Pages:
Author

Topic: The paranoid user's security guide for using Electrum safely. (Read 461 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If you use Tails with LUKS encrypted volumes, I don't think using a password to guard Electrum wallet access is needed.
While using the computer, the encrypted volume will be unlocked and anyone with physical access could send funds if there's no password. So I'd recommend to use a password.

Quote
I'm saying this, because your audience is newbies
Especially for Newbies, it can't be repeated often enough to be secure, and use different passwords.



That being said: I use some wallets (inside a VM, of course) for low-value altcoin dust, and it's very convenient to send cents without the hassle of typing a password. I just wouldn't recommend it to anyone, by the time they understand what's at stake, they can decide this on their own.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
- Use a diceware password for guarding Electrum wallet access.
If you use Tails with LUKS encrypted volumes, I don't think using a password to guard Electrum wallet access is needed. I'm saying this, because your audience is newbies as you said, and I think an airgapped Tails is the best choice for a newbie. Installation instructions are very detailing.

- Don't open a Lightning channel unless you have a watchtower running 24/7, or you might lose channel funds to inactivity.
I suspect this isn't for cold storage wallets. Paranoid users would never load their private keys on a non-airgapped device, unless there's some functionality to manage a lightning channel without internet connection I'm not aware of.

Global Mods / admins - please sticky this thread.
Haha, good one!  Cheesy
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
I'm afraid antiviruses spy on you, especially free ones.
Windows spies on you more than any antivirus software. Windows is a privacy nightmare. Check out the links I shared in this post. Even if you try to sanitize Windows, turn off all the extra features, block or disable as much of the privacy invasion as you can, it still transmits data back to Microsoft and a variety of third parties about your device and what you are doing on it hundreds or even thousands of times an hour.

If you are using Windows, then whether your antivirus is spying on you is the least of your concerns.
Actually, you are 100% right but if you are using Windows, why should you double the number of spies? It will also slow-down your computer too. If I had to use Windows and Electrum, I simply would not visit malicious websites, unknown URLs, wouldn't open unknown emails or would use only separate email.
I really don't think one needs to use Antivirus if the person only visits certain reputable websites from specific device.

Btw in ideal case, one should dedicate one pc/laptop to privacy and another one for public activities, gaming and everyday life.
sr. member
Activity: 630
Merit: 314
CONTEST ORGANIZER
I'm afraid antiviruses spy on you, especially free ones.
Windows spies on you more than any antivirus software. Windows is a privacy nightmare. Check out the links I shared in this post. Even if you try to sanitize Windows, turn off all the extra features, block or disable as much of the privacy invasion as you can, it still transmits data back to Microsoft and a variety of third parties about your device and what you are doing on it hundreds or even thousands of times an hour.

If you are using Windows, then whether your antivirus is spying on you is the least of your concerns.

Yes but sadly for the people they only choose between the "less bad", so instead of share their info with X they want to share they info with a big tech, because you know..... "its a wellknow and reputable company..."  Grin

But its understable thinking about they are not gonna scam you but if you have one problem with goverment.... GG for you. Anyways i think the  mos flawed privacy we have its in the smartphones and with google, we spend more time and we generate much more info in smartphones than in PC.
legendary
Activity: 2268
Merit: 18771
I'm afraid antiviruses spy on you, especially free ones.
Windows spies on you more than any antivirus software. Windows is a privacy nightmare. Check out the links I shared in this post. Even if you try to sanitize Windows, turn off all the extra features, block or disable as much of the privacy invasion as you can, it still transmits data back to Microsoft and a variety of third parties about your device and what you are doing on it hundreds or even thousands of times an hour.

If you are using Windows, then whether your antivirus is spying on you is the least of your concerns.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
- Always keep the OS with your wallet on it up-to-date with the latest security patches.
I think it's not always the best to immediately update your wallet software. Personally, what I do is that I read release notes and news. There have been cases when update had some bugs and was dangerous. For that reason, I always wait a little and if I don't hear complains, then I update the software. Of course that highly depends on release notes because sometimes you need to immediately update your software because of critical bugs in current version.

- Antivirus software should be used if your wallet is running on Windows.
I'm afraid antiviruses spy on you, especially free ones. Instead, I would use Virustotal to check whether websites I visit are safe or not and I would also check some files there too.

Really nice thread, everything is done well and said shortly but I would change the title. A true paranoid user is the one who thinks about hardware backdoors too Cheesy
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
There is neither any reputed SOCKS 4/5 proxies?

No, except for the Tor SOCKS5 proxy.
legendary
Activity: 2268
Merit: 18771
Yes I agree with you but personally, I'm not confortable with having one single backup of my seed, even if I would carve it in stone.
Completely agree. One back up is no back up at all, especially when most people store their only back up in the same location as their computer or hardware wallet (i.e. at home). Two back ups in two separate geographical locations should be the minimum.

Running a full node is not an acceptable solution for a random user, and Bitcoin is supposed to be safely usable by everyone.
Sure, but here we are talking about privacy focused users, not random users. If you are privacy focused, then there is no escaping that you must run your own node or you will be leaking data to a third party.
legendary
Activity: 2604
Merit: 2353
I disagree because Electrum 2FA makes a 2-of-3 multisig. This will prevent you from getting robbed if just one device is stolen, but if all of them are taken? Then your funds are screwed.

If you are OK with placing Electrum on many devices, I guess there's no problem with that as long as you move your funds quickly, but this guide is more oriented to using Electrum on a single device, without additional peripherals (hence why LiveUSB is not included cc. @LoyceV)
If your 2 devices are stolen, the robber will still need to know the PIN code of your smartphone, the password of your computer, and the one of your Electrum wallet, because using the 2FA feature don't prevent people to also using a "strong password" for their wallet. So it wouldn't be so simple.

You're right about bare seed phrases being handled as little as possible, and frankly that's how it should be treated. As seed phrases with bitcoin on them are more like physical assets, such as gold or a stack of cash, you should be moving it around as little as possible.
Yes I agree with you but personally, I'm not confortable with having one single backup of my seed, even if I would carve it in stone.

Not only is that bad for privacy, it's easy to mess up writing it and if you do it electronically, you could get robbed by specialists inspecting the peripheral's NVRAM.
So, this is not risky unless you are holding a large amount into this address.

I don't think there's a way to determine the safest server, with the exception of the one hosted on electrum.org. You're basically trusting the node operator to not leak your privacy.

A private electrum server is much better than a public one for this reason, maybe I'll add that. It does require a connection to a bitcoin full node though - usually you have to run those yourself. Or maybe Getblock will do provided that wallet RPCs are not used (they are disabled over there).
Running a full node is not an acceptable solution for a random user, and Bitcoin is supposed to be safely usable by everyone.
There is neither any reputed SOCKS 4/5 proxies?
legendary
Activity: 2268
Merit: 18771
I won't do it any time soon, especially since o_e_l_e_o just made me realize I'm not nearly paranoid enough yet:
Two devices. Both formatted, clean install of good Linux distro of choice, full disk encryption. All software verified prior to installation. Both devices used for nothing else and kept physically and digitally secured.

Device 1, internet connected:
Your own node running over Tor.
Your own Electrum server of choice.
Your watch only Electrum wallet connecting exclusively to your own server.

Device 2, permanently airgapped at a hardware level:
Your Electrum wallet containing seed phrase/private keys.

That's the basics of it for maximum security/privacy while still being fairly easily usable. I could write a guide spelling out each step in detail, but what if I use Debian and someone else chooses to use Mint? What I choose Electrs and someone else wants to use EPS? How can I possibly write a guide for how to remove the WiFi card from every model of laptop in existence? What if someone's threat model is different to mine? Maybe they place more emphasis on $5 wrench attacks, so want to use passphrases for decoy wallets. Or perhaps they want to delete their watch only wallet when not in use. Maybe they want to run mempool.space or JoinMarket on Device 1 as well. And so on.

As Loyce says, people need to understand why they are doing things and what those things achieve, not just blindly follow a list of instructions.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Now you make me want to write a "truely paranoid user's guide for using Electrum" Cheesy
Actually, please do Tongue
I won't do it any time soon, especially since o_e_l_e_o just made me realize I'm not nearly paranoid enough yet:
The only safe Electrum server is your own one.

I'd love to see it from a perspective of having multiple devices at your disposal which can all be used for securing a wallet.
You don't even need multiple devices for offline signing, but it would require rebooting into a Live OS at least once. Or multiple times, if you're like me and realize too late that your offline Electrum is an incompatible version, followed by the next reboot once you realize offline signing with minimum fees creates a signed transaction with less than 1 sat/vbyte and can't be broadcasted. In short, it is a lot easier with a dedicated offline device. Luckily, old laptops are very cheap nowadays.

There's another reason I can't really write a detailed guide: if someone's doing offline signing, they should understand all the steps, and they should be able to fill in the blanks to match their own situation. If you're only following a tutorial to the letter, chances are you're making a mistake. That's why I prefer to stick to just this summary:
Online:
Install Electrum on your PC.
Import your address to create a watch-only wallet.
Preview the transaction, Copy the unsigned transaction. Put it on a USB stick.

Offline and running without hard drive storage:
Get a Linux LIVE DVD. Use Knoppix or Tails for instance, or any other distribution that comes with Electrum pre-installed.
Unplug your internet cable. Close the curtains. Reboot your computer and start up from that DVD. Don't enter any wireless connection password. Keep it offline.
Start Electrum. Import your private key.
Copy your unsigned transaction from the USB stick, load it into Electrum.
CHECK the transaction in Electrum. Check the fees, check the amount, check all destination addresses (character by character).
If all is okay, sign the transaction. Copy it back to your USB stick.
Turn off the computer. That wipes the Live LINUX from memory and all traces are gone.

Online:
Use your normal online Electrum to (check again and) broadcast the transaction.
sr. member
Activity: 630
Merit: 314
CONTEST ORGANIZER
Thanks Loyce, oeleo, and notatether for the answers, it was what i tinked, but its more safety to re ask to the wise of the forum instead of make a huge mistake in terms of security.

Yeah but thinking of future it can be a good think to have a "white" adress and a few more in the shadows, so when any ask, you only show a part of your funds and you dont have to say a lie like, "i dont have any". But yes you need to be very carefull.
legendary
Activity: 2268
Merit: 18771
I disagree because Electrum 2FA makes a 2-of-3 multisig.
In generally, users would be far better setting up their own 2-of-3 multi-sig rather than relying on a third party, sacrificing all their privacy, and paying the excessive fees charged by TrustedCoin.

I don't think there's a way to determine the safest server, with the exception of the one hosted on electrum.org. You're basically trusting the node operator to not leak your privacy.
The only safe Electrum server is your own one.

So what its the solution?
Don't reuse addresses when you can. If you must, such as in recurring payments from a third party, use it for that one purpose and one purpose only - never reuse the same address for different purposes. And then as mentioned above, mix the coins you have received to prevent other tracking where they are going and what you are doing with them.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Hi to all, and thanks to Notatether for this usefull thread.

I have one question , we allways read its a bad behavior to use the same adress  everytime, but here we use the same adresse everytime in signatures campaigns and its ok for practicall purpouse also in some statics adreses needs to be in that way.

So what its the solution? or what its the risk on use the same? Or its only for tracking matters? I think its for that everyone recomends to change the adress so no one can follow/track you so easily. But im forgotten something and its any more risk that im making?

For signature campaigns, where you post your address publicly, your privacy is gone already.

Hence why it's recommended you mix your campaign funds using a mixer, or use a wallet that does it for you (exactly which wallet(s) I recommend for that I will not say, as people are having some tug-of-war on another thread about these kind of wallets).

In that case, it should be called "the slightly careful user's guide for using Electrum" Tongue
Now you make me want to write a "truely paranoid user's guide for using Electrum" Cheesy But I won't, as I think it's futile. Whoever wants to do that can do it already, and people who aren't into it, should probably not even try to work with offline wallets and offline signing. The same for multisig: I wouldn't recommend it to inexperienced users.

Actually, please do Tongue I'd love to see it from a perspective of having multiple devices at your disposal which can all be used for securing a wallet.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
this guide is more oriented to using Electrum on a single device, without additional peripherals (hence why LiveUSB is not included cc. @LoyceV)
In that case, it should be called "the slightly careful user's guide for using Electrum" Tongue
Now you make me want to write a "truely paranoid user's guide for using Electrum" Cheesy But I won't, as I think it's futile. Whoever wants to do that can do it already, and people who aren't into it, should probably not even try to work with offline wallets and offline signing. The same for multisig: I wouldn't recommend it to inexperienced users.

Or its only for tracking matters?
Address reuse is bad for privacy, but doesn't add a security risks (unless you also leak part of your private key). For signature campaigns, where you post your address publicly, your privacy is gone already.
sr. member
Activity: 630
Merit: 314
CONTEST ORGANIZER
Hi to all, and thanks to Notatether for this usefull thread.

I have one question , we allways read its a bad behavior to use the same adress  everytime, but here we use the same adresse everytime in signatures campaigns and its ok for practicall purpouse also in some statics adreses needs to be in that way.

So what its the solution? or what its the risk on use the same? Or its only for tracking matters? I think its for that everyone recomends to change the adress so no one can follow/track you so easily. But im forgotten something and its any more risk that im making?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
- If you have a strong password, you don't need 2FA protection, especially not the one that's bundled with Electrum.
I'm sorry but you can't say that, Electrum password and Electrum 2FA protection are not the same thing at all. The 2FA feature will protect your funds even if your password, your computer or your wallet are compromised, since the one-time passcode from your smartphone will always be needed to move your funds.
https://api.trustedcoin.com/#/faq

I disagree because Electrum 2FA makes a 2-of-3 multisig. This will prevent you from getting robbed if just one device is stolen, but if all of them are taken? Then your funds are screwed.

If you are OK with placing Electrum on many devices, I guess there's no problem with that as long as you move your funds quickly, but this guide is more oriented to using Electrum on a single device, without additional peripherals (hence why LiveUSB is not included cc. @LoyceV)

- Do not use advanced features like custom wordlist, BIP39 password, custom derivation path, Shamir's secret sharing, etc for your seed phrase. All of these are easy to screw up and will destroy your seed phrase copy as they can't possibly be remembered.
I disagree with that, if you store your seed in one single place you are more likely to lose it, if you store it in several places you are more likely to expose it.
Using a BIP39 password or a Shamir's secret sharing scheme(SLIP39) is a must if you want to safely store your seed in several places. Seeds without passphrases or SSS should be handled as little as possible actually.

You're right about bare seed phrases being handled as little as possible, and frankly that's how it should be treated. As seed phrases with bitcoin on them are more like physical assets, such as gold or a stack of cash, you should be moving it around as little as possible.


- Same goes with exporting private keys - do not do it at all.
It's way safer to export one single private key, than to play with the seed of dozens addresses.

Not only is that bad for privacy, it's easy to mess up writing it and if you do it electronically, you could get robbed by specialists inspecting the peripheral's NVRAM.

- Don't keep large sums of money on a software wallet. Use a reliable hardware wallet for cold storage.
No if you have large sums of money it's safer to use a real air gapped software wallet than a plugged and close-source hardware one.

Not all hardware wallets are closed-source.

It's an interesting "How to" thread. But unfortunately you haven't talked about the Electrum servers. Which ones are the most reputed and safest to use?
Same thing for SOCKS 4/5 proxies, which reputed ones can be used with Electrum?

I don't think there's a way to determine the safest server, with the exception of the one hosted on electrum.org. You're basically trusting the node operator to not leak your privacy.

A private electrum server is much better than a public one for this reason, maybe I'll add that. It does require a connection to a bitcoin full node though - usually you have to run those yourself. Or maybe Getblock will do provided that wallet RPCs are not used (they are disabled over there).
legendary
Activity: 2604
Merit: 2353
- Antivirus software should be used if your wallet is running on Windows.
I would add: And put the User Account Control (UAC) to the highest level you can.

- If you have a strong password, you don't need 2FA protection, especially not the one that's bundled with Electrum.
I'm sorry but you can't say that, Electrum password and Electrum 2FA protection are not the same thing at all. The 2FA feature will protect your funds even if your password, your computer or your wallet are compromised, since the one-time passcode from your smartphone will always be needed to move your funds.
https://api.trustedcoin.com/#/faq

- Do not use advanced features like custom wordlist, BIP39 password, custom derivation path, Shamir's secret sharing, etc for your seed phrase. All of these are easy to screw up and will destroy your seed phrase copy as they can't possibly be remembered.
I disagree with that, if you store your seed in one single place you are more likely to lose it, if you store it in several places you are more likely to expose it.
Using a BIP39 password or a Shamir's secret sharing scheme(SLIP39) is a must if you want to safely store your seed in several places. Seeds without passphrases or SSS should be handled as little as possible actually.

- Same goes with exporting private keys - do not do it at all.
It's way safer to export one single private key, than to play with the seed of dozens addresses.

- Don't keep large sums of money on a software wallet. Use a reliable hardware wallet for cold storage.
No if you have large sums of money it's safer to use a real air gapped software wallet than a plugged and close-source hardware one.


It's an interesting "How to" thread. But unfortunately you haven't talked about the Electrum servers. Which ones are the most reputed and safest to use?
Same thing for SOCKS 4/5 proxies, which reputed ones can be used with Electrum?
legendary
Activity: 2212
Merit: 7064
I think it’s pretty much just about it being a vector for malware. Since it’s autorunning by itself, I think it’s pretty unsafe when inserting USB drives and CDs or DVDs in case the inserted device is infected. I guess autorun/autoplay isn’t dangerous on its own, but combined with an infected drive you’re basically gonna accept possible malware with open arms lol Grin
You can disable autoplay easily in settings, but USB are usually much worse than CDs because you can easily add more stuff there and modify it.
Biggest problem I have with USB drives is that they can go crazy with no specific reason and make all data unusable.

That's a good point. There is a similar problem with smartphones, especially android ones, where we have many producers and many OS versions, distributed by phone producer. Sooner or later they stop publishing a new OS updates, then users should think twice if still want to use banking app etc. on not-updated phone.
I am not a fan of iPhones but they have longest support from all smartphones, and for Android devices Samsung and Pixels are one of the best with longest support.
Everything else is trash and I would not waste money on this devices, but maybe they can be used as alternative offline wallets for bitcoin (if done correctly).

I would +1 to DireWolfM14's suggestion above of Linux Mint. It is as simple to set up as you can get, and has a very "Windows" feel to the GUI, making the transition much easier. There are pretty comprehensive guides available as well: https://linuxmint-installation-guide.readthedocs.io/en/latest/
I don't like that Mint is based on Ubuntu, so Debian version is a bit better, but Fedora is much better in recent years and it's supper easy to install and use it.
legendary
Activity: 2268
Merit: 18771
Is enabling it dangerous in and of itself, or is it just a vector for malware as NotATether described?
No, having it enabled is not intrinsically dangerous. The risk comes by allowing any external media such as DVDs or USBs to automatically execute whatever software happens to be on said media. If it's a DVD you burned yourself of some home movies, then no harm done. It it's a USB drive you just received from a friend or colleague, then you actually have no idea what is lurking on it and if their devices were free from malware when using the USB drive previously.

The problem is that I'm an absolute retard when it comes to learning new things in the realm of coding, which Linux does require you to do a little bit of if you want to use it like a boss (just like knowing command line *stuff* in Powershell, which I also haven't grasped fully).
I would +1 to DireWolfM14's suggestion above of Linux Mint. It is as simple to set up as you can get, and has a very "Windows" feel to the GUI, making the transition much easier. There are pretty comprehensive guides available as well: https://linuxmint-installation-guide.readthedocs.io/en/latest/
Pages:
Jump to: