Topic: The paranoid user's security guide for using Electrum safely. (Read 438 times)

While using the computer, the encrypted volume will be unlocked and anyone with physical access could send funds if there's no password. So I'd recommend to use a password.

Especially for Newbies, it can't be repeated often enough to be secure, and use different passwords.

---

---

That being said: I use some wallets (inside a VM, of course) for low-value altcoin dust, and it's very convenient to send cents without the hassle of typing a password. I just wouldn't recommend it to anyone, by the time they understand what's at stake, they can decide this on their own.

If you use Tails with LUKS encrypted volumes, I don't think using a password to guard Electrum wallet access is needed. I'm saying this, because your audience is newbies as you said, and I think an airgapped Tails is the best choice for a newbie. Installation instructions are very detailing.

I suspect this isn't for cold storage wallets. Paranoid users would never load their private keys on a non-airgapped device, unless there's some functionality to manage a lightning channel without internet connection I'm not aware of.

Haha, good one! 

Actually, you are 100% right but if you are using Windows, why should you double the number of spies? It will also slow-down your computer too. If I had to use Windows and Electrum, I simply would not visit malicious websites, unknown URLs, wouldn't open unknown emails or would use only separate email.
I really don't think one needs to use Antivirus if the person only visits certain reputable websites from specific device.

Btw in ideal case, one should dedicate one pc/laptop to privacy and another one for public activities, gaming and everyday life.

Yes but sadly for the people they only choose between the "less bad", so instead of share their info with X they want to share they info with a big tech, because you know..... "its a wellknow and reputable company..." 

But its understable thinking about they are not gonna scam you but if you have one problem with goverment.... GG for you. Anyways i think the  mos flawed privacy we have its in the smartphones and with google, we spend more time and we generate much more info in smartphones than in PC.

Windows spies on you more than any antivirus software. Windows is a privacy nightmare. Check out the links I shared in this post. Even if you try to sanitize Windows, turn off all the extra features, block or disable as much of the privacy invasion as you can, it still transmits data back to Microsoft and a variety of third parties about your device and what you are doing on it hundreds or even thousands of times an hour.

If you are using Windows, then whether your antivirus is spying on you is the least of your concerns.

I think it's not always the best to immediately update your wallet software. Personally, what I do is that I read release notes and news. There have been cases when update had some bugs and was dangerous. For that reason, I always wait a little and if I don't hear complains, then I update the software. Of course that highly depends on release notes because sometimes you need to immediately update your software because of critical bugs in current version.

I'm afraid antiviruses spy on you, especially free ones. Instead, I would use Virustotal to check whether websites I visit are safe or not and I would also check some files there too.

Really nice thread, everything is done well and said shortly but I would change the title. A true paranoid user is the one who thinks about hardware backdoors too

No, except for the Tor SOCKS5 proxy.

Completely agree. One back up is no back up at all, especially when most people store their only back up in the same location as their computer or hardware wallet (i.e. at home). Two back ups in two separate geographical locations should be the minimum.

Sure, but here we are talking about privacy focused users, not random users. If you are privacy focused, then there is no escaping that you must run your own node or you will be leaking data to a third party.

If your 2 devices are stolen, the robber will still need to know the PIN code of your smartphone, the password of your computer, and the one of your Electrum wallet, because using the 2FA feature don't prevent people to also using a "strong password" for their wallet. So it wouldn't be so simple.

Yes I agree with you but personally, I'm not confortable with having one single backup of my seed, even if I would carve it in stone.

So, this is not risky unless you are holding a large amount into this address.

Running a full node is not an acceptable solution for a random user, and Bitcoin is supposed to be safely usable by everyone.
There is neither any reputed SOCKS 4/5 proxies?

Two devices. Both formatted, clean install of good Linux distro of choice, full disk encryption. All software verified prior to installation. Both devices used for nothing else and kept physically and digitally secured.

Device 1, internet connected:
Your own node running over Tor.
Your own Electrum server of choice.
Your watch only Electrum wallet connecting exclusively to your own server.

Device 2, permanently airgapped at a hardware level:
Your Electrum wallet containing seed phrase/private keys.

That's the basics of it for maximum security/privacy while still being fairly easily usable. I could write a guide spelling out each step in detail, but what if I use Debian and someone else chooses to use Mint? What I choose Electrs and someone else wants to use EPS? How can I possibly write a guide for how to remove the WiFi card from every model of laptop in existence? What if someone's threat model is different to mine? Maybe they place more emphasis on $5 wrench attacks, so want to use passphrases for decoy wallets. Or perhaps they want to delete their watch only wallet when not in use. Maybe they want to run mempool.space or JoinMarket on Device 1 as well. And so on.

As Loyce says, people need to understand why they are doing things and what those things achieve, not just blindly follow a list of instructions.

I won't do it any time soon, especially since o_e_l_e_o just made me realize I'm not nearly paranoid enough yet:

You don't even need multiple devices for offline signing, but it would require rebooting into a Live OS at least once. Or multiple times, if you're like me and realize too late that your offline Electrum is an incompatible version, followed by the next reboot once you realize offline signing with minimum fees creates a signed transaction with less than 1 sat/vbyte and can't be broadcasted. In short, it is a lot easier with a dedicated offline device. Luckily, old laptops are very cheap nowadays.

There's another reason I can't really write a detailed guide: if someone's doing offline signing, they should understand all the steps, and they should be able to fill in the blanks to match their own situation. If you're only following a tutorial to the letter, chances are you're making a mistake. That's why I prefer to stick to just this summary:

Thanks Loyce, oeleo, and notatether for the answers, it was what i tinked, but its more safety to re ask to the wise of the forum instead of make a huge mistake in terms of security.

Yeah but thinking of future it can be a good think to have a "white" adress and a few more in the shadows, so when any ask, you only show a part of your funds and you dont have to say a lie like, "i dont have any". But yes you need to be very carefull.

In generally, users would be far better setting up their own 2-of-3 multi-sig rather than relying on a third party, sacrificing all their privacy, and paying the excessive fees charged by TrustedCoin.

The only safe Electrum server is your own one.

Don't reuse addresses when you can. If you must, such as in recurring payments from a third party, use it for that one purpose and one purpose only - never reuse the same address for different purposes. And then as mentioned above, mix the coins you have received to prevent other tracking where they are going and what you are doing with them.

Hence why it's recommended you mix your campaign funds using a mixer, or use a wallet that does it for you (exactly which wallet(s) I recommend for that I will not say, as people are having some tug-of-war on another thread about these kind of wallets).


Actually, please do I'd love to see it from a perspective of having multiple devices at your disposal which can all be used for securing a wallet.

In that case, it should be called "the slightly careful user's guide for using Electrum"
Now you make me want to write a "truely paranoid user's guide for using Electrum" But I won't, as I think it's futile. Whoever wants to do that can do it already, and people who aren't into it, should probably not even try to work with offline wallets and offline signing. The same for multisig: I wouldn't recommend it to inexperienced users.

Address reuse is bad for privacy, but doesn't add a security risks (unless you also leak part of your private key). For signature campaigns, where you post your address publicly, your privacy is gone already.

Hi to all, and thanks to Notatether for this usefull thread.

I have one question , we allways read its a bad behavior to use the same adress  everytime, but here we use the same adresse everytime in signatures campaigns and its ok for practicall purpouse also in some statics adreses needs to be in that way.

So what its the solution? or what its the risk on use the same? Or its only for tracking matters? I think its for that everyone recomends to change the adress so no one can follow/track you so easily. But im forgotten something and its any more risk that im making?

I disagree because Electrum 2FA makes a 2-of-3 multisig. This will prevent you from getting robbed if just one device is stolen, but if all of them are taken? Then your funds are screwed.

If you are OK with placing Electrum on many devices, I guess there's no problem with that as long as you move your funds quickly, but this guide is more oriented to using Electrum on a single device, without additional peripherals (hence why LiveUSB is not included cc. @LoyceV)


You're right about bare seed phrases being handled as little as possible, and frankly that's how it should be treated. As seed phrases with bitcoin on them are more like physical assets, such as gold or a stack of cash, you should be moving it around as little as possible.



Not only is that bad for privacy, it's easy to mess up writing it and if you do it electronically, you could get robbed by specialists inspecting the peripheral's NVRAM.


Not all hardware wallets are closed-source.


I don't think there's a way to determine the safest server, with the exception of the one hosted on electrum.org. You're basically trusting the node operator to not leak your privacy.

A private electrum server is much better than a public one for this reason, maybe I'll add that. It does require a connection to a bitcoin full node though - usually you have to run those yourself. Or maybe Getblock will do provided that wallet RPCs are not used (they are disabled over there).

I would add: And put the User Account Control (UAC) to the highest level you can.

I'm sorry but you can't say that, Electrum password and Electrum 2FA protection are not the same thing at all. The 2FA feature will protect your funds even if your password, your computer or your wallet are compromised, since the one-time passcode from your smartphone will always be needed to move your funds.
https://api.trustedcoin.com/#/faq

I disagree with that, if you store your seed in one single place you are more likely to lose it, if you store it in several places you are more likely to expose it.
Using a BIP39 password or a Shamir's secret sharing scheme(SLIP39) is a must if you want to safely store your seed in several places. Seeds without passphrases or SSS should be handled as little as possible actually.

It's way safer to export one single private key, than to play with the seed of dozens addresses.

No if you have large sums of money it's safer to use a real air gapped software wallet than a plugged and close-source hardware one.


It's an interesting "How to" thread. But unfortunately you haven't talked about the Electrum servers. Which ones are the most reputed and safest to use?
Same thing for SOCKS 4/5 proxies, which reputed ones can be used with Electrum?

You can disable autoplay easily in settings, but USB are usually much worse than CDs because you can easily add more stuff there and modify it.
Biggest problem I have with USB drives is that they can go crazy with no specific reason and make all data unusable.

I am not a fan of iPhones but they have longest support from all smartphones, and for Android devices Samsung and Pixels are one of the best with longest support.
Everything else is trash and I would not waste money on this devices, but maybe they can be used as alternative offline wallets for bitcoin (if done correctly).

I don't like that Mint is based on Ubuntu, so Debian version is a bit better, but Fedora is much better in recent years and it's supper easy to install and use it.

No, having it enabled is not intrinsically dangerous. The risk comes by allowing any external media such as DVDs or USBs to automatically execute whatever software happens to be on said media. If it's a DVD you burned yourself of some home movies, then no harm done. It it's a USB drive you just received from a friend or colleague, then you actually have no idea what is lurking on it and if their devices were free from malware when using the USB drive previously.

I would +1 to DireWolfM14's suggestion above of Linux Mint. It is as simple to set up as you can get, and has a very "Windows" feel to the GUI, making the transition much easier. There are pretty comprehensive guides available as well: https://linuxmint-installation-guide.readthedocs.io/en/latest/