Author

Topic: [Experiment] "PSA: Electrum sends all your Bitcoin addresses to the server...." (Read 731 times)

sr. member
Activity: 448
Merit: 250
No news here. I think the behavior hasn't changed, but even if it changes, people will always find way to log incoming connections... If you value privacy extremely, connect only to your own node or don't use Electrum at all Smiley

I'm not a privacy fanatic. Electrum is a great wallet. Simple to use, Fast and performs its roles. You have to perform many clicks and hunt around options just to find the thing that you need in other clients.
legendary
Activity: 1512
Merit: 1012
No news here. I think the behavior hasn't changed, but even if it changes, people will always find way to log incoming connections... If you value privacy extremely, connect only to your own node or don't use Electrum at all Smiley
sr. member
Activity: 448
Merit: 250
[Note: Please see the caveat at the bottom of this post]


I came across this post on reddit PSA: Electrum sends all your Bitcoin addresses to the server you are connected to where it alleged Electrum server owners are able to gather IP addresses & corresponding BTC addresses of its clients.

After reading that reddit post, I am very curious what Electrum server owners could see from their end. I stress that this mini-test conducted is not to disparage any crypto wallet clients.


As Electrum server bitcoin transactions record are huge (24 GiB) on foundry and it takes time to download (and the BTC blockchain is more than 50 GiB...), I assumed I could use Litecoin Electrum Server instead since the LTC Blockchain and LTC foundry txn records are less than 6 GiB, and LTC Electrum Server is a fork of Electrum Server. I managed to set up an Electrum LTC server within a short time for the sake of testing.

No SSL was setup on the server.

The purpose of this mini-setup is to determine whether what was said on reddit is true. I connected my LTC client (without SSL) to my own Electrum LTC server, enabled log tailing, ran packet sniffing on the server, and performed some transactions with my LTC client.

On the server, I was able to see two kind of logs:


1) ./electrum-ltc-server sessions
    The clients that are connected:
    
Code:

    TCP : sub
    


2) tailing electrum-ltc.log  (you will see this log appearing once you submitted a transaction)
    
Code:
   

As I am the only client who was connected to my own server, that txn id belongs to me. In electrum-ltc.log, I did not surface any IP addresses that ties the Txn ID. Hence, I assume that in a scenario where there are more than 100 clients connected, it is not possible to tie IP addresses to the Txn IDs.

But things are more interesting when the packets are inspected. A text search for Txn IDs will surface a series of packets which contains data in JSON format. Such data contains the list of LTC addresses that the client wallet holds, transaction IDs, and script outputs. Since this is packet sniffing, you could see the source IP address of clients who sent these packets to you.


Conclusion


In theory, Electrum server owners could associate Txn IDs and wallet addresses to IP addresses but it requires effort to parse logs and correlation with information in TCP dumps. To go one step further, it is possible to tie these addresses to usernames or e-mail addresses with the help of Google searches.


Caveats

The reddit focus was on Electrum Server. But for convenience sake, I used Electrum LTC server. Has the behaviour of Electrum server changed since the reddit post? I have no idea.




edited: language.
Jump to: