Author

Topic: Question about privacy of Blockchain.com wallet (Read 295 times)

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
September 26, 2021, 08:00:30 PM
#29
That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.
I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful. Any time I want to spend a large amount of bitcoin in person (larger than I would be comfortable storing on a mobile wallet), then I have planned it in advance and have taken my hardware wallet with me.
I like to be prepared for that rare event, say a hotel with a "Bitcoin accepted" sign when I'm on vacation.
But you're right, chances are pretty small. That's why I haven't used it yet.
I think that Loyce's encrypted paper wallet makes sense for an 'emergency money' kind of scenario. It allows you to carry around enough money to save you in a very bad situation, like, you're in a different country and your cash is stolen & cards are blocked or something like that. While not having millions of sats in mobile wallets for years on end. For that scenario, I understand it. There was a story recently here of someone in that exact position, but I can't find it right now. It was titled 'How Bitcoin saved me' or something like that.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I'm not really a fan of that method. To spend from that encrypted paper wallet while on the go without any additional hardware on you (airgapped laptop, hardware wallet, etc.) then you are going to have to import it in to your hot mobile wallet. If you don't think a mobile wallet is secure enough for storing that amount of bitcoin long term, then you shouldn't really think it's secure enough to import that amount of bitcoin in to either.
I've had larger amounts on my mobile without problems (short-term), so I'm not directly worried about it. The paper wallet is already older than my current phone, which means I prevented exposure to one additional device by keeping it on paper instead of a hot wallet.

Quote
I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful.
I like to be prepared for that rare event, say a hotel with a "Bitcoin accepted" sign when I'm on vacation.
But you're right, chances are pretty small. That's why I haven't used it yet.
legendary
Activity: 2268
Merit: 18711
I didn't know that it includes Electrum and has this other feature as well, that's really great! I should set one up.. Smiley
The only downside is that since it is all pre-bundled, they don't use the latest version. Last I checked, they are still on version 4.0.2. If you really want the latest version, then you can run it using the AppImage from electrum.com and saving it to your persistent storage. There are instructions here: https://electrum.readthedocs.io/en/latest/tails.html

That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.
I'm not really a fan of that method. To spend from that encrypted paper wallet while on the go without any additional hardware on you (airgapped laptop, hardware wallet, etc.) then you are going to have to import it in to your hot mobile wallet. If you don't think a mobile wallet is secure enough for storing that amount of bitcoin long term, then you shouldn't really think it's secure enough to import that amount of bitcoin in to either.

I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful. Any time I want to spend a large amount of bitcoin in person (larger than I would be comfortable storing on a mobile wallet), then I have planned it in advance and have taken my hardware wallet with me.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You have to import it into a hot wallet to use it though; then I prefer a hardware wallet or just using a mobile wallet in the first place Cheesy On the other hand, if it's not yet sure whether you'll actually need to use that wallet on-the-go, then your method is more secure!
That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.

Quote
I was arguing for 'convenient & secure' method though, and my point still stands that it's not more convenient to use an online wallet instead of just using a mobile, custodial wallet.
For convenience, I also have a small (non-custodial) mobile wallet that I use whenever I can.

Apart from the security, I can think of another reason not to use a webwallet: I'd have to remember another password, or store it on my phone. Both options I don't like.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Nobody carries a seed around.
My personal favourite, apart from a small mobile hot wallet, is an encrypted paper wallet. I keep a backup at home, and the encryption won't easily be brute-forced if someone gets their hands on it.
You have to import it into a hot wallet to use it though; then I prefer a hardware wallet or just using a mobile wallet in the first place Cheesy On the other hand, if it's not yet sure whether you'll actually need to use that wallet on-the-go, then your method is more secure!
I was arguing for 'convenient & secure' method though, and my point still stands that it's not more convenient to use an online wallet instead of just using a mobile, custodial wallet.

Quote
This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).
One is enough: Electrum is included in Tails by default, and Tails can create an encrypted partition on the same USB stick.
I didn't know that it includes Electrum and has this other feature as well, that's really great! I should set one up.. Smiley I think last time I used Tails, it didn't have these features or I didn't know about it, otherwise I'd probably have done it already.. Grin
legendary
Activity: 2268
Merit: 18711
Nobody carries a seed around.
No, but I'd still rather do that than use a web wallet. Hell, I'd rather memorize a seed phrase for use on the go (obviously knowing that the back up is written down and stored securely at home) than use a web wallet.

Just write the seed words (or not, if you don't care about an amount of max 50 USD), and you're ready to go.
You don't have to carry the seed phrase around with you, but you should definitely write it down. You don't want to be in the situation of needing to receive a large transaction while you are on the go and only have an unbacked-up mobile wallet on you.

This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one
Yeah, as Loyce says, Tails will create a persistent storage on the same USB stick it boots from: https://tails.boum.org/doc/first_steps/persistence/index.en.html
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Nobody carries a seed around.
My personal favourite, apart from a small mobile hot wallet, is an encrypted paper wallet. I keep a backup at home, and the encryption won't easily be brute-forced if someone gets their hands on it.

Quote
This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).
One is enough: Electrum is included in Tails by default, and Tails can create an encrypted partition on the same USB stick.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

If you need to access your bitcoin in another device, such as a computer at work or in another kind of device,  they offer some nice convenience.

I used blockchain.info in the past in that situation and it was nice.

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd). I consider them similar to a physical fiat wallet.. you can carry a few bucks of cash in your pockets, if you lose it that's not a big deal.
Nobody carries a seed around. To access Bitcoin everywhere (especially small amounts, like you mentioned), the best solution by far would be a non-custodial mobile wallet, like BlueWallet which I already mentioned. It's even more convenient to set up, because there is no account. No email. No password. No verification.... Just write the seed words (or not, if you don't care about an amount of max 50 USD), and you're ready to go.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.
This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Well, there might be situations where you have don't have the choice to use your own device.

Let's suppose you work on a submarine. Or that you are a military and on the location you are the only way to access internet is in a computer that you received by your employer.
Chances are you won't have any communication with the outside world for months from that submarine. The more common scenario is an employer's computer, and indeed, I never enter my own passwords there. When convenient, I've used corporate email for personal stuff ("hey, will you buy potatoes or should I?"), but that's where it ends.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.
legendary
Activity: 2268
Merit: 18711
I faced similar situations a few years ago (which I don't want to specify here for privacy purposes), where i didn't have wifi in my mobile device and I had to use a computer provided by my employer to use internet.  and blockchain.info was handy.
I would still prefer to either carry around an encrypted USB stick with my wallet file on it, or carry around a seed phrase written down on paper which I could restore my wallet from using some open source software such as Electrum. Again, both are far better from both a privacy and security view point than using a web wallet.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
That's terrible for security! I never enter any passwords on devices that aren't mine.

Quote
Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd).
Wait, if you know that already, why not use a mobile wallet instead?

Well, there might be situations where you have don't have the choice to use your own device.

Let's suppose you work on a submarine. Or that you are a military and on the location you are the only way to access internet is in a computer that you received by your employer.

I faced similar situations a few years ago (which I don't want to specify here for privacy purposes), where i didn't have wifi in my mobile device and I had to use a computer provided by my employer to use internet.  and blockchain.info was handy.

 I know these situations are becoming very unlikely in recent years and they will be more unlikely in the future, specially in developed countries.
legendary
Activity: 2268
Merit: 18711
That's easy to go around: pay a "weird" amount, and make sure you get a round amount as change Smiley
Absolutely. Or split your change between multiple addresses to make it seem as if you are paying multiple people. Or manually choose to send your change to a different address type to obfuscate that it is going to a change address. Or even better, leave no change at all. It's entirely possible to hide what is a change address (or even manipulate the heuristics in to actively identifying the payment address as the change address), but the vast majority of wallets don't do this and the vast majority of users don't know how to do this. If OP is using Electrum or Blockchain.com, and just makes a bunch of standard transactions which chain together all his change addresses, then it is trivial to identify them all and link all the transactions as originating from the same user/wallet.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If I pay make a transaction from Address A, and I send something like 0.05 BTC to one address and 0.15820351 BTC to another address, then it is completely obvious to everyone that the latter address is my change address.
That's easy to go around: pay a "weird" amount, and make sure you get a round amount as change Smiley

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)
That's terrible for security! I never enter any passwords on devices that aren't mine.

Quote
Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd).
Wait, if you know that already, why not use a mobile wallet instead?
legendary
Activity: 2268
Merit: 18711
-snip-
I use a mobile wallet for small amounts which I need to carry around with me and spend on a daily basis. The security isn't great (although far better than that of a web wallet), but I've never been hacked and it is only small amounts that I can afford to lose. For anything larger I need to carry around with me and access anywhere, then I can take a very small hardware wallet which will link up with my phone. Both easily fit in pockets, bags, etc.

This is a far preferable option to using a web wallet if "accessing anywhere" is the goal. Your security is much better, your privacy is much better, the fees are much better, and you can still use advanced options like coin control or RBF which most Web wallets don't offer.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

If you need to access your bitcoin in another device, such as a computer at work or in another kind of device,  they offer some nice convenience.

I used blockchain.info in the past in that situation and it was nice.

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd). I consider them similar to a physical fiat wallet.. you can carry a few bucks of cash in your pockets, if you lose it that's not a big deal.

legendary
Activity: 2268
Merit: 18711
Also, if you e.g. pay person A first, then the change arrives into a new address (change address), from which you'll pay person B, so they will absolutely not see the funds coming from the same address.
Correct, but in many cases it will still be trivial to link the two payments.

If I pay make a transaction from Address A, and I send something like 0.05 BTC to one address and 0.15820351 BTC to another address, then it is completely obvious to everyone that the latter address is my change address. If I then pay someone else from my change address, then they can easily link the two transactions as having come from the same person. The same is true for anything else which identifies the change address, such as one output being to a different address type from the input while the change output is the same address type as the input.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.
Just to add to the conversation, Coinbase has a non-custodial wallet as well.

They offer 2 kind of wallets: custodial and non-custodial.

You can see it here:
https://wallet.coinbase.com/faq/
Yes, "Conbase Wallet" is non-custodial and "Coinbase" is custodial.
But OP's description of the withdrawal doesn't fit 'Coinbase Wallet' so I find it not necessary to mention here.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
This coinbase wallet has a similar degree of security compared to Blockchain.com wallet. Both are  online wallets, they are convenient but they vulnerable to many kind of attacks.
To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.

Just to add to the conversation, Coinbase has a non-custodial wallet as well.

They offer 2 kind of wallets: custodial and non-custodial.

You can see it here:
https://wallet.coinbase.com/faq/
Quote
How do I protect against losing access to my funds?
Coinbase Wallet is a user-controlled, non-custodial product. The app generates a 12 word recovery phrase which is what gives you, and only you, access to your account to move received funds. Coinbase will never have access to this seed, meaning that we cannot move funds on your behalf even if you lose access to your recovery phrase.

I am not recommending it and I think Electrum is a much better option.

This coinbase wallet has a similar degree of security compared to Blockchain.com wallet. Both are  online wallets, they are convenient but they vulnerable to many kind of attacks.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
It's nice that I can create a new address for every incoming transaction to keep my privacy high.
This is a normal feature that every good wallet has. Nothing to do with custodial or non-custodial.
From your seed words, unlimited private keys can be derived and from each of those private keys you can calculate a public key and an address where you can receive funds. A good hardware or software wallet displays you a new address every time you click 'receive' by default.

Also, if you e.g. pay person A first, then the change arrives into a new address (change address), from which you'll pay person B, so they will absolutely not see the funds coming from the same address.

If you're looking for something free and quick & easy to setup, as you alluded to in your replies, I'd recommend to start with BlueWallet.

What I like about it is that it's open source and allows to have multiple separate non-custodial Bitcoin on-chain wallets as well as play around with Lightning (however the LN functionality is custodial, so just don't keep too many funds on there). You can also import xpubs to keep track of activities on all of your hardware or offline wallets as well.
HCP
legendary
Activity: 2086
Merit: 4361
Do you know any other custodial wallets where you can quickly open an account without having to go through an extensive verification process like you have to at Coinbase?
One of the core tenants of Bitcoin was to give you complete control of your coins. Why would you want to use a custodial wallet? Huh Is there some benefit that you believe they offer over a non-custodial wallet like Bitcoin Core or Electrum or similar? Huh
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
-snip-
Do you know any other custodial wallets where you can quickly open an account without having to go through an extensive verification process like you have to at Coinbase?
Unfortunately, custodial wallets that fall to that category are most likely scams.
Legit wallets have to comply with your Government's law so a level of verification is required depending on the country.

For Exchanges, their 'withdrawal fee' is ridiculous compared to wallets, you wouldn't want to use them as a wallet even though some of them allow crypto withdrawals for non-verified users.
They can also lock your funds if they found "something" in your transactions.


Despite the consensus in the replies, you still decided to go for custodial...
perhaps in terms of privacy, are you only concerned about your privacy against users, not the authorities?
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Do you know any other custodial wallets where you can quickly open an account without having to go through an extensive verification process like you have to at Coinbase?

Well, if you don't care about privacy then I would list a few of them.

- Binance wallet
- Bitpay wallet
- Coinex wallet
And any exchanges with wallet features are custodial wallets. It means you don't own any keys if those exchanges having issues on their wallets it would be a big problem.

And I suggest you to read this [General] Bitcoin Wallets - Which, what, why?
legendary
Activity: 2268
Merit: 18711
So Electrum and Blockchain are non-custudial
Yes, but they aren't comparable.

Electrum is open source software which you run yourself on your own computer. Provided your computer is not infected with malware, you can verify that the seed phrase and private keys are known only to you, no one else can spend your coins, and no one can lock you out of your wallet. Blockchain.com is a closed source website. You have no idea how they generate your seed phrase, who else might have access to it, or who else could potentially spend your coins. Your account is vulnerable to hacks, and their central wallets and servers are vulnerable to hacks. They can lock or shut down your account if they choose, and unless you have your seed phrase backed up somewhere, your coins will be lost.

All web wallets are the absolute lowest in the rankings for both security and privacy.

Do you know any other custodial wallets where you can quickly open an account without having to go through an extensive verification process like you have to at Coinbase?
The real question is why you would want to do this? You are sacrificing all your privacy and all your security, giving unknown strangers the ability to prevent your transactions, freeze your account, or even steal your coins. The whole point of bitcoin is to not trust third parties with your money.
full member
Activity: 512
Merit: 102
So my question is: is Blockchain the same as Coinbase or the same as Electrum?
Does anybody know this? I could not find this in their FAQ anywhere.
In terms of handling funds, Electrum and Blockchain.com are the same because both are non-custodial.
You'll be spending your "unspent transaction outputs" (UTXO) from your received transactions to create a new transaction.
So if you're receiving funds with a single address, all your withdrawals will use the UTXOs associated with that address in your wallet;
to mitigate that, you just have to use a different address every time you receive funds so "receiver A and B" will see that the txns came from different addresses.
You'll have more options in Electrum by utilizing "coin control" for better selection of UTXO.

Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.
Different addresses, yes, but in terms of privacy, authorities or whoever in contact with them can easily point your identity based from their database and/or blockchain analysis,
custodial services aren't really that private with their hot wallets, even a regular user can tell that it's from Coinbase by using walletexplorer.com.

Thanks for this detailed explanation!
So Electrum and Blockchain are non-custudial and Coinbase is custodial.
Do you know any other custodial wallets where you can quickly open an account without having to go through an extensive verification process like you have to at Coinbase?
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
With Coinbase it's difference. They send out their withdrawals from all kinds of different transactions. In this same example receivers A and B would never know they actually both received a payment from the same source (me), not even if they talked to each other about it and analyzed the blockchain.

A and B don't need to analyze the blockchain in this case. If the situation warrants it, they can contact the authorities, which could contact Coinbase, which could hand over all your transaction data and personal information.
legendary
Activity: 3472
Merit: 10611
In terms of privacy different wallets in decreasing order are like this:
Full node > Server-independent1 SPV > Single-server-dependent2 SPV > Web wallets (non-custodial)3 >> Web wallets (custodial)

1 Any SPV client that can connect to an arbitrary full node and fetch the necessary data (this includes Electrum)
2 These are light clients that connect to a fixed (centralized) server and fetch their data
3 I consider users of web wallets to have 0 privacy in general
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
So my question is: is Blockchain the same as Coinbase or the same as Electrum?
Does anybody know this? I could not find this in their FAQ anywhere.
In terms of handling funds, Electrum and Blockchain.com are the same because both are non-custodial.
You'll be spending your "unspent transaction outputs" (UTXO) from your received transactions to create a new transaction.
So if you're receiving funds with a single address, all your withdrawals will use the UTXOs associated with that address in your wallet;
to mitigate that, you just have to use a different address every time you receive funds so "receiver A and B" will see that the txns came from different addresses.
You'll have more options in Electrum by utilizing "coin control" for better selection of UTXO.

Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.
Different addresses, yes, but in terms of privacy, authorities or whoever in contact with them can easily point your identity based from their database and/or blockchain analysis,
custodial services aren't really that private with their hot wallets, even a regular user can tell that it's from Coinbase by using walletexplorer.com.
full member
Activity: 512
Merit: 102
Hello

I use the online wallet of Blockchain.com and it's nice that I can create a new address for every incoming transaction to keep my privacy high.

But what I'm not entirely sure of, is if my withdrawals always get sent from the same address or not.
For example Electrum does this. If I send 2 transactions from my Electrum wallet (1 to receiver A and 1 to receiver B), those two receivers A and B can see it came from the same source (if they talk to each other ofcourse, only then).
With Coinbase it's difference. They send out their withdrawals from all kinds of different transactions. In this same example receivers A and B would never know they actually both received a payment from the same source (me), not even if they talked to each other about it and analyzed the blockchain.

So my question is: is Blockchain the same as Coinbase or the same as Electrum?
Does anybody know this? I could not find this in their FAQ anywhere.
Jump to: