Topic: Confusing SPV server spies? (Read 387 times)

True. My recommended method is running full node + electrs through Tor which is automatically accessible from anywhere. No need to setup tunneling manually or any sorts of open ports.

IMO, it would be superior to run a node at home, or even on a VPS, and connect to it via a light client. You could only allow your devices to connect a light node to reduce resource demand.

The above would reduce battery use on your mobile device, and you wouldn’t be subjected to having to use a lot of data. Mobile internet connections are also typically less private, and connecting to a home computer would hide the fact that you are using bitcoin, compared to it being public to anyone watching your internet connection.

I think most people are not sufficiently concerned about privacy to even bother doing the above and will just use a light client.

This can just always happen at night or when charging & not using the phone + if WiFi is available.
Phones already do this for backups. They wait for a time when the user is not using the device, it is charging AND on WiFi. Then it uploads hundreds of GB into their cloud storage. Not that I'd recommend it, but it seems feasible and is done in practice already.

Yes, I envision you will have to download the day's new blocks. It's not for everyone for sure.

It really only makes sense if you have e.g. uncapped data or WiFi on the go (office, coffee shop, most places have WiFi) and somehow don't want to run a node at home and tunnel through Tor.

I don't think a pruned mobile device that is not connected to the network ~all the time is a very good idea. The times in which the cost of data (both in terms of battery consumption and in terms of cost/unit of data) is the highest (eg, when someone is away from home) is also the time when someone with a mobile device is going to need an up to date version of the (pruned) blockchain. So someone might be able to have a fairly recent version of the blockchain as of every morning, however, they will need to download and process the last several blocks whenever they are going to be receiving a transaction.

The issue is not only a storage issue, it is the whole downloading a lot of data and verifying it which takes a lot of time, computing power and consumes a lot of your internet traffic (most plans have a cap). On a phone it would eat your battery too.
Even after fully synchronizing with the network you still have to continue syncing and relaying transactions (have a mempool).

I have a suggestion that I think is rarely considered: running a pruned full node on devices that don't have the disk space for the whole blockchain. Maybe it doesn't help the network, but for you it won't really be any worse than non-pruned. And you could install it on a laptop, tablet and even a phone.

A while back I thought about implementing an iOS or Android 'pruned full node' application that can be scheduled for 'sync times' like overnight, and after a few days you will have the latest UTXO set. I'm not confident I have the time for such a big side project at the moment, though. And you gotta maintain these things....

Perfectly valid concern.

I would argue that Tor or any browsers of that sort does enough to obfuscate the data such that an adversary wouldn't really be able to correlate the data on a large scale. If that is indeed a threat, then using those SPV wallets which leaks privacy wouldn't be suitable and there are far better things to worry about so this wouldn't really come up as an issue.

One big problem I see is that Electrum can work well as it is, hence this kind of changes may never be seen as important/high priority.
And the fact they require a lot of rewriting/work makes it even worse. Still, one can hope..

Until then local node is one solution at hand.

Of this I'm agreed. You absolutely need to run your own node to avoid all this mess when it comes to checking the balances of your addresses.

I meant that whether you broadcast it through a block chain explorer or directly to the Bitcoin network, it's the same thing privacy-wise[1]. The explorer doesn't know anything just like when your node receives transactions that then re-shares.

I just said that I'm sure you can choose a node and send it directly without any explorers. There was even a project dedicated to broadcasting transactions.

---

[1] If everything done through Tor.

Then run your own node. No one knows which addresses you are looking up for balances, since you are looking them up locally.

All these sites are doing is broadcasting the transaction via their own node. If you are going to use someone else's node, then you are always going to have to go through them (or some other third party) to do it. If you don't want to do that, then the only remaining option is to run your own node.

By the same reasoning, what if the entire Bitcoin network is consisted of honey pots? What makes you feel safe and private in that case? You'll use those block chain explorers to just broadcast a transaction anonymously. You don't care what they'll do with it later just like you don't care when your node broadcasts transactions.

Broadcasting through a block chain explorer is a solution, however I'm sure you can send it directly to the network, without this kind of site-intermediary.

If you were to use an online tool to broadcast bitcoin transactions and want to maximize privacy it is best to use their API instead of their webpage because through the API and using a simple app all the privacy leaking methods (cookies, browser exploits, JavaScript exploits, WebRTC exploits, browser fingerprinting,...) will be eliminated all at once simply because that way you know what you are sending them whereas it is very hard to know everything your browser sends them even if you are using a privacy oriented one with privacy related extensions.

The point BlackHatCoiner was making that I was responding to is why do we have to broadcast our transactions through the same SPV servers which we use to obtain balance and transaction history for Electrum wallets. Doing what I have suggested here solves that issue. For safety reasons, you should assume that every block explorer is collecting and sharing your data, just as you should assume that every SPV server is collecting and sharing your data.

As ranochigo has said, if you use connect to one of these sites via Tor to broadcast a transaction, then the site in question will only obtain the same information that everyone would be able to obtain when the transaction is broadcast through the network.

They are. Broadcasting transactions generally won't leak privacy more than your SPV wallets. Even if they were to collect data, they would only get as much data as your browser leaks, which in the case of privacy conscious ones, it isn't that much. I would recommend using a privacy-centric browser and using a new identity for each session, which in normal circumstances can't provide sufficient data regardless.

That's one way to approach it if you don't want privacy-infringing Electrum servers to get certain data from you. But what if some or all of those blockchain explorers are also honeypots that collect, store, and share user data with companies and agencies interested in conducting various kinds of analysis? You will be avoiding one problem but creating another one elsewhere...   

We need more contributors to Electrum project to implement these things because these 3 alone require a total rewrite of parts of the communication protocol used by Electrum clients. You would also have to add DNS digging, peer finding and the handshake process of full nodes for the last item.
I would have done it if I knew python...

I will not come with much of ideas, I'll just draw my conclusion.

While making another tool won't help much, doing changes in Electrum for

* maybe querying different addresses from different servers (where possible the same address from the same server always)
* maybe querying random useless addresses too
* broadcasting through actual bitcoin peers

could get us somewhere.

And then the next step should be to offer more log-free electrum servers to the ecosystem, maybe especially on clear net (because there tend to be most users).

Well, this depends on whom you are being targeted by.

There is a huge difference between being swept up in one of the many different mass surveillance programs being run by many different governments, and being targeted specifically as an individual by an FBI investigation or similar. For the vast majority of people, who are not doing anything illegal, it is the lower level mass surveillance and general unwarranted invasion of privacy that you want to avoid. You can absolutely avoid this through using Tor, running your own node, mixing and coinjoining, being careful with your transactions, etc. These mass surveillance programs do not have the time or resources to investigate every person who makes themselves hard to trace. They are not designed to fight crime, prevent terrorism, catch pedophiles, and so on. They are designed for population control, and covering 99% of the population is sufficient to do that.

If, on the other hand, you are already being targeted specifically, then you probably have much bigger things to worry about than the privacy of your bitcoin transactions.

An analogy might be whether it is Facebook or your government who are trying to track your internet activity. If you don't have a Facebook account, never visit Facebook, block all Facebook trackers and ads, make sure your devices have no Facebook apps or software on them, and so on, then you'll do a very good job of keeping Facebook out of your life. But for a government agency pulling data from your ISP, then this is all irrelevant.

Giving emphasis here. Truth be told, there's no way to hide yourself with bitcoin from government's surveillance agencies. Even if you go exclusively through Tor, mix coins, run both bitcoin and lightning node etc. There are always footprints left and even if they can't track you down, they can track the rest 99% who will have handed out KYC, IP addresses, reused addresses etc. Once they will have dismissed the 99% it will be easier to dive into that 1%.

I've said this before and I'll repeat;

Bitcoin doesn't.

Well yeah, it is important to be aware of all the different ways you can leak information. Running your own node to avoid a malicious SPV server solves that problem, but you can still leak information from transaction heuristics, blockchain analysis,  interacting with centralized services,  completing KYC or handing out shipping addresses, and so on.

Just as running your own node does nothing to protect your privacy from using mixed coins and unmixed coins together as inputs in the same transaction, making untraceable purchases does nothing to protect your privacy from a malicious SPV server.