why should i stay away from Electrum i want any privacy?

[joe1234]

Hello forum

in one of my former posts, a user metioned that "I should stay away form Electrum if i want any privacy"


What's the reason about this statement? And is there really an open source alternative?


Thank's a lot!

Joe


https://bitcointalk.org/index.php?topic=5359941.msg57935920#msg57935920

->It will work. Or else, you can also use both within the same instance, and changing
->your Tor circuit everytime you change your wallet. I would advice you to stay away
->from Electrum if you want any privacy though.

[BitMaxz]

What do you mean to stay away from electrum for privacy?

Does it seem that you didn't understand what they mean from your old thread?

If you use multiple addresses with balances on Electrum and make a transaction to transfer all of them on a single transaction all of your addresses will show up to any blockchain explorer.
So your privacy will be compromised if you do that.

If you want privacy use only a single address to any transaction or use coin control that is why they recommended coin control if you already receive multiple transactions to a few of your addresses you can choose one address to make a transaction and don't include other balance from other addresses that you own from Electrum which increase your privacy.

It's not like you are submitting any documents it's just for the address and transaction that will be recorded on the block explorer.


Sample these transactions:

- https://blockchair.com/bitcoin/transaction/9dacd14278d01d1ad8001b9bc0524f24405f84022ad161ff77f8a35f272393f5

and this
- https://blockchair.com/bitcoin/transaction/aebf10985a39ace89e4ae6b01365f1d67ca8cc0146677f079c84691aa4b4b26d

As you can see on the first one the sender has many addresses and sent all of the BTC to the recipient.
And the 2nd one only has one address and is sent to the recipient

So if you don't want to show all addresses that you use from Electrum you need to control which coin or UTXO that you want to send just like what I said above. Because they can monitor those funds until it sent to another address.

[hosseinimr93]

If you want privacy use only a single address to any transaction or use coin control..............................

As long as you use a SPV wallet like electrum and you don't run your own full node, using a new address for any transaction and coin control don't guarantee your privacy (or your anonymity).

Let's say I create an HD wallet in electrum. I always use new addresses and I never spend multiple UTXOs in a single transaction. This doesn't mean my privacy is protected.
The server I connect to knows that all addresses belongs to a same person. The server can also know my IP address and my region.

[BlackHatCoiner]

in one of my former posts, a user metioned that "I should stay away form Electrum if i want any privacy"

Could you link us to this post? I can't understand much from just three sentences. This user may had a reason to state this, although none I can think of.

What's the reason about this statement? And is there really an open source alternative?

There is an open-source alternative called Wasabi that focuses on improving your privacy, but Electrum isn't bad in it. Quite the opposite; it's a non-custodial wallet (meaning you're the owner of the keys) which also has coin-control feature. Seems fine to me.

[NotATether]

The general reason is not in the client itself, but the servers it connects to can log things like your IP address and bitcoin addresses.

Not things that would compromise your private keys, but these two pieces of information can be linked together to create a profile of a person.

[Charles-Tim]

The general reason is not in the client itself, but the servers it connects to can log things like your IP address and bitcoin addresses.

You are right, while not everyone can run their own node as it require over 400 gigabyte to download the full blockchain while not encouraging to run full node on a pruned wallet that still require up to 5 gigabyte space for download. Most bitcoin wallet users rely on central servers which can truly linked wallet addresses and also can connect to IP addresses.

Not things that would compromise your private keys, but these two pieces of information can be linked together to create a profile of a person.

How about having different SPV wallets like Electrum (like 2 or more Electrum wallet), using TOR to access it, making use of single or few addresses on each wallet. With this, there is still privacy, but truly nothing better than running full node for best privacy.

[BlackHatCoiner]

while not encouraging to run full node on a pruned wallet that still require up to 5 gigabyte space for download.

It's not the 5GBs that discourages me from doing it. It's the time it'll take. For my RPi it took 3 weeks, but that was excessive. Normally it takes a whole week to complete. Try convincing someone to purchase the required stuff, cause they can't leave their pc 24/7 on, and to wait for a week to finish syncing. They'll just prefer the easy and quick solution.

Not to mention that you must choose a specific wallet (maybe several mpks) and you'll have to use only that one. You can't decide to create another one once it finishes, because it'll require to re-download and re-index the chain. That's a downside of pruning.

How about having different SPV wallets like Electrum (like 2 or more Electrum wallet), using TOR to access it, making use of single or few addresses on each wallet.

You should also use a different onion server for each wallet. Too much hustle.

[o_e_l_e_o]

There is an open-source alternative called Wasabi that focuses on improving your privacy, but Electrum isn't bad in it. Quite the opposite; it's a non-custodial wallet (meaning you're the owner of the keys) which also has coin-control feature. Seems fine to me.

Security != privacy != features. Electrum (when used properly) is a good wallet for security, since as you say you are the only owner of the private keys, and it provides a lot of more advanced functions such as coin control, RBF, and Lightning. None of that necessarily means it is good for privacy, though.

How about having different SPV wallets like Electrum (like 2 or more Electrum wallet), using TOR to access it, making use of single or few addresses on each wallet.

It's much better than just using a single Electrum wallet without Tor, but you need to use at least a different Tor circuit for each wallet you open, and ideally a different Electrum server too. If the same server sees the same IP (even if it's a Tor exit node IP and not your own IP) query two different wallets minutes apart, then there's a good chance they are linked. If you repeat this behavior multiple times over a period of months or years, then it is certain they are linked.

[BlackHatCoiner]

None of that necessarily means it is good for privacy, though.

This is why I mentioned that you own the keys. Because, it provides both security and privacy. If a third party was required to sign the transaction, you'd unavoidably have no privacy.

Security != privacy != features.

What is this supposed to mean? That features aren't related with privacy or security?

[o_e_l_e_o]

This is why I mentioned that you own the keys. Because, it provides both security and privacy. If a third party was required to sign the transaction, you'd unavoidably have no privacy.

This is true, of course, but just owning the keys does not mean you have privacy, especially if I am querying all my addresses and broadcasting all my transactions through a third party from my own IP address.

What is this supposed to mean? That features aren't related with privacy or security?

!= is used in a number of programming languages to mean "not equal". I am saying that privacy, security, and features are all different aspects of a wallet and are not intrinsically linked. Just because a wallet has good security and good features, does not mean it automatically has good privacy.

[BlackHatCoiner]

!= is used in a number of programming languages to mean "not equal".

Comparative operators are also used between variables/constants only when they're of the same type. My point is that while security and privacy could be considered of the same type (they both are states or forms of freedom), putting features in the same mold doesn't hold water.

You're the one who'll judge if a feature secures your funds or keeps you private.

This is true, of course, but just owning the keys does not mean you have privacy

Everything's a matter of proper usage, yes. The significant part is that you now can. Before this, the third party knew everything and you couldn't do anything about it.

[HCP]

IMO, the important takeaway of all of this... is that as long as the user is aware of the potential "flaws" of a given system, then they can make an informed choice as to whether or not they wish to continue using it.

Some users really don't give two shits about their privacy... they'll happily use exchanges/web wallets etc. because "it's easy" or "it just works" or "it doesn't require downloading anything"... and that's completely "OK"... as long as they're aware of it and are consciously making that choice.

The issues come when people look at Electrum and TOR and coin control etc and think "wow, Electrum is really great for privacy as well as security"... when they are busy leaking information all over the place connecting to random servers etc.

Can Electrum be used in a way that helps maintain privacy? Yes... it can. Does it do this "out of the box"? No... it does not.

[pooya87]

Nothing is free in this world, you are always sacrificing something to gain something else. Take bitcoin itself for example, when you choose bitcoin (the decentralized money) over fiat (centralized money) you are sacrificing the access to every shop that accepts fiat in comparison to a handful that accept bitcoin to gain financial sovereignty.
It is the same with using an SPV wallet. If you want to have a stand alone wallet that you have full control and offers a very good security and can sync up real fast (~50 MB vs ~400 GB) then you have to sacrifice a little bit of privacy and be open to some specific but rare attack vectors.
In the end you can't have everything at the same time. Of course there are always methods to improve the lost privacy but it will never be as well as running a full node.