Author

Topic: Can wallet providers see what's in my non custodial wallet? (Read 276 times)

legendary
Activity: 3472
Merit: 10611
SPV wallet use central server to sychronize with the blockchain,
It is not exactly a "central server" though. There is no single point of failure since there are many full nodes that the SPV clients can connect to and anybody can run a "specialized" full node that can respond to SPV client requests.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Hardware wallets - nope cause you sign transactions offline.
Because a transaction is signed on a hardware wallet, this does not mean the transaction is not broadcasted on a wallet software that is SPV which still depends on central server to sychronize with the blockchain, if the developer is running central server and your wallet is making use of it to sychronize with blockchain, SPV wallet use central server to sychronize with the blockchain, be it online or hardware wallet, central server will still be able to link your addresses and your IP addresses. What that guarantees that you are having the privacy is to run your own full node using Tor.
hero member
Activity: 2520
Merit: 952
Hardware wallets - nope cause you sign transactions offline.

Edit: nvm
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
While using Electrum with Tor improve your privacy, the server could know that set of your Bitcoin addresses belong to same person.
Ok, so this is a bit of a eye opener for me.. because I thought that ToR + Electrum was a safe method to protect your pseudo anonymity. So if one of the addresses you used are linked to any service you used that had KYC ...you are basically dox'ed.  Roll Eyes

Only if the server is run by government agency or blockchain analysis service. But i would treat all address as exposed.

So the central point of failure are the "servers" that you connect to .... and not the client you use.  Roll Eyes  Interesting. Can you run your own Electrum server and only connect to that, when you do transactions... or is that basically just the same as running your own full node? (Do they validate Servers for public domain use?)

Yes, you can run your own Electrum server (ElectrumX is the most popular implementation) and configure Electrum only connect to your server. From privacy side, there should be little difference (such as Electrum check latest Bitcoin price if you enable that feature).
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I agree with the above posts having a full node will help you protect your privacy but you can also use Electrum and setup it up through TOR which also protects your privacy.

While using Electrum with Tor improve your privacy, the server could know that set of your Bitcoin addresses belong to same person.

3. Connecting to regular nodes using bloom filters, etc. to try and sync. This can provide better privacy but also has some flaws.

As reminder, bloom filter (BIP 37) is broken and IIRC most full node doesn't enable bloom filter service. Consider wallet (such as Wasabi Wallet) which use BIP 157/158 instead.

Ok, so this is a bit of a eye opener for me.. because I thought that ToR + Electrum was a safe method to protect your pseudo anonymity. So if one of the addresses you used are linked to any service you used that had KYC ...you are basically dox'ed.  Roll Eyes

So the central point of failure are the "servers" that you connect to .... and not the client you use.  Roll Eyes  Interesting. Can you run your own Electrum server and only connect to that, when you do transactions... or is that basically just the same as running your own full node? (Do they validate Servers for public domain use?)
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I agree with the above posts having a full node will help you protect your privacy but you can also use Electrum and setup it up through TOR which also protects your privacy.
While using Electrum with Tor improve your privacy, the server could know that set of your Bitcoin addresses belong to same person.
Exactly, different addresses can still be connected, this can only help in anonymity, which means even as the different addresses are linked, the central server would still not be able to linked the addresses to the real owner, which means it helps in anonymity. For privacy, bitcoin users are going to the extent that each addresses are not linked to one another which is what privacy actually is. And for privacy in this regard, the best is to run full node, even making use of different SPV wallets using Tor and rerouting can be so inconvenient and still depends on central server.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I agree with the above posts having a full node will help you protect your privacy but you can also use Electrum and setup it up through TOR which also protects your privacy.

While using Electrum with Tor improve your privacy, the server could know that set of your Bitcoin addresses belong to same person.

3. Connecting to regular nodes using bloom filters, etc. to try and sync. This can provide better privacy but also has some flaws.

As reminder, bloom filter (BIP 37) is broken and IIRC most full node doesn't enable bloom filter service. Consider wallet (such as Wasabi Wallet) which use BIP 157/158 instead.
legendary
Activity: 3472
Merit: 10611
You have to realize that not all wallet softwares are the same. There are many of them and there are many differences. For example a closed source wallet like Coinomi is considered "non-custodial" but they are known to send user seeds (not just addresses) to remote servers so they can know all your keys and addresses!

There is also the matter of how they are connecting to the bitcoin network. We have SPV clients and full node wallets. Obviously a full node wallet is not revealing your addresses to anyone. SPV clients on the other hand have different methods of communicating with the network:
1. Most popular is connecting to Electrum nodes that can see all your addresses, depending on what server you connect to your privacy can be at a risk.
2. A single server created and controlled by the wallet developers so there is a single point of failure.
3. Connecting to regular nodes using bloom filters, etc. to try and sync. This can provide better privacy but also has some flaws.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I agree with the above posts having a full node will help you protect your privacy but you can also use Electrum and setup it up through TOR which also protects your privacy.

If you want to set up your Electrum with TOR you can follow this guide https://electrum.readthedocs.io/en/latest/tor.html
Once you set up only connect Electrum to .onion server and make sure only connect to a single server to do that you need to edit the servers.json and remove other servers.


Having this all data you sent to the server are encrypted and safe.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Although none do NOW, at least none that I have seen, there are some hardware wallets that use their own app to do certain things.
In the future there is nothing* that stops them from sending that data back home to see what is going on.

Or doing something like this: https://bitcointalksearch.org/topic/m.59307599
* Nothing except the community screaming their heads off about it.

-Dave
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
If you use a SPV wallet (a wallet in which you don't need to download the full blockchain), the server you connect to has the ability to link your addresses with each other and to your IP address.

If you want more privacy, you must use bitcoin core and run your own full node.
This is true. Even if the developers do not know about the addresses and can not track the coins, the owner of the central server that SPV wallets are connecting to, to sychronize with the blockchain can link the addresses to the same wallet and also linking the IP address. But due to the inconveniences or data needed to run full node, some people can prefer SPV wallets.

But just in case someone is using SPV wallet, it is still possible to make use of several wallets (like having two, three or more Electrum wallet) and Tor connection to mask central server to track you. For example, having just a single address per wallet and having several wallet, making use of Tor while connecting, rerouting the connection while connecting to another wallet. People can make use of SPV wallet this way which will make central server not to be able to link addresses together. But this can be inconvenient and humans are subjected to errors.

Running full node while using Tor is the best way to having privacy, Bitcoin Core is greatly recommended, but you can also run your own Electrum server or making use of full client wallets like Armory.
legendary
Activity: 2380
Merit: 5213
If you use a SPV wallet (a wallet in which you don't need to download the full blockchain), the server you connect to has the ability to link your addresses with each other and to your IP address.

Let's say you have created an HD wallet with numerous addresses in electrum (the best SPV wallet I know). Since electrum is a SPV wallet and you don't have the full blockchain on your device, you have to connect to a server for getting data from the blockchain. The server you connect to can know all the addresses belong to a same person and also link them to your IP address. There is no guarantee that this server won't share this information with others.

If you want more privacy, you must use bitcoin core and run your own full node.
newbie
Activity: 7
Merit: 5
Can non-custodial wallet providers, both soft and hard, see which bitcoin addresses are in my wallets? 
Jump to: