Author

Topic: Watch only wallet and privacy (Read 304 times)

hero member
Activity: 560
Merit: 1060
August 17, 2023, 01:55:59 AM
#20
To safeguard your privacy, consider running your own node/server through Tor. This ensures greater anonymity and control over your transactions

And even that does not provide guaranteed anonymity, so just run your own node.

I do run my own node, thanks both.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 15, 2023, 08:57:35 AM
#19
In addition to what o_e_l_e_o said, I think the best way to anonymously load your wallet's balance if you don't run your own full node, is to create lots of wallets, each of which contains only one address, and load each wallet via some hidden serviced Electrum server, in different time periods, and by choosing different servers each time.

And even that does not provide guaranteed anonymity, so just run your own node.
legendary
Activity: 2268
Merit: 18748
August 15, 2023, 07:51:26 AM
#18
And if I use VPN, each time a different IP, and each time I take a new address from my addresses in Electrum, then the scammer will not be able to determine that all these addresses belong to one user, right?
Wrong, I'm afraid.

When you load an Electrum wallet, Electrum will query whichever server you are connected to for the transaction history of all the addresses in that wallet. Even if only one of them has transactions, Electrum doesn't know that until it asks. Even if you don't do anything except open your wallet and close it again, Electrum still has to ask for the history of all the addresses in that wallet. As soon as you connect to a malicious third party server, then the owner of that server can immediately link all your addresses together. The only way around this is to run your own node and your own Electrum server (this is easier than it sounds).

If you connect to a different Electrum server from a different Tor relay/VPN server/IP address for each wallet you open, then an attacker won't be able to link your wallets to each other (provided you never make a mistake, which is unlikely), but they can still link together addresses within the same wallet.
sr. member
Activity: 504
Merit: 433
August 15, 2023, 07:02:03 AM
#17
The issue arises when Electrum queries your addresses. If you're using Electrum to serve as a watch-only wallet, you'll have the addresses linked to each other. Electrum queries all the required address using the same IP address. Any adversary running the node would be able to make the assumption that they're owned by the same person and thereby linking them to each other.

Running it behind a proxy or Tor won't help in this case.
And if I use VPN, each time a different IP, and each time I take a new address from my addresses in Electrum, then the scammer will not be able to determine that all these addresses belong to one user, right?
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
August 13, 2023, 05:16:20 AM
#16
What are the other alternatives to Tor?

VPN and Proxy.
I do not know much about proxy, but I thought that proxy servers are not secure?

With VPN, you will connect to the VPN central server. Some VPN providers say they do not keep logs but some past events make us to think otherwise.

Some people may use free VPN, but which is risky.

Tor is not connecting to central server, but instead making use of three nodes before connecting to the destination which is far better and decentralized. On mobile, Orbot is the alternative.

Also if using VPN, the green icon that supposed to turn blue on Electrum will not turn blue but remain green like normal IP address connection, and VPN canb fail and automatically be disconnected. Although it has been a long time ago that I experienced this on the paid VPN that I am using. If Tor/Orbot failed, Electrum is disconnected which I think is the best.

On the devices, it is possible to set that if VPN failed, IP address connection should not work, but this will affect all connection on the mobile device.

Because of these, I will recommend Orbot.
hero member
Activity: 1190
Merit: 901
Livecasino.io
August 13, 2023, 04:54:13 AM
#15
I do run my own node. I have connected Sparrow to my own electrum server. But I want to also monitor my wallet from my mobile phone, but it won't connect to my node through tor... Anyway.
I do not know how you can run Electrum server using mobile Electrum. But for anonymity (not privacy), you can connect mobile Electrum using Tor. But with the help if Orbot.

After you download Orbit, click on setthigs and check Electrum to enable it to connect using Orbot. Press on the big onion icon to connect.

After you download mobile Electrum.

Enable Proxy
SOCKSS/TOR
Address: 127.0.0.1
Port 9050

If you connect to Tor, the green circle at the upper right corner will be blue instead. This is for anonymity. Central (public) servers can still connect your addresses but will not be able to know your IP.


Aside using Tor with the help of Orbot, is it advisable for a user to follow the guide for setting up a private node found on GitHub repository? What are the other alternatives to Tor?


sr. member
Activity: 588
Merit: 438
Forum Only For Fun
August 12, 2023, 12:10:25 PM
#14
I import the XPUB to some software like Nunchuk, Sparrow etc.
The best bitcoin wallets I know of from existing sources are hardware wallets. I don't really understand because I've never owned one and am still trying to buy one.
The bitcoin wallet that is used according to sources that I have met has pros and cons, advantages and disadvantages. Wallet security needs to be used as a basic consideration by everyone who wants to use it.

Electrum wallet software is the most recommended almost everyone I meet because electrum has many advanced features and opai including being able to connect with hardware wallets.
When you import XPUB to wallet Nunchuk has no fear?

Nunchuk wallet with a very short age compared to the average age of other software wallets.
I was advised to choose a wallet that has been tested by time and many users have reviewed it.
sr. member
Activity: 364
Merit: 298
August 11, 2023, 10:02:02 AM
#13
They can assume that I own some addresses and not that I actually own them. Correct?

Correct, but to protect your privacy you should ensure absence of assumptions.

As for Electrum server, you should setup a hidden service if you want to connect from your mobile phone.  I think that is the easiest way.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
August 11, 2023, 07:21:00 AM
#12
Will I leak my XPUB?

No, Electrum doesn't send xpub to Electrum server. And IIRC there's no mention of xpub support on ElectrumX (software to run Electrum server) documentation.

They can assume that I own some addresses and not that I actually own them. Correct?
It is not an assumption if you are using public servers. They will know your bitcoin addresses and know the funded ones. They will know your IP addresses too. Which means they can link your real identity to your wallet.

If you want privacy, run your own node/server using Tor.

I do run my own node. I have connected Sparrow to my own electrum server. But I want to also monitor my wallet from my mobile phone, but it won't connect to my node through tor... Anyway.

If your mobile wallet let you connect to specific server and your Electrum server running 24/7, you could (1) configure Electrum server to accept incoming connection from internet and (2) configure your mobile wallet connect only to your Electrum server.
hero member
Activity: 560
Merit: 1060
August 11, 2023, 06:38:11 AM
#11
I do run my own node. I have connected Sparrow to my own electrum server. But I want to also monitor my wallet from my mobile phone, but it won't connect to my node through tor... Anyway.
I do not know how you can run Electrum server using mobile Electrum. But for anonymity (no privacy), you can connect mobile Electrum using Tor. But with the help if Orbot.

After you download Orbit, click on setthigs and check Electrum to enable it to connect using Orbot.


After you download mobile Electrum.

Enable Proxy
SOCKSS/TOR
Address: 127.0.0.1
Port 9050

If you connect to Tor, the green circle at the upper right corner will be blue instead. This is for anonymity. Central (public) servers can still connect your addresses but will kit be able to know your IP.



Thank you. +Merit when I have some to spend.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
August 11, 2023, 06:36:51 AM
#10
I do run my own node. I have connected Sparrow to my own electrum server. But I want to also monitor my wallet from my mobile phone, but it won't connect to my node through tor... Anyway.
I do not know how you can run Electrum server using mobile Electrum. But for anonymity (not privacy), you can connect mobile Electrum using Tor. But with the help if Orbot.

After you download Orbit, click on setthigs and check Electrum to enable it to connect using Orbot. Press on the big onion icon to connect.

After you download mobile Electrum.

Enable Proxy
SOCKSS/TOR
Address: 127.0.0.1
Port 9050

If you connect to Tor, the green circle at the upper right corner will be blue instead. This is for anonymity. Central (public) servers can still connect your addresses but will not be able to know your IP.

hero member
Activity: 560
Merit: 1060
August 11, 2023, 06:28:55 AM
#9
They can assume that I own some addresses and not that I actually own them. Correct?
It is not an assumption if you are using public servers. They will know your bitcoin addresses and know the funded ones. They will know your IP addresses too. Which means they can link your real identity to your wallet.

If you want privacy, run your own node/server using Tor.

I do run my own node. I have connected Sparrow to my own electrum server. But I want to also monitor my wallet from my mobile phone, but it won't connect to my node through tor... Anyway.

The issue arises when Electrum queries your addresses. If you're using Electrum to serve as a watch-only wallet, you'll have the addresses linked to each other. Electrum queries all the required address using the same IP address. Any adversary running the node would be able to make the assumption that they're owned by the same person and thereby linking them to each other.

Running it behind a proxy or Tor won't help in this case.

So, they will be able to know that IP A queries addresses X,Y,Z and therefore assume that IP A owns the keys that generate addresses X,Y,Z.

Will they be able to monitor my wallet though? Will I leak my XPUB?
No.

Electrum has a gap limit, which means that once X (IIRC, its 20) addresses are empty, it stops querying for addresses with balance. Only the address that are used + 20 empty addresses will be leaked. Electrum does not leak xpubs.

Thanks!
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
August 11, 2023, 06:23:24 AM
#8
They can assume that I own some addresses and not that I actually own them. Correct?
It is not an assumption if you are using public servers. They will know your bitcoin addresses and know the funded ones. They will know your IP addresses too. Which means they can link your real identity to your wallet.

If you want privacy, run your own node/server using Tor.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 11, 2023, 06:21:44 AM
#7
The issue arises when Electrum queries your addresses. If you're using Electrum to serve as a watch-only wallet, you'll have the addresses linked to each other. Electrum queries all the required address using the same IP address. Any adversary running the node would be able to make the assumption that they're owned by the same person and thereby linking them to each other.

Running it behind a proxy or Tor won't help in this case.

So, they will be able to know that IP A queries addresses X,Y,Z and therefore assume that IP A owns the keys that generate addresses X,Y,Z.

Will they be able to monitor my wallet though? Will I leak my XPUB?
No.

Electrum has a gap limit, which means that once X (IIRC, its 20) addresses are empty, it stops querying for addresses with balance. Only the address that are used + 20 empty addresses will be leaked. Electrum does not leak xpubs.
hero member
Activity: 560
Merit: 1060
August 11, 2023, 06:20:11 AM
#6
Does it make a difference (an actual difference) if the software is connected to my own Electrum Server or a public Electrum Server? And why.
For privacy if connected to your own node/server, yes. As long as your server is connecting using Tor.

If you do not connect to your own server or run your own node but depend on public server, you will not have the privacy that you want.

The seed phrase and keys are created on a hardware wallet, and its public key is imported on an online wallet. That is enough for security even if you connect to public server, but not having privacy because the public server can spy on your IP addresses and bitcoin addresses.

They can assume that I own some addresses and not that I actually own them. Correct?
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
August 11, 2023, 06:16:53 AM
#5
You may lose your privacy if you are not connected to your own server, whether it's a watch-only wallet or an actual wallet.

You can find the reason if you understand what is A Full Node.


Will they be able to monitor my wallet though? Will I leak my XPUB?
Yes, XPUB is derived from your wallet's Extended Private Key (XPRIV) and is used to generate a series of public addresses. And since the data is publicly available then they can potentially monitor all the transactions of your address.
hero member
Activity: 560
Merit: 1060
August 11, 2023, 06:16:07 AM
#4
The issue arises when Electrum queries your addresses. If you're using Electrum to serve as a watch-only wallet, you'll have the addresses linked to each other. Electrum queries all the required address using the same IP address. Any adversary running the node would be able to make the assumption that they're owned by the same person and thereby linking them to each other.

Running it behind a proxy or Tor won't help in this case.

So, they will be able to know that IP A queries addresses X,Y,Z and therefore assume that IP A owns the keys that generate addresses X,Y,Z.

Will they be able to monitor my wallet though? Will I leak my XPUB?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 11, 2023, 06:11:05 AM
#3
The issue arises when Electrum queries your addresses. If you're using Electrum to serve as a watch-only wallet, you'll have the addresses linked to each other. Electrum queries all the required address using the same IP address. Any adversary running the node would be able to make the assumption that they're owned by the same person and thereby linking them to each other.

Running it behind a proxy or Tor won't help in this case.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
August 11, 2023, 06:08:24 AM
#2
Does it make a difference (an actual difference) if the software is connected to my own Electrum Server or a public Electrum Server? And why.
For privacy if connected to your own node/server, yes. As long as your server is connecting using Tor.

If you do not connect to your own server or run your own node but depend on public server, you will not have the privacy that you want.

The seed phrase and keys are created on a hardware wallet, and its public key is imported on an online wallet. That is enough for security even if you connect to public server, but not having privacy because the public server can spy on your IP addresses and bitcoin addresses.
hero member
Activity: 560
Merit: 1060
August 11, 2023, 06:04:30 AM
#1
Hey! I 've been trying to find an answer to a simple concept, but I can't.

My question is: I create a wallet on a hardware device. I obtain its XPUB. I import the XPUB to some software like Nunchuk, Sparrow etc. Does it make a difference (an actual difference) if the software is connected to my own Electrum Server or a public Electrum Server? And why.
Jump to: