Author

Topic: Electrum Server Privacy Leaks (Read 514 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 19, 2022, 03:26:42 PM
#24
I would highly suggest using a Tor tunnel instead. It is more secure, more private and even easier to set up.

You are right, I was so focused on other things that I completely forgot about that option. My only concern is that address changes every time service is started - I do not know know how it behaves when there is network interruption (it happens), in case of power failure device will be for sure shutdown (maybe restarted).
Oh no, don't worry - the address is persistent across reboots and network interruptions. It will not change unless you delete the folder of your hidden service.
It may also change if you delete the service from the torrc file and restart Tor, but at that point you're probably doing that on purpose.. Wink

One warning, There are some front end GUI for TOR that have buttons that do that. None are installed by default that I know of, but I have seen them and they will remove / reconfigure TOR with a click of a button.
Also known as, when a friend installs it and asks you what this button / option does the correct answer may not be "click it and let me know what happens"

-Dave
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
August 17, 2022, 06:49:09 PM
#23
I would highly suggest using a Tor tunnel instead. It is more secure, more private and even easier to set up.

You are right, I was so focused on other things that I completely forgot about that option. My only concern is that address changes every time service is started - I do not know know how it behaves when there is network interruption (it happens), in case of power failure device will be for sure shutdown (maybe restarted).
Oh no, don't worry - the address is persistent across reboots and network interruptions. It will not change unless you delete the folder of your hidden service.
It may also change if you delete the service from the torrc file and restart Tor, but at that point you're probably doing that on purpose.. Wink
legendary
Activity: 952
Merit: 1385
August 16, 2022, 02:55:30 AM
#22
I would highly suggest using a Tor tunnel instead. It is more secure, more private and even easier to set up.

You are right, I was so focused on other things that I completely forgot about that option. My only concern is that address changes every time service is started - I do not know know how it behaves when there is network interruption (it happens), in case of power failure device will be for sure shutdown (maybe restarted).
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
August 12, 2022, 06:40:29 PM
#21
Setting up a tor hidden service is actually pretty easy.  I have one for each of my Core servers, which is great for running bisq on a laptop, and obviously for my ElectrumX server which I can connect to from my personal laptops and phone.  It also works behind CGNAT (satellite internet,) which doesn't provide a direct-to-internet IP address.  So it's really my only option (but I'd use it anyway.)
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
August 12, 2022, 05:04:49 PM
#20
And given how trivial it is to run an Electrum server, no reason not to just spin up your own one.

Preferably with static public ip (or dyndns/no-ip kind of service) to be able to use it on smartphone - mobile electrum and blue wallet allow setting custom electrum servers - or just outside home. Or install all on own laptop, but then you need a really big disk and each time after you disconnects you must later wait some time for resync.
I do not know how about Ledger software, but Trezor Suite allows you to connect to your own node too.
I would highly suggest using a Tor tunnel instead. It is more secure, more private and even easier to set up.

You basically just want to create such an entry in /etc/tor/torrc.
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed

Then after restarting Tor, you can retrieve the onion v3 URL and type it into all of your SPV wallets.
Code:
sudo systemctl enable tor.service
sudo service tor restart
sudo cat /var/lib/tor/electrs_hidden_service/hostname
legendary
Activity: 952
Merit: 1385
August 12, 2022, 09:12:37 AM
#19
And given how trivial it is to run an Electrum server, no reason not to just spin up your own one.

Preferably with static public ip (or dyndns/no-ip kind of service) to be able to use it on smartphone - mobile electrum and blue wallet allow setting custom electrum servers - or just outside home. Or install all on own laptop, but then you need a really big disk and each time after you disconnects you must later wait some time for resync.
I do not know how about Ledger software, but Trezor Suite allows you to connect to your own node too.
legendary
Activity: 2268
Merit: 18748
August 06, 2022, 04:07:44 AM
#18
Do keep in mind this holds true if the one Tor server you're connecting to is not yours.
Well, of course. I assume most people would trust themselves to not send themselves malicious data. Tongue

It does nothing against topological leaks given the limited number of servers and the possibility that a malicious agent runs multiple servers.
Exactly this. It is trivial to run an Electrum server. An average home computer running a full node could run multiple servers simultaneously, meaning a large blockchain analysis firm could easily run the majority of public servers if they wanted (and indeed, this could very well already be the case). Even if you only ran a single server, then simply over time you could collect enough data to link addresses from most wallets simply by matching the IP of all the requests your server does receive.

And given how trivial it is to run an Electrum server, no reason not to just spin up your own one.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
August 04, 2022, 05:12:16 PM
#17
~snip~
Makes you wonder how difficult it would be to recode some of the SPV wallets to never connect to the same server for more then one request before going to another random one and then going to another random one.
You would have to keep a local log but it would make some analysis a bit more difficult.
It would also require to change the way requests are made. As seen in the log, the SPV wallet requests a whole bunch of addresses at once. In my case (Sparrow), it sent one request per wallet, each of which included all the addresses the software already knows are funded + an additional 5 or something like that. So even if each request went to a different server, the addresses in each wallet would have been linked; just no link between wallets.

It's very implementation-specific, of course. But I don't suspect other wallets to create a new request for every single address. It would incur too much overhead.

That or as others have said, run your own. As many of us have pointed out many times you can easily do it for under $100 in hardware. And with all the pre-packaged / pre-configured setups out there it is not that difficult for a novice to do.
YES YES YES! [Guide] How to run a Bitcoin Core full node for under 50 bucks!
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 04, 2022, 03:47:35 PM
#16
Makes you wonder how difficult it would be to recode some of the SPV wallets to never connect to the same server for more then one request before going to another random one and then going to another random one.
You would have to keep a local log but it would make some analysis a bit more difficult.
Not very.

The protocol that Electrum uses isn't designed to enhance privacy but quite the opposite instead. It doesn't use any methods to try to obfuscate your data whatsoever. It is totally possible for the server to jump from one to another with each address but that is ridiculously inefficient and gets more inefficient as the number of addresses increases. It does nothing against topological leaks given the limited number of servers and the possibility that a malicious agent runs multiple servers.

An example of a wallet that does this would be Wasabi but it is done with a combination of BIP 158 but Electrum just sends the Scripthash straight up.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 04, 2022, 08:27:00 AM
#15
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
August 02, 2022, 06:53:59 PM
#14
Tor can actually make things more risky. Some of the guides for using Tor with Electrum set it up in such a way that you are only connecting to a single server in order to maximize privacy. This obviously means you are downloading the block headers and all your wallet information from only a single source, which increases the risks of being fed incorrect or malicious information.
Do keep in mind this holds true if the one Tor server you're connecting to is not yours.

When I connect to my own Electrum node through Tor, I do connect to a single Electrum server, but there is no risk of getting malicious information.



As for the yet unanswered question about electrs default logfile location; electrs doesn't create a logfile by default. It uses Rust's built-in env_logger, which supports log levels from 'ERROR' (very serious errors) to 'TRACE' (extremely verbose) - all the log levels are declared in Rust's enum.Level.
There's also a table in electrs' GitHub with pretty much the same information.

By default, env_logger writes everything to stderr. But keep in mind it's a trivial task piping stderr to a file.

In my little experiment with log level DEBUG, I could not see the IP or Tor address I was connecting from and in the code it doesn't seem that it's logged, either. But it's simple to add, as others mentioned.
I do see the queried addresses, though.

If you run electrs with log_filter = DEBUG and grep stderr for DEBUG electrs::server] 0:, you will get the communication between your SPV wallet and your Electrum server.
Code:
bitcoin@localhost:~/electrs> /home/bitcoin/electrs/target/release/electrs 2> >(grep 'DEBUG electrs::server] 0:')
[~snip~ DEBUG electrs::server] 0: connected
[~snip~ DEBUG electrs::server] 0: recv {"jsonrpc":"2.0","method":"server.version","params":["Sparrow","1.4"],"id":1}
[~snip~ DEBUG electrs::server] 0: send {"id":1,"jsonrpc":"2.0","result":["electrs/0.9.8","1.4"]}
[~snip~ DEBUG electrs::server] 0: recv {"jsonrpc":"2.0","method":"blockchain.headers.subscribe","params":[],"id":2}
[~snip~ DEBUG electrs::server] 0: send {"id":2,"jsonrpc":"2.0","result":{"height":747717,"hex":"00c00020c072fd1a50fe409f82942c9dfc46565761c38522589103000000000000000000d8c783dcd4e3eb05372ae116978d9fbd2d4fd1d29f3a3c6dfa4f841bb739ac623faee962042a0a17ae7fbf9d"}}
[~snip~ DEBUG electrs::server] 0: recv {"jsonrpc":"2.0","method":"server.banner","params":[],"id":3}
[~snip~ DEBUG electrs::server] 0: send {"id":3,"jsonrpc":"2.0","result":"Welcome to electrs 0.9.8 (Electrum Rust Server)!"}
[~snip~ DEBUG electrs::server] 0: recv [{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[1],"id":4},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[2],"id":5},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[3],"id":6},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[4],"id":7},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[5],"id":8},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[10],"id":9},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[25],"id":10},{"jsonrpc":"2.0","method":"blockchain.estimatefee","params":[50],"id":11}]
[~snip~ DEBUG electrs::server] 0: send [{"id":4,"jsonrpc":"2.0","result":0.00013},{"id":5,"jsonrpc":"2.0","result":0.00013},{"id":6,"jsonrpc":"2.0","result":0.00013},{"id":7,"jsonrpc":"2.0","result":0.00011838},{"id":8,"jsonrpc":"2.0","result":0.00010052},{"id":9,"jsonrpc":"2.0","result":0.00005394},{"id":10,"jsonrpc":"2.0","result":0.00001},{"id":11,"jsonrpc":"2.0","result":0.00001}]
[~snip~ DEBUG electrs::server] 0: recv {"jsonrpc":"2.0","method":"mempool.get_fee_histogram","params":[],"id":12}
[~snip~ DEBUG electrs::server] 0: send {"id":12,"jsonrpc":"2.0","result":[[1023,560],[511,1662],[255,12801],[127,12906],[63,59896],[31,195453],[15,1397569],[7,756035],[3,430544],[1,314814],[0,0]]}
[~snip~ DEBUG electrs::server] 0: recv {"jsonrpc":"2.0","method":"blockchain.relayfee","params":[],"id":13}
[~snip~ DEBUG electrs::server] 0: send {"id":13,"jsonrpc":"2.0","result":0.00001}
[~snip~ DEBUG electrs::server] 0: recv {"jsonrpc":"2.0","method":"server.ping","params":[],"id":14}
[~snip~ DEBUG electrs::server] 0: send {"id":14,"jsonrpc":"2.0","result":null}
[~snip~ DEBUG electrs::server] 0: recv [{"jsonrpc":"2.0","method":"blockchain.scripthash.subscribe","params":[~scripthash~],"id":16},{"jsonrpc":"2.0","method":"blockchain.scripthash.subscribe","params":[~scripthash~],"id":17}, ...]
[~snip~ DEBUG electrs::server] 0: send [{"id":16,"jsonrpc":"2.0","result":"~snip~"},{"id":17,"jsonrpc":"2.0","result":"~snip~"}, ...]
...

I obviously had to redact a lot; but in essence, the client (in this case, Sparrow - I noticed our esteemed forum member achow101 is mentioned as contributor!) queries the blockchain.scripthash.subscribe Electrum protocol method (a list of all these methods).
In this case, blockchain.scripthash refers to a 'hash of the binary bytes of the locking script, expressed as a hexadecimal string' [quote: https://electrumx.readthedocs.io/en/latest/protocol-basics.html#script-hashes].

So basically wherever I wrote ~scripthash~, there are script hashes, a different representation of the addresses of whoever's querying. Especially since they're bunched together in a small number of individual requests, we can say that electrs does link transactions together in its default logs.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
August 02, 2022, 06:46:46 AM
#13
I don't know electrs or how it is setup out of the box, but electrumx does allow for a fair amount of logging.
With electrumx I can see your IP, what addresses you are checking and if you send a TX I again know your IP and have the information about the TX.

I wonder why the logging is configured to be turned on by default? If I were the maintainer, I'd relegate the bulk of the logging to a "debug" option from the command line.
legendary
Activity: 2268
Merit: 18748
August 02, 2022, 05:57:13 AM
#12
Do you know maybe how "multi-server connection" works in Electrum?
I did not investigate the code but maybe it does requests "randomly" and for example if there are 2 addresses to check each one receives data from other server?
I don't use public Electrum servers and route all Electrum traffic through my own server, so my knowledge of the public server architecture is probably not complete. My understanding, however, is that Electrum will connect to around 8-10 servers in order to download block headers from them all (in order to avoid a single server returning incorrect or malicious data), but only one of these servers will be used to query the addresses within the wallet and to relay transactions. All 10 servers will be able to see your IP address, but the one main server will also be able to see everything you are querying.

Tor can actually make things more risky. Some of the guides for using Tor with Electrum set it up in such a way that you are only connecting to a single server in order to maximize privacy. This obviously means you are downloading the block headers and all your wallet information from only a single source, which increases the risks of being fed incorrect or malicious information.
legendary
Activity: 952
Merit: 1385
August 02, 2022, 04:14:09 AM
#11
Data brokers will pay for all kinds of data. Far more likely though is that these blockchain analysis firms are just running a bunch of their own servers anyway, since the overhead for doing so is tiny and they can collect huge amounts of data through them.

Do you know maybe how "multi-server connection" works in Electrum?
I did not investigate the code but maybe it does requests "randomly" and for example if there are 2 addresses to check each one receives data from other server?
legendary
Activity: 2268
Merit: 18748
August 02, 2022, 04:11:16 AM
#10
What would you do with that knowledge - sell to "wallet trackers" / explorers?
Data brokers will pay for all kinds of data. Far more likely though is that these blockchain analysis firms are just running a bunch of their own servers anyway, since the overhead for doing so is tiny and they can collect huge amounts of data through them.

If you really worry, you can always use tor.
All this achieves is masking your IP address. The server can still link together all your addresses and all your transactions (and potentially even multiple wallets if you open them in close succession over the same Tor circuit). Far better to just run your own server.
member
Activity: 162
Merit: 65
August 01, 2022, 09:03:52 AM
#9
See if
Code:
sudo journalctl -n 10000 | grep electrs
shows you anything.

From what I saw with a quick read you can set the log level and location in the config but that should find it.
Did you build from scratch or are you running a prepacked node setup? That may change the location / level and even availability of the logs.

-Dave



except some chain tip updating info, some heights. No IP or public keys or anything like that. Don't get me wrong. I was just experimenting.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 01, 2022, 08:43:54 AM
#8
See if
Code:
sudo journalctl -n 10000 | grep electrs
shows you anything.

From what I saw with a quick read you can set the log level and location in the config but that should find it.
Did you build from scratch or are you running a prepacked node setup? That may change the location / level and even availability of the logs.

-Dave

member
Activity: 162
Merit: 65
August 01, 2022, 08:02:02 AM
#7
Thank you people all for commenting on this. You're beautiful honey badgers.BTCBTC

One thing: regardless electrumx or electrs, usually where does it keep the logs? Name few please.
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
August 01, 2022, 07:48:51 AM
#6
--snip--

It makes more sense if those server run by government or blockchain analysis service rather than individual who want to sell such information.

Indeed, i think those services/governement are the biggest consumers of such data... Other than that, maybe hackers/spammers could maybe use that data to try to extort you, or to do a social engineering attack, or maybe a $5 wrench attack... Not sure if this attack vector is feasible tough.

Personally, i don't really care all that much if a node operator would have this info about me... If you really worry, you can always use tor.
legendary
Activity: 952
Merit: 1385
August 01, 2022, 07:31:38 AM
#5
Now, the fact does remain that private key(s) or seeds are not sent to the electrum node, so a node operator can harm your privacy, but he cannot steal your actual funds (unless there's an undiscovered bug).

The questions is how to monetize that knowledge. Imagine you have a set of wallets - you know which addresses are asked for a wallet, you may assume they come from one seed or xpub, so you may assume the owner is the same. What would you do with that knowledge - sell to "wallet trackers" / explorers?
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
August 01, 2022, 07:17:41 AM
#4
--snip--
Also consider someone could fork those implementation to add log feature or perform log on different level (e.g. on networking level)
this ^^^ is a very important aspect... It's all open source software... It's not like a node operator is going to tell you they modified the sourcecode of their node software to log everything.
So, even if you know electrumx (or electrs, or....) and you have actually read the complete sourcecode and you're satisfied a default "electrumx" node cannot log anything you don't accept, you should still realise somebody could run a modified version of "electrumx".

On top of this, electrs needs a reverse proxy if you want to add tls, this is one more level where log files can be created.

Now, the fact does remain that private key(s) or seeds are not sent to the electrum node, so a node operator can harm your privacy, but he cannot steal your actual funds (unless there's an undiscovered bug).
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
August 01, 2022, 07:14:54 AM
#3
Or, let me put it this way:
Is there a way that I can find out the public key information from whom is connecting to my electrum server?

I don't use electrs, but there's configuration to make electrs to log more information according to https://github.com/romanz/electrs/blob/v0.9.8/doc/upgrading.md#important-changes-from-versions-older-than-093.

Or, perhaps it is electrs as one of the electrum implementations that I am using doesn't keep records or logs, whereas other implementations like EPS, or ElectrumX does keep logs?

Also consider someone could fork those implementation to add log feature or perform log on different level (e.g. on networking level)
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 01, 2022, 06:13:57 AM
#2
I don't know electrs or how it is setup out of the box, but electrumx does allow for a fair amount of logging.
With electrumx I can see your IP, what addresses you are checking and if you send a TX I again know your IP and have the information about the TX.

That is what people are talking about. It does not send that information anywhere but you as the server operator can still see it.

I *think* electrs does the same. But I never looked.

-Dave
member
Activity: 162
Merit: 65
August 01, 2022, 03:12:21 AM
#1
Yes guys, oftentimes you hear people say connecting to someone else's electrum server will leak your public key information.
As I am running electrs as an electrum server implementation, I am asking you guys how public key leaks?
I mean, nothing is stored on my server(at least I didn't manage to find it).

Or, let me put it this way:
Is there a way that I can find out the public key information from whom is connecting to my electrum server?

Or, perhaps it is electrs as one of the electrum implementations that I am using doesn't keep records or logs, whereas other implementations like EPS, or ElectrumX does keep logs?



Jump to: