Bitcoin Forum
November 19, 2024, 04:54:37 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Electrum privacy questions  (Read 219 times)
BlackHatCoiner (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 8354


Fiatheist


View Profile WWW
May 08, 2021, 08:22:52 AM
Merited by dkbit98 (1)
 #1

I was wondering if there's a script inside the source code that reveals to the electrum nodes that you're the owner of these addresses. If you are and decide to broadcast a transaction through an electrum node, you surely ruin your privacy, at least to that specific node. But if you don't broadcast anything, can they (or it if you're running with --one-server) see that you're the owner of these addresses or you query the balances same like on a watch-only wallet?

Additional questions:
  • How do you know if a node uses SSL? I guess that if it does, it's better for your privacy since your ISP can't see that you're transferring a signed transaction.
  • Wouldn't it be better if you broadcasted to a Bitcoin node directly? Just like when you run Bitcoin Core. The Bitcoin node can't know for sure if that's your transaction or if you're sharing transaction(s) from your mempool peer-to-peerly.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
AB de Royse777
Legendary
*
Offline Offline

Activity: 2674
Merit: 4159


Campaign Manager. My Telegram @Royse777


View Profile WWW
May 08, 2021, 09:10:04 AM
 #2

But if you don't broadcast anything, can they (or it if you're running with --one-server) see that you're the owner of these addresses or you query the balances same like on a watch-only wallet?
I am interested in this.
Somewhere I read that once you load a wallet the nodes know your addresses or something. Watching the topic.

Server owner who log the request can make assumption the list of the address is owned by same person. But there's definite way to know the truth.
Even when I am not broadcasting a transaction but just loading my wallet in my online device?

 
 BETFURY .....
██████▄██▄███████████▄█▄
█████▄█████▄████▄▄▄█
███████████████████
████▐███████████████████
███████████▀▀▄▄▄▄███████
██▄███████▄▀███▀█▀▀█▄▄▄█
▀██████████▄█████▄▄█████▀██
██████████▄████▀██▄▀▀▀█████▄
█████████████▐█▄▀▄███▀██▄
███████▄▄▄███▌▌█▄▀▀███████▄
▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀
███████▀▀██████▄▄██▄▄▄▄███▀▀
████████████▀▀▀██████████
 
..... Leading iGaming Platform .....
 
UP TO 60%
A P R   B T C
S T A K I N G
 
 8,000+ 
GAMES
 
 HIGH ODDS 
SPORTSBOOK
█▀▀











█▄▄
USE CODE: BTEARN
 
.GET 50 FREE SPINS!.
▀▀█











▄▄█
[
NeuroticFish
Legendary
*
Offline Offline

Activity: 3864
Merit: 6596


Looking for campaign manager? Contact icopress!


View Profile
May 08, 2021, 09:16:18 AM
 #3

I was wondering if there's a script inside the source code that reveals to the electrum nodes that you're the owner of these addresses. If you are and decide to broadcast a transaction through an electrum node, you surely ruin your privacy, at least to that specific node. But if you don't broadcast anything, can they (or it if you're running with --one-server) see that you're the owner of these addresses or you query the balances same like on a watch-only wallet?

Additional questions:
  • How do you know if a node uses SSL? I guess that if it does, it's better for your privacy since your ISP can't see that you're transferring a signed transaction.
  • Wouldn't it be better if you broadcasted to a Bitcoin node directly? Just like when you run Bitcoin Core. The Bitcoin node can't know for sure if that's your transaction or if you're sharing transaction(s) from your mempool peer-to-peerly.

Since Electrum relies on 3rd party servers, you don't know what is in the code ran on the server (remember when they added the links to the phishing Electrum?). It clearly has all it needs to spy on you if the server owner want to.
So most probably the code doesn't have anything for spying, but it can be added. Or the info from logs may also give quite some info.

And yes, best would be to broadcast to your own server on top of your Bitcoin node, although then you may no longer actually need Electrum and just use Bitcoin core.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7590



View Profile WWW
May 08, 2021, 09:18:34 AM
 #4

You can also use Tor and .onion servers with your Electrum wallet to improve your privacy, and I think electrum should think of adding some easy switch option for this just like Wasabi and Trezor Suite have.

True, but it require you to run a Bitcoin node, which download or/and store 350 GB+ blockchain.
I think you can use pruned node that would reduce size multiple times, and everything else would work almost the same like with full node.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BlackHatCoiner (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 8354


Fiatheist


View Profile WWW
May 08, 2021, 09:32:37 AM
 #5

By the port the electrum server use. Port 50002 is used for secure connection, while port 50001 is used for insecure connection.
Is this written on electrum's source code? A port number doesn't prove anything unless there's a script (on your compiled version of electrum) that differentiate connections based on the port number.

True, but it require you to run a Bitcoin node, which download or/and store 350 GB+ blockchain.
Why does it require to run a node? Once you broadcast a transaction to the network from your Bitcoin client, you essentially send only the transaction along with its signature. You don't provide any evidence that you've downloaded the entire chain. I was having a similar discussion with Coding Enthusiast on SharpPusher and he responded that instead of using a block explorer's API, you could broadcast the transaction on Bitcoin nodes. I don't think that he's implemented it, but it is possible:  Denovo feature: broadcast transactions #1.

Since Electrum relies on 3rd party servers, you don't know what is in the code ran on the server (remember when they added the links to the phishing Electrum?). It clearly has all it needs to spy on you if the server owner want to.
I guess they've fixed backdoors of the software since then. Yes, I've read about that incident, much worse than just ruining your privacy.

You can also use Tor and .onion servers with your Electrum wallet to improve your privacy, and I think electrum should think of adding some easy switch option for this just like Wasabi and Trezor Suite have.
Speaking of privacy and Wasabi, can you CoinJoin transactions on electrum? As for tor, I've tried connecting to some nodes, but failed. I guess I'll create a different thread for that.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NeuroticFish
Legendary
*
Offline Offline

Activity: 3864
Merit: 6596


Looking for campaign manager? Contact icopress!


View Profile
May 08, 2021, 09:36:26 AM
 #6

Since Electrum relies on 3rd party servers, you don't know what is in the code ran on the server (remember when they added the links to the phishing Electrum?). It clearly has all it needs to spy on you if the server owner want to.
I guess they've fixed backdoors of the software since then. Yes, I've read about that incident, much worse than just ruining your privacy.

Yes, they've fixed the part where the server can send anything as alert.
But that's "ancient history" now. My point was that in the same way, any code can run there as long as it meets the requirements to identify itself as Electrum server. And if somebody wants to add privately some "chain analysis" code on top of the official Electrum server code, it can be done and you'll never know.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
AB de Royse777
Legendary
*
Offline Offline

Activity: 2674
Merit: 4159


Campaign Manager. My Telegram @Royse777


View Profile WWW
May 08, 2021, 11:32:00 AM
 #7

You can also use Tor and .onion servers with your Electrum wallet to improve your privacy, and I think electrum should think of adding some easy switch option for this just like Wasabi and Trezor Suite have.
I use TOR connection and find it easy to set up, but the only drawback is that I need to run TOR browser all the time when my Electrum is running. I remember a year ago when I was using Wasabi, I did not require to run the TOR browser to enable tor connection with them.

Yes, it's because Electrum send your addresses to Electrum server to get transaction which related with your addresses.
I don't like it.

 
 BETFURY .....
██████▄██▄███████████▄█▄
█████▄█████▄████▄▄▄█
███████████████████
████▐███████████████████
███████████▀▀▄▄▄▄███████
██▄███████▄▀███▀█▀▀█▄▄▄█
▀██████████▄█████▄▄█████▀██
██████████▄████▀██▄▀▀▀█████▄
█████████████▐█▄▀▄███▀██▄
███████▄▄▄███▌▌█▄▀▀███████▄
▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀
███████▀▀██████▄▄██▄▄▄▄███▀▀
████████████▀▀▀██████████
 
..... Leading iGaming Platform .....
 
UP TO 60%
A P R   B T C
S T A K I N G
 
 8,000+ 
GAMES
 
 HIGH ODDS 
SPORTSBOOK
█▀▀











█▄▄
USE CODE: BTEARN
 
.GET 50 FREE SPINS!.
▀▀█











▄▄█
[
ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
May 08, 2021, 12:48:59 PM
 #8

You can also use Tor and .onion servers with your Electrum wallet to improve your privacy, and I think electrum should think of adding some easy switch option for this just like Wasabi and Trezor Suite have.
If you want to have any privacy, Electrum is not the wallet to use. The nature of Electrum will leak privacy and Tor only obfuscates the IPs but will still result in the addresses still being linked to each other. The Tor feature would probably be better to circumvent any internet restrictions instead of privacy.

Speaking of privacy and Wasabi, can you CoinJoin transactions on electrum? As for tor, I've tried connecting to some nodes, but failed. I guess I'll create a different thread for that.
You need a coordinator, which is what Wasabi has.

If you want privacy or anything like it, don't use Electrum. There is nothing that preserves or attempts to preserve your privacy to any significant extent included in Electrum.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DireWolfM14
Copper Member
Legendary
*
Offline Offline

Activity: 2352
Merit: 4628


Join the world-leading crypto sportsbook NOW!


View Profile WWW
May 08, 2021, 03:29:16 PM
 #9

I use TOR connection and find it easy to set up, but the only drawback is that I need to run TOR browser all the time when my Electrum is running. I remember a year ago when I was using Wasabi, I did not require to run the TOR browser to enable tor connection with them.

You can setup Windows to start Tor as a background service at login.: Start Menu > Windows Administrative Tools > Task Scheduler

Create a task with your preferences, on the "Action" tab set it to run a program; C:\Path\To\Tor\Browser\Browser\TorBrowser\Tor\tor.exe


If you want privacy or anything like it, don't use Electrum. There is nothing that preserves or attempts to preserve your privacy to any significant extent included in Electrum.

Unfortunately this is true.  The only way around this at the moment is to run your own server.  

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
DireWolfM14
Copper Member
Legendary
*
Offline Offline

Activity: 2352
Merit: 4628


Join the world-leading crypto sportsbook NOW!


View Profile WWW
May 09, 2021, 06:14:59 PM
 #10

For reference, there's more proper way to add Tor service on Windows.
~

There's nothing improper about using Task Scheduler.  For many a GUI interface is user-friendly and unintimidating, and the service can be managed just as easily.

Nonetheless, I do prefer to install Tor service similar to the description given in the link you provided.  Here're the official instructions from Tor Project's documentation about installing Tor as a "NT service:"
https://2019.www.torproject.org/docs/faq#NTService

And here's the official list of command line arguments:
https://2019.www.torproject.org/docs/tor-manual-dev.html.en

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
DireWolfM14
Copper Member
Legendary
*
Offline Offline

Activity: 2352
Merit: 4628


Join the world-leading crypto sportsbook NOW!


View Profile WWW
May 10, 2021, 07:29:01 PM
 #11

If Task Scheduler allow argument, using Task Scheduler is fine for most user.

Yes, command line arguments and options can be included in the "Actions" tab of the scheduled task, in the same line as the program path, just like you would enter it in PowerShell.  If you have a specific location for a custom torrc file you want to use for the service, you can include the appropriate argument and the custom path as well.  Tor.exe will look for the torrc file in the default location within the included subdirectory tree, so you can add configuration arguments there as well. 

I don't recall if the service will be visible in the "Processes" tab or the "Services" tab of Task Manager, but it can be found and managed in one (or maybe both) of those tabs.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!