Author

Topic: Chainalysis runs Electrum nodes. (Read 604 times)

legendary
Activity: 2268
Merit: 18771
September 28, 2021, 04:25:04 AM
#45
For example if you look through the Electrum server names you can already see some familiar names that people trust Wink
I'd be very wary of trusting Electrum servers which are being run by internet or bitcoin "celebrities", not because I think they are inherently untrustworthy by any means, but because I would not be surprised in the least if blockchain analysis companies had offered them reasonable sums of money to share their data. Trusting servers from individuals you know is a different matter. Like DaveF for example - I've traded with Dave in the past and would happily trade with him again without escrow without the slightest worry about anything going wrong. I would definitely trust his server more than a random server Electrum selects for me or a server belonging to famous individual (but I'm still not going to stop using Tor).

They've mounted several legal challenges against a few requests, IIRC.
If you take a look at their Transparency Report I linked above, they contested and did not comply with 750 court orders just in 2020, so their legal team has certainly been busy. The more concerning thing from that Transparency Report is the exponential increase in court orders they have been receiving over the past 3-4 years.

For all intents and purposes it seems that their service operates exactly in the way they say it operates, and only logs and discloses exactly what they say they will log and disclose in only the circumstances they say. But any big company will have to comply with some court orders or they will simply cease to exist sooner or later.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
September 28, 2021, 12:44:48 AM
#44
We have known for years that 3Letter Agencies have been running Exit nodes on Tor to help them to identify wannabe "private" individuals... so why do you think a company like Chainalysis that are being paid millions to "identify" people behind transactions.... will not run their own Electrum nodes/Servers?

Chainalysis helps government agencies, cryptocurrency businesses, and financial institutions to track Blockchain traffic ....so this should not come as a surprise.  Roll Eyes
I wouldn't be surprised if normal operators are unknowingly assisting them with the spying.

If the user in question had used Tor, they would not be in this situation. Interestingly, also a VPN would have been sufficient in this scenario since Swiss law does not permit VPN providers to log IP addresses in the same way it allows email providers to log IP addresses.

So yeah, it's shit for the individual in question, but ProtonMail were only behaving in the way they said they would. But having said all that, I still wouldn't trust a third party provider not to decrypt your information (or at least try to) if they were forced to. Tor and PGP should be a must.
Problem with any service that you're going to use is that there is absolutely no way to ensure that they're not collecting logs. Any VPNs or service that promises "no logging" shouldn't mean that your privacy is guaranteed. The fact that it isn't that difficult to start logging, either with the knowledge of the provider or not is a dealbreaker. Always assume that you are getting logged, unless you can verify that your contents are being encrypted in a way that makes it difficult to do so.

Protonmail specifically stated that they are legally obliged to comply with certain requests, which are nothing out of the ordinary. If anything, I'm supportive of them doing so given that the requests are made on that basis that doesn't infringe on human rights. They've mounted several legal challenges against a few requests, IIRC.
legendary
Activity: 3472
Merit: 10611
September 27, 2021, 11:27:11 PM
#43
Zero, since they can do it themselves.
I'd say it depends on the individual we are talking about.
If it is a random dude on the internet then sure, there is no point in doing what they can already do. But if it is a known person then it is worth a lot. For example if you look through the Electrum server names you can already see some familiar names that people trust Wink
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 27, 2021, 03:49:48 PM
#42
I don't know why but the easy way never appeals to me.  I like learning new stuff, and the DIY spirit is strong within me, lol.  In the late 90's, early 2000's I was working for an old-school tech company that was still using Unix on all their engineering work stations.  They finally switched to Windows around 2001/2002, and I hadn't played with CLI operating systems until I started hanging out here with you nerds.  Pounding out commands on the keyboard took some adjustment, but like I said, I find it fun and enlightening.  There's really no better way to learn about the technology of bitcoin than to dive into it.  And it's quite rewarding when you get things working well.  

I spent most of the day yesterday trying to install mempool.space on an Ubuntu server, and kept running to obstacles.  I'll figure it out eventually, but it can be frustrating.

You and @NeuroticFish [ https://bitcointalksearch.org/topic/electrum-server-on-windows-or-virtualbox-or-even-better-wsl-5362554 ] trying to do things the hard way :-)

My view, so take it as you will. If you have enough spare hardware to do a node in a box on a RPi or similar or if you have enough spare drive space to do a virtualbox version of one of them start with that.

You then can see what works, although in a VERY customized environment.

Then you can try to do your own, and if you get stuck can ask for help AND you can take an actual look at something that works and track backwards from there.
Sometimes you just need to look at a working setup configuration to get see what has to be done.
And since you know what works, you can see what you can do to break it, and and then revert to the old running config that worked.

-Dave
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
September 27, 2021, 03:01:24 PM
#41
The easiest way is to use virtualbox: https://www.virtualbox.org/
And then deploy the virtalbox version of mynode: https://www.mynodebtc.com/download

The upsides: it's easy, you don't have to install or learn anything, and there is a lot of support out there.
The downsides: You have to trust the people involved.
But, you do get a BTC node, a lightning node, an electrum server and a basic block explorer.

Keep in mind you are going to need enough free RAM & disk space on your PC to run it. And you are going to have to keep your machine running 24/7 to get access to it.

-Dave

I don't know why but the easy way never appeals to me.  I like learning new stuff, and the DIY spirit is strong within me, lol.  In the late 90's, early 2000's I was working for an old-school tech company that was still using Unix on all their engineering work stations.  They finally switched to Windows around 2001/2002, and I hadn't played with CLI operating systems until I started hanging out here with you nerds.  Pounding out commands on the keyboard took some adjustment, but like I said, I find it fun and enlightening.  There's really no better way to learn about the technology of bitcoin than to dive into it.  And it's quite rewarding when you get things working well.  

I spent most of the day yesterday trying to install mempool.space on an Ubuntu server, and kept running to obstacles.  I'll figure it out eventually, but it can be frustrating.
legendary
Activity: 2268
Merit: 18771
September 27, 2021, 11:06:25 AM
#40
the fact that proton mail more or less gave up the ID of a user.
I think it's worth expanding on this a little. ProtonMail received a legally binding request from Swiss federal authorities which they were unable to challenge. They had no IP logs to provide, but were forced to start collecting IP logs after receiving the request or shutdown completely and face criminal charges themselves for acting illegally. It has always been spelled out quite clearly in their Transparency Report that they would have to comply with legally binding requests from Swiss law enforcement, which is exactly what happened here. Here is an archived copy of their Transparency Report from way before this incident that says all that: https://archive.is/pCZ03

Quote
Therefore, ProtonMail only complies to two types of orders: (1) orders from the Swiss authorities and (2) foreign requests that have been duly instructed and validated by Swiss authorities through an international legal assistance procedure and determined to be in compliance with Swiss law.

In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities. Under no circumstances will ProtonMail be able to provide the contents of end-to-end encrypted messages sent on ProtonMail.

If the user in question had used Tor, they would not be in this situation. Interestingly, also a VPN would have been sufficient in this scenario since Swiss law does not permit VPN providers to log IP addresses in the same way it allows email providers to log IP addresses.

So yeah, it's shit for the individual in question, but ProtonMail were only behaving in the way they said they would. But having said all that, I still wouldn't trust a third party provider not to decrypt your information (or at least try to) if they were forced to. Tor and PGP should be a must.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 27, 2021, 10:29:53 AM
#39
are being paid millions to "identify" people
Say.... If someone is running several Electrum servers.... what are the odds of (a) government(s) putting them on the payroll for this? Cheesy

Zero, since they can do it themselves.
But, what are the odds that many things we connect to are run by some of the 3 letter government departments. Probably good.



Might be a bit of a tangent here, but keep in mind with all the hacks recently of 'secure' 'private' hosting and seeing how badly things were run (epikfail) the fact that proton mail more or less gave up the ID of a user.
Keep in mind ust because some place claims to be secure and will keep your private stuff private, it does not mean they will or can.

If you trust enough people with private info Chainalysis is the lease of your problems. Because someone else probably already leaked it.

And that is just a depressing Monday thought.

-Dave

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
September 27, 2021, 08:54:13 AM
#38
are being paid millions to "identify" people
Say.... If someone is running several Electrum servers.... what are the odds of (a) government(s) putting them on the payroll for this? Cheesy
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
September 27, 2021, 08:39:25 AM
#37
We have known for years that 3Letter Agencies have been running Exit nodes on Tor to help them to identify wannabe "private" individuals... so why do you think a company like Chainalysis that are being paid millions to "identify" people behind transactions.... will not run their own Electrum nodes/Servers?

Chainalysis helps government agencies, cryptocurrency businesses, and financial institutions to track Blockchain traffic ....so this should not come as a surprise.  Roll Eyes
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
September 26, 2021, 11:29:15 AM
#36
Since this indeed went off topic (sorry!) and it may get longer, I've moved the things to a new topic: https://bitcointalksearch.org/topic/electrum-server-on-windows-or-virtualbox-or-even-better-wsl-5362554
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 26, 2021, 08:22:54 AM
#35
The easiest way is to use virtualbox: https://www.virtualbox.org/
And then deploy the virtalbox version of mynode: https://www.mynodebtc.com/download
~
Keep in mind you are going to need enough free RAM & disk space on your PC to run it. And you are going to have to keep your machine running 24/7 to get access to it.

I've tried that too yesterday, and didn't work out because the disk for the blockchain is connected though USB and VBox/myNode didn't like that.

In VBox my last attempt was with a proper Debian. I managed to get Bitcoin Core run and use that USB drive for the data, but I completely failed in making it start with the system. I suck at Linux and I know it  Grin

And on Windows, bitcoind is fine, but the Electrum Personal Server just doesn't do anything. Whatever I do it just tells "press any key to continue" and Electrum doesn't see it.

Getting a bit OT, but you moved the
Code:
mynode_vm-disk002.vdi
file to your USB dive and then told virtual box where it was and it still gave you problems?



Remember that vdi has more then just the blockchain on it. So, it will get much larger then just the blockchain.
If you really want to keep the data external, you might want to just get another external drive and put all of the mynode files on there. This way you can pick it up and move it to another PC with no real effort.

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
September 26, 2021, 06:43:58 AM
#34
The easiest way is to use virtualbox: https://www.virtualbox.org/
And then deploy the virtalbox version of mynode: https://www.mynodebtc.com/download
~
Keep in mind you are going to need enough free RAM & disk space on your PC to run it. And you are going to have to keep your machine running 24/7 to get access to it.

I've tried that too yesterday, and didn't work out because the disk for the blockchain is connected though USB and VBox/myNode didn't like that.

In VBox my last attempt was with a proper Debian. I managed to get Bitcoin Core run and use that USB drive for the data, but I completely failed in making it start with the system. I suck at Linux and I know it  Grin

And on Windows, bitcoind is fine, but the Electrum Personal Server just doesn't do anything. Whatever I do it just tells "press any key to continue" and Electrum doesn't see it.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 26, 2021, 06:38:22 AM
#33

Nice list!

And since o_e_l_e_o came with very valid points for having own server and block explorer, I tried my luck and... it's not easy. I didn't manage yet to make any of those work on Windows (heh) and I am a bit undecided about trying out fulcrum, since I didn't find much of discussion about it here on bitcointalk.

I've also looked about using Bitcoin core with HW and.. hmm.. it looks unfinished and far from straightforward, so I pass that.

Any ideas?

The easiest way is to use virtualbox: https://www.virtualbox.org/
And then deploy the virtalbox version of mynode: https://www.mynodebtc.com/download

The upsides: it's easy, you don't have to install or learn anything, and there is a lot of support out there.
The downsides: You have to trust the people involved.
But, you do get a BTC node, a lightning node, an electrum server and a basic block explorer.

Keep in mind you are going to need enough free RAM & disk space on your PC to run it. And you are going to have to keep your machine running 24/7 to get access to it.

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
September 26, 2021, 04:42:58 AM
#32

Nice list!

And since o_e_l_e_o came with very valid points for having own server and block explorer, I tried my luck and... it's not easy. I didn't manage yet to make any of those work on Windows (heh) and I am a bit undecided about trying out fulcrum, since I didn't find much of discussion about it here on bitcointalk.

I've also looked about using Bitcoin core with HW and.. hmm.. it looks unfinished and far from straightforward, so I pass that.

Any ideas?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 25, 2021, 09:46:26 PM
#31
About Electrum Servers.

These are the ones I am aware of:

1. Original Electrum X Server (this is a fork from the original ElectrumX). The current version is ElectrumX 1.16.0.
https://github.com/spesmilo/electrumx

2. Electrum Personal Server
https://github.com/chris-belcher/electrum-personal-server

3. Electrum Server in Rust
https://github.com/romanz/electrs

4. Fulcrum Electrum Server
https://github.com/cculianu/Fulcrum/releases
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 25, 2021, 10:31:27 AM
#30
What is an "Electrum Node" and how do I get one?
Any Electrum node or server is simply a bitcoin full verifying node that has a searchable database.

An electrum server, is a bitcoin node with a separate database server that allows any lite wallet that follows the protocol to query and send BTC transactions.

There are several implementations of it in a few different programming languages that fulfill different roles.

There are ones that run on a lot less resources but are only really suitable for one person running a small wallet and others that can handle 1000s of queries from dozens of people at the same time.

Not saying one is better then the other, as always use the right tool for the job.

-Dave
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
September 25, 2021, 02:44:24 AM
#29
Node in a box and run it at home. Yes I am making assumptions about your home internet, and that you have an RPi and drive handy but still.

Seriously, for the most part it's just storage. The explorers do not take that much CPU / RAM to run till you get dozens of hits a minute.
Too many assumptions indeed: I don't have a RPi, but more importantly, I wouldn't want to host anything at home. A "simple" VPS wouldn't allow the load caused by syncing Bitcoin Core, and a more dedicated server isn't worth it to me.

Why do you need to look up your own transactions on a block explorer, though? Since we are mostly talking about Electrum here, then just view your transactions in your own wallet which is hopefully connected to your own Electrum server, or at least connected to someone else's Electrum server over Tor. No need to involve yet another third party. I honestly couldn't tell you the last time I looked up one of my own transactions.
I find myself looking at addresses or transactions on block explorers for various reasons, and now that you mention it: I should probably change that.
legendary
Activity: 2268
Merit: 18771
September 25, 2021, 02:16:57 AM
#28
That's not very convenient: even if I run Bitcoin Core, I can't just lookup any txid, right? Block explorers (for various coins) are just very convenient tools. Tor quickly shows a captcha, which is just annoying.
Why do you need to look up your own transactions on a block explorer, though? Since we are mostly talking about Electrum here, then just view your transactions in your own wallet which is hopefully connected to your own Electrum server, or at least connected to someone else's Electrum server over Tor. No need to involve yet another third party. I honestly couldn't tell you the last time I looked up one of my own transactions.

Keep in mind that TOR or VPN don't magically give you 100% privacy, there are still many ways you can decrease your privacay.
Just as you need to use a new Tor circuit with every different Electrum wallet you open, so the same server doesn't see the same IP address querying a bunch of different addresses within a few minutes, you need to use a new Tor circuit with every address or transaction you look up on a block explorer. Even better if you don't look up more than one address or transaction you are interested in at the same time, and if you must, then look them up on different explorers.
legendary
Activity: 3472
Merit: 10611
September 24, 2021, 11:20:28 PM
#27
What is an "Electrum Node" and how do I get one?
Any Electrum node or server is simply a bitcoin full verifying node that has a searchable database.

Quote
One of the important things I've learned from this thread is that I'm still being somewhat insecure by using third party blockchain explorers, and I have not been using VPN or tor when doing so.
Keep in mind that TOR or VPN don't magically give you 100% privacy, there are still many ways you can decrease your privacay.
For example imagine you have 2 addresses: addr1 and addr2
If a block explorer or a SPV server sees IP address 1.2.3.4 is asking the balance for addr2 and addr2 then some time later IP address 5.6.7.8 is asking the balance for same addresses then IP 9.10.11.12 is doing the same, ... it is safe to assume addr1 and addr2 are linked even though the IP changed.
Now imagine you send coins from addr1 to a KYC exchange, now they can also know the identity of the one who owns addr1+addr2.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 24, 2021, 09:22:48 PM
#26

If you really need a block explorer, then you can run your own instance of mempool.space. All the code is open source, and they even give you instructions: https://github.com/mempool/mempool
How cool would it be: explorer.loyce.club Cheesy But it takes more resources than my current posts archive, and to me it's not worth the cost of a powerful VPS (or VDS).


Node in a box and run it at home. Yes I am making assumptions about your home internet, and that you have an RPi and drive handy but still.

Seriously, for the most part it's just storage. The explorers do not take that much CPU / RAM to run till you get dozens of hits a minute.

-Dave
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
September 24, 2021, 12:45:34 PM
#25
This is nice: governments helping the Bitcoin network by running Electrum servers, governments helping the Tor network by running exit nodes.... If enough different governments try to collect data, they all become less likely to actually find what they're looking for!

Seriously though: this shouldn't be a surprise. Give them misinformation: Lookup some random addresses on block explorers and add read-only addresses to your Electrum wallets (but you can't do that with a convenient default HD-wallet).

Lesson two is to not look up your own transactions on block explorers.
That's not very convenient: even if I run Bitcoin Core, I can't just lookup any txid, right? Block explorers (for various coins) are just very convenient tools. Tor quickly shows a captcha, which is just annoying.

How many of you actually tried to run your own explorer?
With the way how world is going right now, I think we are soon going to have to host everything on our own.
I haven't tried it: it's resource consuming, so it takes an expensive VPS, one way or another it's a lot more work than using an existing explorer, and in the end my webhost could still access everything if they want.

If you really need a block explorer, then you can run your own instance of mempool.space. All the code is open source, and they even give you instructions: https://github.com/mempool/mempool
How cool would it be: explorer.loyce.club Cheesy But it takes more resources than my current posts archive, and to me it's not worth the cost of a powerful VPS (or VDS).

What a perfect time to purpose the new 64GB RAM server I rented recently with RAID0 SSDs as an electrum node! (Of course, it's supposed to be running other things, but Electrum nodes are dead cheap to host).
Would it be better or worse for privacy to only connect to a certain node? Pro: you know it's probably not a 3-letter agency. Con: you don't get to hide parts of your transactions by using random servers.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
September 24, 2021, 10:34:46 AM
#24
What is an "Electrum Node" and how do I get one?
They are referring to Electrum servers.

I have an Ubuntu server running a full Bitcoin Core node and ElectrumX server.  Both core and electrumx are connected through clear-net and tor, and open to the world.  I connect all my electrum clients to my own server.  How secure and private is this configuration?
I would probably just run it either over clear-net or through Tor but not both because then the privacy benefits would be diminished. Running it through Tor should probably benefit you primarily through eliminating the risk of your ISP having MITM through your traffic. It wouldn't be so much as to the analysis through the nodes that you're connected to, though Tor does still provide certain degree of protection from that.
One of the important things I've learned from this thread is that I'm still being somewhat insecure by using third party blockchain explorers, and I have not been using VPN or tor when doing so.  I'll have to fix those habits, but also, I think I'll learn about mempool.space and possibly set it up on a VPS.
Linking addresses probably isn't ideal. Using a separate Tor identity for every single one of your addresses and transactions would be advisable.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 24, 2021, 10:18:05 AM
#23
@DireWolfM14, your ElectrumX server looks okay to me, and since you only connect to that using your own Electrum clients, then you are not leaking any info to anyone else (unless someone is watching both you and the server, which is unlikely)

I am thinking that Bitcoin Core full nodes work best when connected to clear-net, but there are a few who use it "selfishly" and just don't have as many incoming connections or run it over tor, the performance impact would be negligible for most normal purposes of using the node and wallets.

If you really want it as private as possible, run everything over tor. Any transactions you are waiting for might take an extra second or two to appear, and any transactions you broadcast might take an extra second or two to propagate.

I've been running a regular Bitcoin Core full node over clear-net for the past many years, but I don't use it as a wallet anymore. I'm on a home connection so sometimes the ISP changes my dynamic ip address and my peer-connection count drops from 100 to 10 every now and then.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
September 24, 2021, 10:01:58 AM
#22
I'm sorry for being a dunce, but I was born that way and have been trying to rectify it ever since.

What is an "Electrum Node" and how do I get one?


This is the kind of report that makes conspiracy theories flourish: Block explorers as honeypots; wallet clients as possible honeypots;  SPV servers as possible honeypots.  Bitcoin does offer some level of privacy, but I don't believe that was highly prioritized function of the concept.  Even if it was, governments and their taxing agencies will think of it as a war to be waged.  The more financial privacy we have the less secure they're grasp on power.  Any efforts we make to bolster our privacy will only lead to more of their resources being spent on thwarting those efforts.  It's a war that will likely never end.


This discussion has made me a bit uneasy about my privacy, would someone be so kind as to grade the privacy of my set up:

I have an Ubuntu server running a full Bitcoin Core node and ElectrumX server.  Both core and electrumx are connected through clear-net and tor, and open to the world.  I connect all my electrum clients to my own server.  How secure and private is this configuration?


One of the important things I've learned from this thread is that I'm still being somewhat insecure by using third party blockchain explorers, and I have not been using VPN or tor when doing so.  I'll have to fix those habits, but also, I think I'll learn about mempool.space and possibly set it up on a VPS.
HCP
legendary
Activity: 2086
Merit: 4363
September 24, 2021, 09:13:08 AM
#21
Lesson two is to not look up your own transactions on block explorers.
Given the amount of other people's transactions I've queried on various block explorers from hanging out in the Tech support and Beginners board... ChainAnalysis probably thinks I own more BTC than Satoshi Nakamoto Roll Eyes

Seriously tho... I'm loving my little Raspberry Pi full node setup with a block explorer and electrum server running on it.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
September 24, 2021, 01:47:13 AM
#20
And/or run/use your own full node. But embrassing to admit, I haven’t been running my node everyday for a few months since the pandemic started. I run it only when I make a transaction from that wallet, or when it needs syncing. Sad

Is it time to stop, and discourage use of Electrum?
Electrum is not designed for privacy, it is just a Bitcoin wallet. If you are aware of the privacy trade-offs for Electrum, then there is nothing wrong with using it. At no point in time did people think that their privacy is preserved simply by using Electrum alone.

If you really care about privacy, you wouldn't use Electrum in the first place. Samourai and Wasabi wallet both offers far superior privacy as compared to Electrum and are SPV wallets as well.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
September 23, 2021, 11:44:37 AM
#19
And/or run/use your own full node. But embrassing to admit, I haven’t been running my node everyday for a few months since the pandemic started. I run it only when I make a transaction from that wallet, or when it needs syncing. Sad

I have also stopped running my full node after it caused my web server to frequently run out of memory.

Is it time to stop, and discourage use of Electrum?

Why? Just because Chainalysis is running a bunch of Electrum nodes? I think that's going a bit too overboard, especially considering that there is no replacement for it.

You should be careful with this. electrum.aantonop.com and electrum.jochen-hoenicke.de both belong to the respective person since they are hosted at their personal sites, but you have no way of knowing that Jochen Hoenicke isn't sharing data with third parties. Also, anyone (such as the NSA) could spin up a similar looking server, such as electrum.a-anton.com to trick people in to thinking it is trustworthy.

Or they can just forsake the domain name altogether and just display an IP address.
legendary
Activity: 2268
Merit: 18771
September 23, 2021, 09:11:37 AM
#18
Sometimes I'd manually pick the electrum server, they have interesting names. I think there is an aantonop server. Looks like it belongs to Andreas. There's also Johoe's server (where we sometimes look at graphs for bitcoin mempool statistics.)
You should be careful with this. electrum.aantonop.com and electrum.jochen-hoenicke.de both belong to the respective person since they are hosted at their personal sites, but you have no way of knowing that Jochen Hoenicke isn't sharing data with third parties. Also, anyone (such as the NSA) could spin up a similar looking server, such as electrum.a-anton.com to trick people in to thinking it is trustworthy.

Nah, this is just a reminder to be careful. You can still use Electrum, just be aware that your privacy is not safe if you don't use tor/vpn or your own server.
Even using Tor does not necessarily give you privacy in this scenario. The Electrum servers you connect to will still be able to link all the addresses in your wallet to each other, even if they cannot see your real IP address. If you open more than one wallet without changing Tor circuit, then again, those wallets (and all the addresses within each one) can be easily linked too.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 23, 2021, 07:10:43 AM
#17
Electrum (the wallet) still needs to connect to a compatible Electrum server. There are a few now, even a "Personal Server" which can be pruned, but only your own wallet can connect to it (and only one wallet app at a time, so if you try with a desktop app AND a mobile app on a phone or tablet, one of them will not work.)

The one I am considering is Fulcrum. I've seen that from my desktop app that I keep as watch-only for a bunch of different wallets and even empty ones.

https://github.com/cculianu/Fulcrum/releases

Sometimes I'd manually pick the electrum server, they have interesting names. I think there is an aantonop server. Looks like it belongs to Andreas. There's also Johoe's server (where we sometimes look at graphs for bitcoin mempool statistics.)

I have an open electrum node for people to use. Am I more or less trustworthy then some random public node? I know I am, or would at least like to think I am.
You don't know that.

Care to share your node? Is it running from home or is it running from some VPS / hosted?


Is it time to stop, and discourage use of Electrum?

Nah, this is just a reminder to be careful. You can still use Electrum, just be aware that your privacy is not safe if you don't use tor/vpn or your own server.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
September 23, 2021, 07:06:54 AM
#16
And although it is something expected, the fact it's now public knowledge is imho important.
For example, maybe an update (or fork?) of Electrum will be developed for being privacy focused? Maybe with options for customizing when and which addresses to be queried, maybe with clients connecting to multiple servers to ask randomly for information? I guess that it also can be done. Of course, the top solution remains the use of own server.

It'll be difficult to make Electrum more privacy focused, mainly because Electrum send list of address to a server at once. It means you need to update Electrum protocol or implement BIP 157/158 instead.

For those who value their privacy, but with limited resource, they better use Wasabi Wallet which use BIP 157 and Tor by default.
legendary
Activity: 2898
Merit: 1823
September 23, 2021, 07:03:14 AM
#15

Time to run your own servers!


And/or run/use your own full node. But embrassing to admit, I haven’t been running my node everyday for a few months since the pandemic started. I run it only when I make a transaction from that wallet, or when it needs syncing. Sad

Is it time to stop, and discourage use of Electrum?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 23, 2021, 06:18:52 AM
#14
If you can run your own Electrum node then why not just run a simple full node. The full node needs less resources too!

Very good point! I was studying yesterday the options for having my own Electrum server and I just noticed that it cannot be done with pruned full node. And then, whatever I do, the full node is already all I need. And lately Bitcoin Core also accepts HW, which is something I surely have to try out.

You kind of need an electrum node for mobile wallets / lightweight wallets on your phone / tablet / netbook anything that where even running a pruned node is not viable.
Even if you have a powerhouse laptop that can handle everything without stress if you go on vacation how is the Wi-Fi / Internet in general at the hotel? Do you want to have to sit for 2 hours while you get the blocks you missed while getting there because of crap bandwidth?

How many of you actually tried to run your own explorer?
With the way how world is going right now, I think we are soon going to have to host everything on our own.

More or less yes. You either do it yourself or have 0 idea what is being done with the data.
I have an open electrum node for people to use. Am I more or less trustworthy then some random public node? I know I am, or would at least like to think I am.
You don't know that.

-Dave

legendary
Activity: 2212
Merit: 7064
September 23, 2021, 03:30:30 AM
#13
Lesson two is to not look up your own transactions on block explorers.
Or even better option is to run your own block explorer, for example Mempool.space is open source, it can be self-hosted and it looks amazing.
If you don't like mempool.space there are other alternatives like BTC RPC Explorer with Bitcoin Core, and few others.
Installation instructions for mempool.space can be found on their github page:
https://github.com/mempool/mempool

How many of you actually tried to run your own explorer?
With the way how world is going right now, I think we are soon going to have to host everything on our own.
legendary
Activity: 2268
Merit: 18771
September 23, 2021, 02:55:37 AM
#12
I think that if one checks many more transactions than only his own on block explorers, this lesson/rule may no longer be that important.
True, but the majority of people don't do this, and people who do maybe only check two or three random transactions which doesn't muddy the waters enough to be useful. The issue is also not only which transactions you check, but how you check them. Looking up some random transactions or addresses is one thing, but a lot of people use block explorers to check their own transactions until it gets its first confirmation. If you've searched for 50 transactions, and 49 of them you only loaded once, but 1 of them you refreshed the page 20 times, then that's a dead giveaway as well.

I think that the Monero parts is a huge overstatement from them. I think that on the best case they can follow transactions that comply certain strict rules (for example very big transactions with small mixin).
Either that, or people de-anonymizing themselves in ways which are unrelated to the Monero protocol, such as (as above) putting their hash and view key in to a blockchain explorer website or doing all their transactions via a honeypot node without using Tor.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
September 23, 2021, 02:28:06 AM
#11
Lesson two is to not look up your own transactions on block explorers.

I think that if one checks many more transactions than only his own on block explorers, this lesson/rule may no longer be that important.


I'm not sure I believe their statements regarding Monero until I see evidence to back it up.

I think that the Monero parts is a huge overstatement from them. I think that on the best case they can follow transactions that comply certain strict rules (for example very big transactions with small mixin).


If you can run your own Electrum node then why not just run a simple full node. The full node needs less resources too!

Very good point! I was studying yesterday the options for having my own Electrum server and I just noticed that it cannot be done with pruned full node. And then, whatever I do, the full node is already all I need. And lately Bitcoin Core also accepts HW, which is something I surely have to try out.
legendary
Activity: 3472
Merit: 10611
September 22, 2021, 10:37:51 PM
#10
It has always been a well known fact that when you are using SPV clients you are sacrificing privacy (and in some cases security) for convenience. We always knew that not just chain-analyzers but also government agents are running SPV nodes. I wouldn't be surprised that some of these shady closed source wallets were created by them too.

Walletexplorer.com, a block explorer site secretly operated by Chainalysis,
It is not a secret when it is well known. Walletexplorer is like their "free trial" for their "premium service".

Quote
Time to run your own servers!
I'm sorry but that's silly. If you can run your own Electrum node then why not just run a simple full node. The full node needs less resources too!
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 22, 2021, 05:47:55 PM
#9
Lesson one is to run your own node.
Lesson two is to not look up your own transactions on block explorers.
Lesson three is to do everything over Tor.

If you really need a block explorer, then you can run your own instance of mempool.space. All the code is open source, and they even give you instructions: https://github.com/mempool/mempool

I'm not sure I believe their statements regarding Monero until I see evidence to back it up. Of course Chainalysis will claim they've been able to provide some "meaningful leads" (which could mean almost anything) on Monero transactions, because that's what they want the US government to believe so that they will keep giving them expensive contracts.

And I know some people probably want me to shut up about them by now, but you don't even need to know anything about linux / programming / tech because all of the node in a box appliances that I keep talking about have some form of a block explorer built in or with a 1 click install.
raspiblitz / mynodebtc / umbrel

Take your pick and do it yourself.

-Dave
legendary
Activity: 2268
Merit: 18771
September 22, 2021, 02:49:55 PM
#8
Lesson one is to run your own node.
Lesson two is to not look up your own transactions on block explorers.
Lesson three is to do everything over Tor.

If you really need a block explorer, then you can run your own instance of mempool.space. All the code is open source, and they even give you instructions: https://github.com/mempool/mempool

I'm not sure I believe their statements regarding Monero until I see evidence to back it up. Of course Chainalysis will claim they've been able to provide some "meaningful leads" (which could mean almost anything) on Monero transactions, because that's what they want the US government to believe so that they will keep giving them expensive contracts.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 22, 2021, 02:13:24 PM
#7
Walletexplorer.com, a block explorer site secretly operated by Chainalysis, has provided law enforcement with “meaningful leads,” the documents say.

Is it really a surprise though? The walletexplorer creator works for Chainalysys. It even says so on the main site.

I remember some conversation abut that when it popped up like 4 or 5 years ago. And some people were upset because they ran a bunch of queries for firstbits there and were freaking out that 'the man' now has their information.  Roll Eyes

As for the Electrum nodes. The more you want privacy the more work you have to put into it, by running your own nodes & servers. The issue is that too many people do not know how, and of those that do know how to do it, many do not want to be bothered.

Not saying that we should throw our hands up and do nothing, just dealing with the reality of it all.

-Dave
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
September 22, 2021, 01:03:07 PM
#6
What a perfect time to purpose the new 64GB RAM server I rented recently with RAID0 SSDs as an electrum node! (Of course, it's supposed to be running other things, but Electrum nodes are dead cheap to host).

I'm not sure one node is going to be enough though - maybe I'll run nodes on my reverse proxies as well.

Walletexplorer.com, a block explorer site secretly operated by Chainalysis, has provided law enforcement with “meaningful leads,” the documents say.

Is it really a surprise though? The walletexplorer creator works for Chainalysys. It even says so on the main site.
legendary
Activity: 2212
Merit: 7064
September 22, 2021, 12:01:21 PM
#5
It's no surprise that Walletexplorer is actually Chainalysis and most other explorers are also tracking or collecting IP addresses but you can always run your own open source explorer to avoid this.
Same goes for Electrum wallet, and I was talking for some time that people should run their own nodes and use wallets with Tor support like Wasabi.
Maybe people don't care about privacy and think they have nothing to hide now, but this can bite them hard in future.

Time to run your own servers!
Even better is running your own Bitcoin node.

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
September 22, 2021, 09:14:16 AM
#4
We've know this, but now it's confirmed. Or leaked. Or whatever.

Time to run your own servers!

Indeed, time to run our own servers. Correction: as pooya87 said, it's even better to just run your own full node.

And although it is something expected, the fact it's now public knowledge is imho important.
For example, maybe an update (or fork?) of Electrum will be developed for being privacy focused? Maybe with options for customizing when and which addresses to be queried, maybe with clients connecting to multiple servers to ask randomly for information? I guess that it also can be done. Of course, the top solution remains the use of own server.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
September 22, 2021, 09:06:08 AM
#3
But what I noticed is that most bitcoin users like the SPV wallets just because it requires little memory space for download and also work effectively, but it does not guarantee privacy, many people now are even using it directly with their IP address, an easy way to link bitcoin users to their real identity.

Yeah I'm not sure electrum works well for privacy either even if you use tor as you can still end up linking your whole wallet together as one (which might be a problem if you come to use an exchange).

I'd imagine, given the number of servers that are available, electrum and other spv clients will get different upgrades to help combat this issue and increase privacy (such as getting nodes to send the blockchain to clients for analysis or sending individual addresses to different notes to help make things more private - it'd be hard for electrum's team to enforce/and in some cases suggest the use of tor or vpns though).
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
September 22, 2021, 08:41:44 AM
#2
The ways to privacy can be cost effective, but much more better than not having privacy. It is best to have the full blockchain and run your own node with Tor for privacy reasons.

But what I noticed is that most bitcoin users like the SPV wallets just because it requires little memory space for download and also work effectively, but it does not guarantee privacy, many people now are even using it directly with their IP address, an easy way to link bitcoin users to their real identity.

People can try to want to maximize privacy, but SPV wallets can truly not give effective result because it runs with servers that will connect to the blockchain, the server operators can easily know the addresses wallet users are using and also know other information. The best is to run full node with Tor which gives privacy.

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 22, 2021, 08:14:34 AM
#1
https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/

Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops
Walletexplorer.com, a block explorer site secretly operated by Chainalysis, has provided law enforcement with “meaningful leads,” the documents say.

Quote
Another way Chainalysis captures Bitcoin user data is by running nodes that verify transactions, the documents confirm. This allows the company to capture data leaks on the publicly accessible internet, or clearnet, from users’ simplified payment verification (SPV) wallets. Those services were designed to prioritize easy storage over foolproof security (although to be fair they are arguably more secure than wallets that rely on APIs to verify transactions).

“The downside to this design is that when the user wallet connects to the network, a variety of information is revealed - the user’s IP address, the full set of addresses in the wallet (used and unused) and the version of the wallet software,” according to the slide deck. “Chainalysis runs a series of nodes on the Bitcoin network ... and if a user connects to one of our nodes, we receive the above information.”

The picture below that paragraph shows the word Electrum.

Quote
That Chainalysis runs its own data-capturing nodes would not come as a surprise to privacy-focused Bitcoiners; the community has long suspected as much.

“We’ve always known that they’re running nodes - it’s just a matter of which services they’re connected to,” said Colin Harper, the head of content at Luxor Tech, a bitcoin mining company.

We've know this, but now it's confirmed. Or leaked. Or whatever.

Time to run your own servers!
Jump to: