Pages:
Author

Topic: Electrum Server - page 2. (Read 634 times)

legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
October 19, 2019, 01:55:59 PM
#13
@ETFbitcoin: I've run other electrum servers in the past and electrs feeled less performant... However, I did not run any benchmarks....

As for the fear of getting robbed: there was a discussion in this thread about a node operator logging your real ip and your addresses. If the operator finds an address in his logs that's funded with hundreds of btc, he might try to connect the ip to a physical address (for example by a social engineering attack on the ISP), or he might try to connect to the user's modem to see if it's running vulnerable firmware so the bad node operator can penetrate the rich user's home network... Tor mitigates this attack vector since the operator will not have the user's real ip in his logs
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
October 18, 2019, 02:57:01 PM
#12
--snip--

I just heard about electrs, by any chance do you have experience running it?

You don't need to enable txindex


Yes, I have installed electrs in the past... It's slower than other implementations, but it was really easy to setup and run on my existing node without having to reindex... Iirc, I used nginx as a reverse proxy to deny incoming connections from non whitelisted ip's and handle ssl encryption.

As for the tor option: I had no idea... I either connect to my own node or to a public electrum server over the clearnet... But than again, I don't hold enough crypto to fear getting robbed...
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
October 18, 2019, 06:52:41 AM
#11

--snip--
My questions is just about possibility that any owner of Electrum server can see our IP address and our coins address/es.
--snip--

To answer this question: yes, owners can log ip's and addresses on several levels... It's so easy anybody could do this.
Either by running a reverse proxy (like nginx) in front of the electrum server and logging everything, or by modifying the electrum server's sourcecode to add extra logging (most, if not all, implementations are open source), or just from the OS level by capturing the packages over electrum's port (wireshark can capture the packages and automatically decrypt them using the keyfile used to setup ssl).

If you're really paranoid, i'd suggest using electrs (https://github.com/romanz/electrs/), that way you don't have to add txindex=1 to your node's config and use an alias or shortcut to start electrum using only your own node.

Using tor is a good alternative to, but you have to make sure you always start the tor proxy, and never open electrum without using said proxy...
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
October 18, 2019, 06:47:54 AM
#10
If the privacy is your major concern then  you  have an option to run an Electrum personal server and benefit from its use.

Everyone should be concerned with privacy when it comes to cryptocurrency, but running a personal server is not something that anyone can do. My questions is just about possibility that any owner of Electrum server can see our IP address and our coins address/es. In today's world where hackers are becoming more and more imaginative, the use of data from such servers can serve them for target selection.

It would be ideal if everyone could have a personal server, or if everyone could use Tor, but most still do not hide their true IP address.
legendary
Activity: 3472
Merit: 10611
October 17, 2019, 10:40:56 PM
#9
Electrum nodes (aka servers) can not compromise your security.

I know it's unlikely, but servers get our real IP (if we don't hide it), and the person who owns the server can determine our location (country) by IP address. Although small, there is a possibility that someone could reach the real owner through an IP address, by hacking ISP or with inside job (a corrupt employee inside ISP). Of course, this would only make sense if some Electrum wallet user has a large amount of BTC, and in this way could become a victim of robbery or attempts of social engineering.


If the privacy is your major concern then  you  have an option to run an Electrum personal server and benefit from its use. The only cons of such approach, as I see it, is the necessity to run in background a fully synced  bitcoind. That demon  is naturally going to  consume a lot of  space for blockchain storage which means  you need the disk (preferably SSD) with big capacity, .

if you are concerned with space then you shouldn't be running an Electrum server because it takes up a lot more space than a regular node because it has to index the entire blockchain so that it can fetch the data that anybody requests (transaction history, balances,...). it is a lot easier to run a regular full node and for space you can just run it in pruned mode.
hero member
Activity: 1358
Merit: 635
October 17, 2019, 01:19:12 PM
#8
Electrum nodes (aka servers) can not compromise your security.

I know it's unlikely, but servers get our real IP (if we don't hide it), and the person who owns the server can determine our location (country) by IP address. Although small, there is a possibility that someone could reach the real owner through an IP address, by hacking ISP or with inside job (a corrupt employee inside ISP). Of course, this would only make sense if some Electrum wallet user has a large amount of BTC, and in this way could become a victim of robbery or attempts of social engineering.


If the privacy is your major concern then  you  have an option to run an Electrum personal server and benefit from its use. The only cons of such approach, as I see it, is the necessity to run in background a fully synced  bitcoind. That demon  is naturally going to  consume a lot of  space for blockchain storage which means  you need the disk (preferably SSD) with big capacity, .
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
October 14, 2019, 07:54:56 AM
#7
Electrum nodes (aka servers) can not compromise your security.

I know it's unlikely, but servers get our real IP (if we don't hide it), and the person who owns the server can determine our location (country) by IP address. Although small, there is a possibility that someone could reach the real owner through an IP address, by hacking ISP or with inside job (a corrupt employee inside ISP). Of course, this would only make sense if some Electrum wallet user has a large amount of BTC, and in this way could become a victim of robbery or attempts of social engineering.

legendary
Activity: 3472
Merit: 10611
October 14, 2019, 12:25:39 AM
#6
How can I be sure which server to trust?

Electrum nodes (aka servers) can not compromise your security. the only communication you are making with these nodes is to get block headers, your transaction history and to broadcast new tx you make. all of which are public information, nothing secret to compromise. the only thing malicious sever could do is to lie about state of a transaction. they could tell you it is either confirmed or unconfirmed (or doesn't exist at all) while it is the other way around.

the only real risk is your privacy but you are already giving it up as soon as you start using an SPV wallet instead of a full verification node.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 13, 2019, 12:39:20 PM
#5
Manual connection mode lets you connect to a specific server which you trust. Some nodes might keep the logs and attempt to track their users. There are still many servers that are trying to take advantage of users who didn't upgrade to the latest version by tricking them into downloading a modified version of Electrum
How can I be sure which server to trust? Any criteria to select a certain server? Or I must switch from server to server very often so that they can't keep the whole logs.

If you have serious concern about your privacy, you could :
1. Run your own Electrum Server
2. Use proxy (Tor also possible), Electrum support proxy usage. This option is useless, unless you move to different wallet (which detail only obtained with proxy)
legendary
Activity: 1876
Merit: 3139
October 13, 2019, 07:26:38 AM
#4
How can I be sure which server to trust? Any criteria to select a certain server? Or I must switch from server to server very often so that they can't keep the whole logs.

There is no list of trusted servers. It would be pointless. Switching between servers from time to time should be enough if you are really paranoid. The server operator can only know your IP address and the list of your addresses.
Check out this thread.
legendary
Activity: 2268
Merit: 2327
Marketing Campaign Manager |Telegram ID- @LT_Mouse
October 13, 2019, 07:21:27 AM
#3
Manual connection mode lets you connect to a specific server which you trust. Some nodes might keep the logs and attempt to track their users. There are still many servers that are trying to take advantage of users who didn't upgrade to the latest version by tricking them into downloading a modified version of Electrum
How can I be sure which server to trust? Any criteria to select a certain server? Or I must switch from server to server very often so that they can't keep the whole logs.
legendary
Activity: 1876
Merit: 3139
October 13, 2019, 02:45:48 AM
#2
Who own the servers? There are a lot of servers. Is all these from Electrum?

The community. Anyone who is running a full Bitcoin node with txindex set to 1 can run an Electrum server.

Difference between automatic connection and manual connection?

Manual connection mode lets you connect to a specific server which you trust. Some nodes might keep the logs and attempt to track their users. There are still many servers that are trying to take advantage of users who didn't upgrade to the latest version by tricking them into downloading a modified version of Electrum
legendary
Activity: 2268
Merit: 2327
Marketing Campaign Manager |Telegram ID- @LT_Mouse
October 13, 2019, 02:41:13 AM
#1
We can use automatically connect to a server or we can manually connect to a server from the given list.
I am a little bit confused-
Who own the servers? There are a lot of servers. Is all these from Electrum?

Difference between automatic connection and manual connection?
Pages:
Jump to: