7
1
Lets say I wanted to use an electrum client but I'm so paranoid and also can't or won't read and understand python code so that I only trust my own server.
What security considerations should I have in mind? eg: Do I need to add any encryption to the filesystem to protect the wallets that are being served?
Do you gain security by validating with other servers? Given extreme levels of paranoia should you even trust other servers?
4
Electrum servers don't save any private information. All they do is create an interface to a bitcoind instance that is exposed in such a way the Electrum client, which stores the important and private data, can read it.
The only 'evil' thing an Electrum server could do is lying about certain transactions, feeding you misinformation. When you run your own server this is the only thing you will gain.
Encryption won't be needed, but is a good practice overall. No wallets will be saved on the server, except the wallet from Bitcoind. This wallet however will always be empty.
Could a server not also silently log information that could help an investigator to de-anonymise an electrum user (by linking addresses in his wallet)? – bitbutter – 2014-05-23T20:58:53.147
Yes this could happen. By default though Electrum connects to a random server. You can always run a server yourself though; that way you don't have to trust anybody else. – Maran – 2014-05-24T08:26:48.113
3If you can't read or understand the code, it doesn't matter much if you have control over the server that runs it... – o0'. – 2013-03-07T17:17:00.597
1:-) very true , I just wanted to focus the question – barrymac – 2013-03-07T21:43:08.953