Feature #12177

Set coin selection to "privacy" by default in Electrum

Added by mjenglish 2017-01-25 18:52:23 . Updated 2017-05-21 13:25:29 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Tails_3.0~rc1
Start date:
2017-01-25
Due date:
% Done:

100%

Feature Branch:
feature/12177-electrum-privacy-coin-chooser
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

“Attempts to better preserve user privacy. First, if any coin is spent from a user address, all coins are. Compared to spending from other addresses to make up an amount, this reduces information leakage about sender holdings. It also helps to reduce blockchain UTXO (unspent transaction outputs) bloat, and reduce future privacy loss that would come from reusing that address’ remaining UTXOs. Second, it penalizes change that is quite different to the sent amount. Third, it penalizes change that is too big.”

https://mailman.boum.org/pipermail/tails-dev/2017-January/011198.html

Files

config (73 B) mjenglish, 2017-01-25 18:49:48

Subtasks

History

#1 Updated by anonym 2017-01-26 07:25:01

  • Status changed from New to Confirmed
  • Target version set to Tails_2.11
  • % Done changed from 0 to 30
  • QA Check set to Dev Needed
  • Feature Branch set to oin-chooser

Branch not tested.

#2 Updated by anonym 2017-01-26 07:25:40

  • Feature Branch changed from oin-chooser to feature/12177-electrum-privacy-coin-chooser

Whoops!

#3 Updated by anonym 2017-01-26 08:15:30

  • Status changed from Confirmed to In Progress

Applied in changeset commit:034012e5ef57160ddbecbe0730bde878d7d96547.

#4 Updated by mjenglish 2017-01-26 15:06:49

anonym wrote:
> Applied in changeset commit:034012e5ef57160ddbecbe0730bde878d7d96547.

I thought that we were just changing the coin selection. Why did you add default options for the server like auto connect? Electrum has a limited amount of trust in the server for confirming transactions, so the user should be able to pick a specific server that they trust.

#5 Updated by mjenglish 2017-01-26 15:32:14

mjenglish wrote:
> anonym wrote:
> > Applied in changeset commit:034012e5ef57160ddbecbe0730bde878d7d96547.
>
> I thought that we were just changing the coin selection. Why did you add default options for the server like auto connect? Electrum has a limited amount of trust in the server for confirming transactions, so the user should be able to pick a specific server that they trust.

Sorry, I was unaware of Bug Bug #12140 . That seems like a bug that should be reported and fixed upstream.

#6 Updated by anonym 2017-01-26 15:55:14

  • Assignee changed from anonym to mjenglish
  • QA Check changed from Dev Needed to Info Needed

mjenglish wrote:
> anonym wrote:
> > Applied in changeset commit:034012e5ef57160ddbecbe0730bde878d7d96547.
>
> I thought that we were just changing the coin selection. Why did you add default options for the server like auto connect? Electrum has a limited amount of trust in the server for confirming transactions, so the user should be able to pick a specific server that they trust.

Note that this Git branch only adds the coin_chooser option, the other options were already there (and are present in Tails 2.10). And yes, we don’t want to expose users to server selection. How does one assess the trustability of an Electrum server? If you have an answer, then ask yourself: how do I explain this to an average computer user? I expect it will require something unreasonable from the user, so the current situation is our only reasonable option.

IIRC the Electrum servers can DoS you by suppressing your transaction, and forge your balance. These are not terrible, especially since restarting Electrum will likely lead to another server being picked => problem solved. So it doesn’t seem that bad to me, but please enlighten me if I am wrong.

#7 Updated by mjenglish 2017-01-26 16:09:06

anonym wrote:
> Note that this Git branch only adds the coin_chooser option, the other options were already there (and are present in Tails 2.10).

Yes, I noticed that.

> And yes, we don’t want to expose users to server selection. How does one assess the trustability of an Electrum server? If you have an answer, then ask yourself: how do I explain this to an average computer user? I expect it will require something unreasonable from the user, so the current situation is our only reasonable option.
>
> IIRC the Electrum servers can DoS you by suppressing your transaction, and forge your balance. These are not terrible, especially since restarting Electrum will likely lead to another server being picked => problem solved. So it doesn’t seem that bad to me, but please enlighten me if I am wrong.

Electrum actually does a good job of informing users about unconfirmed transactions in the GUI. Also, it is very difficult to target a specific user behind Tor. Sometimes I am over paranoid :). That change is fine.

What I was trying to say was that it would be better to get the bug fixed rather than trying to work around it. It might be worth reporting it here: https://github.com/spesmilo/electrum

#8 Updated by mjenglish 2017-01-26 16:11:40

mjenglish wrote:
> What I was trying to say was that it would be better to get the bug fixed rather than trying to work around it. It might be worth reporting it here: https://github.com/spesmilo/electrum

Regarding this feature, we should continue. I wasn’t aware of the previous edit to the config file which was my mistake.

#9 Updated by anonym 2017-03-09 14:00:32

  • Target version changed from Tails_2.11 to Tails_2.12

#10 Updated by intrigeri 2017-04-20 06:51:07

  • Target version deleted (Tails_2.12)

mjenglish: I don’t really understand the discussion you’ve had with anonym here, so please reassign to him once you feel you’ve provided all the requested info and the branch is ready to be reviewed :)

#11 Updated by mjenglish 2017-04-21 00:25:48

intrigeri wrote:
> mjenglish: I don’t really understand the discussion you’ve had with anonym here, so please reassign to him once you feel you’ve provided all the requested info and the branch is ready to be reviewed :)

I can’t reassign the ticket. It is locked.

#12 Updated by intrigeri 2017-04-29 11:38:10

> I can’t reassign the ticket. It is locked.

Ouch, sorry about that! I’ve just granted you Redmine credentials that should be enough to edit such ticket metadata.

#13 Updated by mjenglish 2017-04-30 15:10:28

  • Assignee changed from mjenglish to anonym

#14 Updated by mjenglish 2017-04-30 18:08:22

  • Target version set to Tails_3.0
  • QA Check changed from Info Needed to Ready for QA

#15 Updated by anonym 2017-05-04 12:51:36

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • Target version changed from Tails_3.0 to Tails_3.0~rc1
  • % Done changed from 30 to 100
  • QA Check changed from Ready for QA to Pass

Sorry for losing track of this! And thanks, intrigeri, for noticing the lack of assignee! :)

So I’ve merged this (after testing it, i.e. building an image and starting Electrum and making sure that the preferences are as expected) so it will be part of Tails 3.0, although you can get a preview in the first release candidate.

mjenglish, as for the unrelated discussion about Electrum server trust, feel free to open a new ticket here, or, preferably, bring this issue to the upstream developers. Please Cc me or keep me included in some other way in that case!

#16 Updated by anonym 2017-05-04 18:20:26

  • Status changed from Fix committed to In Progress

Applied in changeset commit:3de276e44830c03b095a5d1b20a2e47cd91d4b60.

#17 Updated by anonym 2017-05-04 18:20:26

  • Status changed from In Progress to Fix committed

Applied in changeset commit:53c8a7edeea908487485db879069eae7e1f76cf0.

#18 Updated by mjenglish 2017-05-21 13:25:29

  • Status changed from Fix committed to Resolved