If a third party knows several addresses from the same electrum wallet, can he associate them with eachother, meaning that can he prove it that those addresses belong to the same wallet , without knowing the master pub key of course?
So if they know A , B ,C addresses that are in the same wallet, can he prove that A B C are derived from the same master public key without knowing the master pub key?
Maybe, if the addresses are spend linked, yes. If not, not. Spend linked means that you use coins you received on A, B and C to create a single transaction. E.g. this TX -> https://blockchain.info/tx/dfb7be5a382e2575e52c7c09289c5eb04f9acecb117c54ae0921ce014977cb90
links 1ASFyXYMd7ffy5AFyoGnvQpc9dmxcN4438 to 1EQA6THR6wCgV8ZeuoZiVqEAMGb9S5sKJT
This method is not perfect as we two could create a TX together to fool people (usually called "CoinJoin" or "SharedCoin"), but its commonly accepted as "proof" when finding connections between addresses, at least here in the forum.
Dont let anyone get your wallet file, which you should do anyway to avoid brute force attacks on your private keys.
Interesting but what if it's an electrum watch-only address.
The watch only is derived from the pub key, however it doesnt contain the private key.
So they can still obtain the pub key if you watch your money from a watch only wallet, and that can hurt your privacy.
AFAIK a watch only wallet isnt protected by the password, so yes. A watch only wallet getting stolen would compromise your privacy, but not your coins.