What are the security implications of not hosting your own Electrum server?

7

2

Bitcoin-Qt is getting require large and is taking up over 10% of the space on my little laptop. Looking for an alternative, I saw Electrum. I downloaded the app and I'm able to connect to a server, but I'm wondering: what would the security implications be of not connecting to your own server?

Ramon Tayag

Posted 2013-03-06T08:58:24.893

Reputation: 321

3I like to know what are the security implication of hosting your own server :-)barrymac 2013-03-06T13:36:16.847

Yeah, that's a good follow up question. You should ask it, and link it here!Ramon Tayag 2013-03-07T07:35:17.553

1

good idea, done: Vice Versa

barrymac 2013-03-07T15:49:18.350

@barrymac Nothing, unless there's a security issue in Electrum.Nick ODell 2013-03-07T18:07:57.563

Answers

2

A dishonest server could lie to you about how many bitcoins you have.

Nick ODell

Posted 2013-03-06T08:58:24.893

Reputation: 26 536

Don't all the Electrum servers connect to each other, so you can connect to any of them? If so, wouldn't they all hold the same information about your account?Ramon Tayag 2013-03-07T07:34:54.417

3All of the honest servers will tell you the same thing. But a dishonest server could lie.Nick ODell 2013-03-07T07:48:03.980

1This is not correct, they can give you false low wallet balances, but not falsely high ones.Anonymous 2015-05-04T03:47:40.693

2@bitcoin sure it could - by not telling you about a transaction that spends one of your outputs.Nick ODell 2015-05-04T04:05:02.153

@NickODell are you sure about this? what you describe would be a client that fully trusts the server, however according to this talk from the author of Electrum (https://youtu.be/hjYCXOyDy7Y?t=718 <- exact moment) it says that Electrum is one level above the "server-trusting" wallets, that is, it's a SPV wallet; if this is still the case nowadays, I wonder what's the difference between this and a "server-trusting" wallet?

user1623521 2018-01-17T16:10:58.377

@user1623521 He describes what he means in that video. To rephrase what he said, Electrum servers tell a client, "You got this transaction and this transaction and this transaction." Servers for server-trusting wallets say, "You have five bitcoins, trust me, I added it up correctly." In other words, 'server trusting wallets' can hide or exaggerate your Bitcoin holdings.Nick ODell 2018-01-22T03:32:42.930

@NickODell you didn't seem to watch the video I sent; Electrum does some validation on the messages it gets from the servers to make sure they are not lyinguser1623521 2018-01-22T07:06:27.497

2

They'll be able to track your transactions/addresses and tie them to your IP address, although this is mitigated if you are using proxies (you can also go through Tor).

kaykurokawa

Posted 2013-03-06T08:58:24.893

Reputation: 1 902