Pages:
Author

Topic: Are blockchain explorer threat to the privacy ? - page 2. (Read 810 times)

hero member
Activity: 560
Merit: 1060
I would still like Sparrow to have this option, but I have since discovered you can indeed sweep an individual private key in Sparrow - you just can't import it.

Just an update. I asked on their telegram and they don't plan to implement this feature. They only develop features for HD wallets.
hero member
Activity: 862
Merit: 662
Same might be possible for importing private keys into Sparrow, as the documentation of Bitcoin Core's descriptors says that anywhere where a public key is valid a WIF private key is also valid and same for xpubs can be replaced by xprvs if necessary or desired.

Importing a individual private key is not possible, it only offer the option to sweep it.

For an HD key  are you refering to BIP 32 xpriv ?



In that case is possible to import it.

In case of of xpubs, and you can specify the script type and the Derivation path




Another question is if Sparrow needs to be connected to a bitcoind instance instead of an Electrum server which probably most users prefer?

It can use both ot them


hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
...

I haven't tried it yet with Sparrow, but I read from Sparrow's feature page that it should understand output descriptors for a wallet. As far as I understand those descriptors it should be possible to construct a watch-only wallet of individual addresses that aren't linked with each other by some determinism.
Question is: does Sparrow allow multiple output descriptors for one wallet and does it understand (or pass verbatim to bitcoind) all the syntax of Core's descriptors?

Same might be possible for importing private keys into Sparrow, as the documentation of Bitcoin Core's descriptors says that anywhere where a public key is valid a WIF private key is also valid and same for xpubs can be replaced by xprvs if necessary or desired.

Another question is if Sparrow needs to be connected to a bitcoind instance instead of an Electrum server which probably most users prefer?

It can take a while, but I'll have to dig deeper into this. Don't hold your breath...
legendary
Activity: 2268
Merit: 18711
As a sidenote, I think but may be wrong, that Sparrow doesn't allow the user to watch-only specific addresses but only xpubs.
Correct. I think we discussed this in another thread a while back:

The reason I've seen given on their GitHub for this is to discourage address reuse. I can appreciate that, but conversely I occasionally have the need to import a single private key and I won't reuse the address, such as sweeping paper wallets. It would be nice to have this feature even if it was hidden behind "Advanced Options" or similar.

I do still require to import a single address or single private key from time to time, and so I use Electrum for that. I would still like Sparrow to have this option, but I have since discovered you can indeed sweep an individual private key in Sparrow - you just can't import it. Sentinel is another option for watch-only addresses, as you say.

Finally, as you said, the easiest way to be private would be to run bitcoin core and then connect sparrow to bitcoin core. This doesn't even require an electrum server.
If you were running this set up and still needed to use watch-only addresses, then you could of course import the addresses directly in to Bitcoin Core, since you can't do it on Sparrow.
hero member
Activity: 560
Merit: 1060
If you want privacy, run your own node. From there, you can either run your own blockchain explorer service, you can run your own Electrum server, or you can even just use a wallet such as Sparrow which links directly to your node with no further software required. If you aren't running your own node, you are relying on a third party, and that third party can compromise your privacy.

This is the only way to maintain high privacy. I totally agree.

As a sidenote, I think but may be wrong, that Sparrow doesn't allow the user to watch-only specific addresses but only xpubs. That's why I suggested Sentinel. Electrum also allows that if I am correct. Feel free to correct me if I am wrong. Because in fact I want to also keep track of some addresses. So I am particularly interested to know whether I can do it with Sparrow which is my no.1 wallet software. For now, I run dojo server and I have connected Sentinel to it.

Finally, as you said, the easiest way to be private would be to run bitcoin core and then connect sparrow to bitcoin core. This doesn't even require an electrum server.
legendary
Activity: 2268
Merit: 18711
Lots of bad advice in this thread.

If you do anything at all on a computer you do not own, you should assume you have zero privacy and security at all times. You have absolutely no idea if that machine is infected with malware, has a keylogger, or whatnot.

If you look up an address on a block explorer, that address is linked to your IP, alongside everything else linked to your IP which is more than enough to personally identify you.

If you look up an address via a VPN, then that address is linked to your VPN's IP address yes, but also to your browser fingerprint. Your browser fingerprint is almost certainly unique enough to identify you unless you have taken a range of very specific and technical steps to make it less so.

If you look up an address via vanilla Tor, then that address is linked to your Tor exit node's IP address, and the browser fingerprint is non-unique. This is probably fine, but also depends what else you do with that same Tor identity.

As soon as you start looking up multiple addresses, then in addition to the caveats above, these addresses are all linked together.

Using a watch only wallet such as Electrum or Blue wallet, not via your own node, is worse (not better!) than using a blockchain explorer. Not only is it far easier for blockchain analysis companies to run servers for these wallets rather than a blockchain explorer service (and we know many do run such servers), but your wallet will query all your addresses (even unused ones) which reveals all your addresses simultaneously and provides a more certain link between all these addresses (as well as your IP address as above).

If you want privacy, run your own node. From there, you can either run your own blockchain explorer service, you can run your own Electrum server, or you can even just use a wallet such as Sparrow which links directly to your node with no further software required. If you aren't running your own node, you are relying on a third party, and that third party can compromise your privacy.
legendary
Activity: 3472
Merit: 10611
How about using a Mullvad browser  (https://mullvad.net/en/browser) instead of TOR ? You will get the same features but then it is not the TOR.
Correct me if I'm wrong but that sounds like a more centralized version of Tor project as it relies on the Mullvad company which is commercial VPN service. What's worse is that Mullvad is based on Sweden which is the addition to the Five Eye "spy network" that are out to invade your privacy.
https://www.privacytools.io/guides/how-is-the-five-eyes-intelligence-alliance-related-to-your-privacy
hero member
Activity: 560
Merit: 1060
If you want to check the balance of 50 addresses privately, then just create a watch-only wallet in Electrum and import them there. Connect to your own node obviously, it will take a minute or two to synchronize.

I am surprised nobody suggested this before. Just run your own node and your mempool service upon your node (as I said before). Otherwise do what BlackHatCoiner said above. To add to his suggestion, you can also install Sentinel on your phone and connect it to a dojo node. It's slightly more complicated but it's a super clean way to monitor addresses and xpubs. Sentinel is a watch-only wallet made by the same team that develops samourai wallet.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
tor brings about other issues i.e. why is that guy using TOR
To gain privacy. Next question.

Privacy is something different from bitcoin security. I see that some people recommend using Tor, but Tor does not provide a new IP address for every time you open your browser
Actually, changing the exit node is a matter of two clicks. You just click on the "New Tor circuit for this site", right next to reload of the current page.

You are also forgetting that people use the web interface (not the API) to check their addresses and checking 50+ addresses manually is a very hard and time consuming process!

Besides, why go through this much trouble when there are easier ways...
If you want to check the balance of 50 addresses privately, then just create a watch-only wallet in Electrum and import them there. Connect to your own node obviously, it will take a minute or two to synchronize.
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
tor brings about other issues i.e. why is that guy using TOR

lets try to track him.

How about using a Mullvad browser  (https://mullvad.net/en/browser) instead of TOR ? You will get the same features but then it is not the TOR.

Wow these so called "Block Chain Analysis" companies has so much time to watch my IP addresses, link my bitcoins to my IP and then what ?
Even though i do not have much bitcoins, but even i have, they can't get my bitcoins.

Also all the top wallets are publically avaiable as to which address contain how much bitcoins. Sometimes if i also search other addresses, not belonging to me. Also, there will be people who would be using VPN to check the addresses on blockchian explorers. I think that this data wil be a big mess rather than anything useful for analysis.

Nothing is being done manually, so it won't be hassle for the blockchain analysis companies. They have the built in specialized software's / programs to keep processing as much data they get and for sure, when asked by the authorities, they will filter out the big wallets and their associated IP addresses.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
but the coins can be made private if you want.

True that. But from that point on people knows that you own that amount of Bitcoin - in a way or another - and also may be able to track it back to its source(s).
And while you're right, the money can be hidden again, that information can already be a problem for some.

Of course, this doesn't make you wrong, just it's still not 100% the same as they never knew about your stash.




To OP:
While they cannot hack the coins, they can gather information about who has what and what is the trace of that money.
However, if I'd be your friend I would let you check. The more random checks from my IP, the more confused the block explorers may become, so why not? I myself I've checked on block explorers way more of others' transactions than mine.

And to the question of the topic:
Some blockchain explorers are/were even known to be honeypots. Some store information, some maybe not so much. Some people check their transactions, some check others', or others' too. So block explorers cannot have great overall info about everybody using their services. Plus, some users care more than they should, some much less than their should. I think the people should learn to be more careful about their privacy; then (yeah, if ever) block explorers will be just fine. Until then, yes, they are somewhat a threat to privacy. But not much more than the users themselves are a threat to their own privacy.
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
The question is what privacy?

The privacy that someone who has crypto funds has access to a certain PC (or a PC on a certain network)?
Well, not really all they know is someone had access to that machine. Could be someone at that house for a party, could be a friend who was waiting for the other friend to finish something before they went to go grab a beer, etc.

Since that PC / or network already had someone on it who used crypto it's not like there were not signs for crypto use coming from there anyway.

I guess a better question would be why would you use a block explorer for addresses you own / control?
Every wallet will show you your balance and if not why would you really want to bother typing in an 25 character BTC address in someone else's PC?

And truth be told, it's your money its none of your relatives business how you check and deal with it.
Worrying about who knows what past a certain point is well pointless.

Also keep in mind a while ago your privacy it's like your virginity, once you loose it you are not getting it back.
If you (or anyone) has been doing things that made a lot of your information public it's not going to disappear because you change want your are doing and how you are doing it.

-Dave

Born again virginity is not possible?

But making a btc amount private again can be done.

Note the coin yes to a large degree but not the address.

1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje will never be private.

1956jUdYPFwiBSzt9AECdWj3KE4WV7taiM will never be private.

https://btc1.trezor.io/address/bc1qmu9aky8nfqt7jrcp8pmzav5aurc5tj29w3y3d5



will never be private


but the coins can be made private if you want.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The question is what privacy?

The privacy that someone who has crypto funds has access to a certain PC (or a PC on a certain network)?
Well, not really all they know is someone had access to that machine. Could be someone at that house for a party, could be a friend who was waiting for the other friend to finish something before they went to go grab a beer, etc.

Since that PC / or network already had someone on it who used crypto it's not like there were not signs for crypto use coming from there anyway.

I guess a better question would be why would you use a block explorer for addresses you own / control?
Every wallet will show you your balance and if not why would you really want to bother typing in an 25 character BTC address in someone else's PC?

And truth be told, it's your money its none of your relatives business how you check and deal with it.
Worrying about who knows what past a certain point is well pointless.

Also keep in mind a while ago your privacy it's like your virginity, once you loose it you are not getting it back.
If you (or anyone) has been doing things that made a lot of your information public it's not going to disappear because you change want your are doing and how you are doing it.

-Dave
legendary
Activity: 2380
Merit: 5213
You can import the public address in a wallet software like Electrum wallet, on your smart phone. It will be a watch only wallet with it you can not spend your bitcoin but can check balance and transaction history. It's safe.
If you check your balance on electrum instead of using a block explorer, the only difference would be that you get the information (your balance and your transactions history) from one of electrum's servers instead of a block explorer.
If you don't select a server manually and let electrum select a server automatically, checking the balance using electrum can be even worse than using a block explorer. Because you may connect to a new node every time you open electrum.
full member
Activity: 728
Merit: 151
Defend Bitcoin and its PoW: bitcoincleanup.com
I suggest not checking your balance outside of your home, even though they don't know who you are at the moment since you check your balance in the Explorer, they might check it again and if they find out that you have lots of money in your wallet, this could be a threat to you and you family, have you read the news a few years ago a person sell bitcoin to the unknown person who maybe he meet online, and those people barge into his home, and takes his bitcoin, same happens in my country since he is posting and teaching about bitcoin, they knew he has money on the wallet, thank god he survives from stab wounds, he is just saving you from death or from bad people.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
I rarely use block explorers because I am paranoid about how much information they might be collecting about me. If I need to check my balance I can just open up my wallet. I don't rely on just a single block explorer when I need to look up detailed information. I always change up which explorer, browser, and IP address I use so it is difficult for any single party to have enough reliable information to fingerprint me.
sr. member
Activity: 966
Merit: 306
I mostly use the blockchain explorers like https://www.blockchain.com/explorer or https://blockchair.com/ to view my wallet transactions confirmations or sometimes to even check the balance etc.

Recently i was away from home and was check my balance on one of these explorer at my relative home. He is also involved in cryptocurrencies so he knew what i was doing. He told me not to checl my balance through these sites as these are public sites and it can be a threat to your privacy.
Why you need to check it on computer of your relative?

That home has Internet connection and I think you have smart phone too. Nowadays, we mostly have smart phones for using. You can do it all by yourself and only need Internet connection, directly from your sim or your relative home.

You can import the public address in a wallet software like Electrum wallet, on your smart phone. It will be a watch only wallet with it you can not spend your bitcoin but can check balance and transaction history. It's safe.

Creating a watch-only wallet
Quote
A watch-only wallet is a wallet without any secrets in it that could be used to spend bitcoin. That means it does not have the seed or any private keys. A watch-only wallet is useful in situations where you want to be able to view transactions and balances on an online computer without risking your bitcoins. A watch-only wallet is often used to keep track of transactions on a cold storage electrum wallet.
legendary
Activity: 3472
Merit: 10611
@pooya87
it is easy to simply make a check list of 50 addresses
click and look at them and only own one address.
thus no one knows if any of them are yours.
It is slightly more complicated than that since you'll have to store all those addresses and also update/expand your list of 50 addresses each time you want to add a new address of your own. For example add 10 random addresses for each address of your own.
You are also forgetting that people use the web interface (not the API) to check their addresses and checking 50+ addresses manually is a very hard and time consuming process!

Besides, why go through this much trouble when there are easier ways...
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
~snip
Discussions on this topic have been going on for a long time and I would rather, as a precaution, try to avoid such blockchain explorer sites as much as possible.


It's a lot more of a privacy issue. If you frequently search a wallet address on a block explorer, they could make the assumption that the wallet is yours knowing that your searches are pretty much tied to your IP address(hence potentially your personal information with the help of your local ISP). There's a reason why you see some people recommend using Tor when using block explorers.
I like this version of why shouldn't use blockchain explorers.

Nowadays, when almost every site collects data about us, especially those related to cryptocurrencies, I am inclined to assume that blockchain explorers do something similar and they will not necessarily use this information to harm users. Those who gain access to this data can be dangerous, for example, by hacking or stealing data from sites like blockchain.com. Therefore, I think that you should always take precautions when dealing with cryptocurrencies, leaving less traces of yourself that may remain on the blockchain explorers.
hero member
Activity: 714
Merit: 1298
He told me not to checl my balance through these sites as these are public sites and it can be a threat to your privacy.



He is absolutely right.

Sometimes I also use public explorers    pursuing exactly the same aims as yours, but to preserve my privacy I blend the info of my interest into the dynamic  bunch of the relevant stuff that doesn't belong to me. Say if I look for balance on my address  I do  that simultaneously for a few dozens of non-owned addresses , sure making request  via VPN.
Pages:
Jump to: