server?

How can they monitor the data? I mean how this works exactly?
If the data are confidential, which I think will be confidential, I will set up my personal server maybe.

[1715258888]

1715258888

[1715258888]

1715258888

[1715258888]

1715258888

[1715258888]

1715258888

[1715258888]

1715258888

[DaveF]

As far as I know the person running the node will know your IP address and what addresses are in your wallet.
They know your IP since you are connecting to their server and know your addresses since you are asking that server for balance info.

Any light wallet connecting to a server will more or less leak that same info.

-Dave

[AB de Royse777]

As far as I know the person running the node will know your IP address and what addresses are in your wallet.
They know your IP since you are connecting to their server and know your addresses since you are asking that server for balance info.

Any light wallet connecting to a server will more or less leak that same info.

-Dave

Using TOR connection will break the link very easily, and it's easy to connect tor. In my case I have TOR active, so my Electrum do not connect if I open it without running my tor.

[odolvlobo]

How can they monitor the data? I mean how this works exactly?
If the data are confidential, which I think will be confidential, I will set up my personal server maybe.

When you run electrum, the wallet asks the server for information about all of the addresses in your wallet. The server then knows all about all of your transactions.

Using TOR connection will break the link very easily, and it's easy to connect tor. In my case I have TOR active, so my Electrum do not connect if I open it without running my tor.

Plenty of information can be known about you without knowing your IP address. For example, they know where all your coins come from and where they go, so they can simply ask someone that you have transacted with who you are.

I run a bitcoin node and an electrum server on a Raspberry Pi, along with a Lightning node and other things (read this: https://stadicus.github.io/RaspiBolt/).

[AB de Royse777]

Plenty of information can be known about you without knowing your IP address. For example, they know where all your coins come from and where they go, so they can simply ask someone that you have transacted with who you are.

Yeah, I know that part but using the TOR is at-least the first step of keeping the location anonymous. It matters for me.

I run a bitcoin node and an electrum server on a Raspberry Pi, along with a Lightning node and other things (read this: https://stadicus.github.io/RaspiBolt/).

Thanks for this.

[Lucius]

Yeah, I know that part but using the TOR is at-least the first step of keeping the location anonymous. It matters for me.

You probably know that, but it should be emphasized that anonymity will not come only from the fact that someone starts using TOR or VPN at some point, and before that he used that same crypto wallet with his public IP address. If someone wants to be anonymous than the best solution is to run your own server, and have all the coins anonymized in some way - or to create a brand-new wallet that connects to Electrum servers exclusively via TOR, and to break the connection with all previous transactions/coins by using a mixer.

Of course, the whole thing loses its meaning if you make a transaction out of such a wallet that can identify you, exactly what has already been written by odolvlobo.


As for the Electrum server in particular, anyone can make them, so we can assume that a certain percentage of those that exist certainly have some bad intentions - we saw this in the case of exploiting a vulnerability that allowed attackers to send phishing messages through legitimate wallets.

[DaveF]

...
I run a bitcoin node and an electrum server on a Raspberry Pi, along with a Lightning node and other things (read this: https://stadicus.github.io/RaspiBolt/).
...

On that same note I use mynodebtc.com as one of my electrum servers / lightning nodes.

They have an image that works as a virtual machine using virtual box. IF you have enough spare drive space and ram on your day to day PC you can set it up and not have to worry about other hardware.

For the setting up of the electrum side of it they are both more or less turn option on and wait for it to do it's thing....

-Dave

[dkbit98]

How can they monitor the data? I mean how this works exactly?
If the data are confidential, which I think will be confidential, I will set up my personal server maybe.

You can't monitor this data on your side and if you are not using full Bitcoin node you will leak all your IP addresses and transactions for sure.
One thing we can do is using Electrum with Tor and checking active .onion servers (currently not working) but proper configuration is not that simple if you don't know exactly what you are doing.

I run a bitcoin node and an electrum server on a Raspberry Pi, along with a Lightning node and other things (read this: https://stadicus.github.io/RaspiBolt/).

I wrote about costs of running full Bitcoin node in one topic and I would like to hear what is your experience and costs with using Raspberry Pi.
More people should run full node if they really want to have benefit of more privacy, and I don't think it's hard or expensive at all for average guy.

[DaveF]

I wrote about costs of running full Bitcoin node in one topic and I would like to hear what is your experience and costs with using Raspberry Pi.
More people should run full node if they really want to have benefit of more privacy, and I don't think it's hard or expensive at all for average guy.

Kind of moving a bit OT from the OP but I have run both "node in a box" implementations that were discussed above.
RPi4 / Samsung SSD. I went with the higher expense of the SSD because it does have a lower power draw then a spinning drive and since the RPi and drives are not secured on the desk / in a case kind of thing I figured no moving parts is better. Between the RPi and the drive and SD card I was out around $200.

Installed the image and followed the steps and waited. Between the blockchain download the Lightning download and the setup (auto) of electrum server it was under a week. Started Monday AM when I came into the office was done before the weekend.

-Dave

[hugeblack]

Electrum can do the following:

 - Know your IP address and record it (using nginx.)
 - Social attack using Bitcoin addresses: If you use your Bitcoin address in the forum or anywhere that Google registers, they may be able to know your identity.
 - If you are connecting from one server, it might do some things like: block your access to the mempool.
 - Some old version of Electrum can show you a message to download any unknown software.


About Tor, it may be a good option, but errors may occur and you may forget to run it.

All of the problems above are privacy related, so if you do not know what to do, it is best not to use Bitcoin to hide your identity.

[ps1234]

What about using Electrum Personal Server?

If you buy BTC from an exchange, not only do they know the address to which the bitcoin have been sent, but they also know where you live or work. You will have supplied this as part of the KYC information that exchanges require when you sign up.

That, to me, is a very worrying weak point which could be exploited by criminals; eg they could coerce an exchange employee to reveal the data, or, indeed, an exchange employee could be part of a criminal organisation.

I'm not sure how one can protect oneself here. But as the value of BTC continues to increase, targeting and threatening or kidnapping owners becomes more lucrative.

[ps1234]

Electrum Personal Server is fairly easy to set up.

I'm no techie, but the guide for EPS is comprehensive and accurate; I had no problems getting it to work.

I had a look at HodlHodl and bisq. While they're great in theory, in practice the costs of BTC on offer are around 4% more than centralized exchange prices. Quantities on offer are low, 0.1 BTC or less.

[malevolent]

I had a look at HodlHodl and bisq. While they're great in theory, in practice the costs of BTC on offer are around 4% more than centralized exchange prices. Quantities on offer are low, 0.1 BTC or less.

You can create your own offers and wait for others to buy into them getting better rates than at an exchange but it's definitely for patient people.

[Dabs]

That, to me, is a very worrying weak point which could be exploited by criminals; eg they could coerce an exchange employee to reveal the data, or, indeed, an exchange employee could be part of a criminal organisation.

Exchanges are criminal. Depends on your point of view. ... so anyone who works for any centralized exchange would be exceptional if they were not criminal..

Joking aside, the bigger exchanges tend to do background checks on their hires.