joinmarket-clientserver
joinmarket-clientserver copied to clipboard
JoinMarket-Org
Support Electrum Server
https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/277#issuecomment-454020042:
This specific problem should have been addressed by #285. I remain leaning in the direction of removing this Electrum functionality (unless a maintainer decides to take it on).
I'm interested in taking it on.
https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/277#issuecomment-454039567:
I think Electrum functionality could be very useful in combination with JoinMarket-Qt. Thinking about less tech savy people who would just like from time to time mix their coins as a market takers and will not install and sync Bitcoin Core full node (basically, the people to whom Wasabi Wallet is the only alternative right now). Neutrino could be a better alternative in the future, but we are not there yet.
I agree.
In addition, even for the people who do run a full node, they usually run that full node on a dedicated device at home, and can only RPC with that node in their local home network. When they're traveling, they may not be able to use their JoinMarket client on their laptop to send or mix their coins as it would be difficult for them to RPC with their full node at home. (Unless, they do port forwarding on their home router and open up the RPC port of their full node, but that would increase the attack surface of their full node.)
https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/277#issuecomment-454046098:
@kristapsk those are especially the people that should not use the electruminterface. Using the electruminterface will send all your addresses to the server, allowing a malicious server to link together all your addresses. electruminterface should only be used together with EPS or in very special circumstances.
But the alternative would be having no access to JoinMarket at all if the user can not get a full node up and running. 1> I would argue even if some malicious server could link your addresses together, it's still a better case than not doing CoinJoin at all. 2> We can use Tor / VPN to mitigate the problem. 3> The tech savvy people can connect to their own electrum server on their full node at home. 4> Even for less tech savvy people, it's also getting easier and easier for they to run a Electrum Server with the help of open source solutions, like https://github.com/mynodebtc/mynode.
https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/277#issuecomment-454086120:
It's a question what is worse - some server potentially linking together all your wallet addresses or they being linked together in the blockchain, for everybody. But OTOH, people not having their own full node are likely to not know that and then it's probably better to not give them false sense of privacy. So, I had more thoughts about this and dropping Electrum is maybe a good idea.
Privacy is a spectrum. Even if using VPN, the VPN server may still track your activity. Even if using Tor, there are still possibilities to track the activities. In many countries, it's very easy to figure out the address / phone number or even DoB or SSN of other people, but that still doesn't mean we should not protect these information.
I believe even if a solution can not provide 100% absolute privacy, there is still value in that solution if it can improve your privacy. I know even if I used some Credit Card masking service, there are still ways to figure out I was the one spending the money. But that doesn't mean I would simply not use Credit Card masking service.
My point is, the hard requirement of having to run a Bitcoin Full Node has made the learning curve of using JoinMarket very steep. We should allow users to benefit from JoinMarket even if there are still possibilities that their activity may be linked, since their privacy would still be improved. And we can always work on educating the users to continuously improve their best practice.
We can also mitigate the problem by improving the default settings of JoinMarket, like enabling Tor by default.
I also have an idea that maybe we can use multiple Electrum servers, one for each mixdepth. So that even if a malicious Electrum server may connect the addresses together, they can only do so for that particular mixdepth.
And it may not be a huge concern, as by design, the assumption of JoinMarket is that there is a possibility that the addresses of the same mixdepth could be linked together. And that's why the CoinJoin output would always be in another different mixdepth.
With the usage of Tor and/or VPN, I think the privacy improvement of using JoinMarket this way would still be pretty decent.
Existing Electrum code as I understand it was written for Electrum plugin, not standalone use. So new code needs to be written.
Btw, #1088 contains cleanup of all Bitcoin specific code from generic JSON-RPC class, which is needed to implement other JSON-RPC blockchain sources. Also lacks testing / reviews.
Lacking Electrum Server as a blockchain source is one of the reasons JoinMarket is currently incompatible with RaspiBolt v3 (see https://github.com/raspibolt/raspibolt/issues/801). But no worries for that one, there is a plan to solve this. But, anyway, in case person is running node on RPi or some other dedicated device and then want to use JoinMarketQt on a desktop, this would be very useful, as pointing JM to Electrum Server is simpler than doing some SSH tunneling or whatever for Bitcoin Core RPC.
A point of warning: Joinmarket's wallet syncing is really quite a painful business to say the least. I would honestly much rather work on redesigning that almost from scratch ; @chris-belcher had some interesting points about this ; without doing that work, then doing stuff like this, adding new functionality, might be much more difficult than it needs to be (hard to say with certainty).
Not sure what else to say on this really; clearly it's very problematic to just open up "let people run against any Electrum server"; though equally clearly it's not 100% out of the question, given the 'personal server' model.
I wouldn't intend to work on it myself, at least not now.
A couple of points worth of review:
- Recent (last few years) updates to
BitcoinCoreInterfaceseem to have not paid attention to the specific idea of maintaining a BlockchainInterface, that is, functionality has been added toBitcoinCoreInterfacewithout defining it in the Interface object. In the early years this definitely mattered as we had interfaces for remote APIs as well as Electrum (in two ways). But we kind of forgot about it, perhaps erroneously, because we switched to just treating Joinmarket as an application for which Bitcoin Core full node is mandatory. (But if that were actually the case we should have consciously removed the Interface object). If you did this, please make sure theBlockchainInterfacereturns to actually providing the full interface that's needed by theWalletServicefor its syncing actions, which are different today (and have several extra functions) than were required when we first defined that interface. Also on all this: our naming is wrong, we are writingInterfacefor implementations of the Interface. - I think it's mentioned upthread but the still-in-the-code
ElectrumWalletInterfaceis not only defunct but also was specifically created for the old plugin, which never got any traction, and so was abandoned. It might be useful to look at but almost certainly none of that code is usable today.
I also have an idea that maybe we can use multiple Electrum servers, one for each mixdepth. So that even if a malicious Electrum server may connect the addresses together, they can only do so for that particular mixdepth.
Seems like an interesting idea in general, though it will definitely make the code more complicated. If this ends up impacting the code in wallet_service.py or wallet.py I'd be a bit against it, but probably(?) that could be avoided.
One issue with using Electrum servers is that one person's bad privacy decisions affect other people. For example if Alice uses a full node for sync privacy her coinjoin on-chain privacy is damaged if many other JoinMarket users send their addresses to Electrum servers. That is a big problem for this idea.
However there is a solution I think: separate the offerbook into full-node-only and not-full-node-only offers. Takers who use a full node can coinjoin only with makers who only accept other takers that use a full node. Takers who use Electrum servers can coinjoin with makers who accept other takers who coinjoin with Electrum servers. Updating the protocol for this can be done in a backward-compatible way (see https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/721#issuecomment-803231568)
I agree it would be great to make it easier to use JoinMarket even for people who don't have a full node. Someone mentioned having each mixdepth be sync'd from different Electrum servers via different tor streams is also a good idea (but those different Electrum servers might be run by the same person, so this is still not perfect).
I wonder if its valuable for there to exist a script which scans the blockchain for JoinMarket coinjoins, and then does requests on Electrum servers but with a randomly chosen coinjoin output address. So this script would be pretending to sync and pretending to leak information, but it would actually be leaking the wrong information.
Another idea worth exploring is if we can have JoinMarket sync all the addresses in a coinjoin and not just its own. This might require a huge amount of sync'ing since there'd be a big fanout of coinjoins linked to other coinjoins where all those addresses need to be requested. But this big fanout is maybe not a huge deal because Electrum servers can be pretty efficent, I've definitely read about Electrum wallets successfully sync'ing with 2000+ used addresses.
Because of the principle of steganography (see https://en.bitcoin.it/wiki/Privacy#Steganography) it's very important that JoinMarket's requests look exactly the same other common requests out there (presumably the requests of Electrum wallet, but many other wallets use Electrum server too)
... some other dedicated device and then want to use JoinMarketQt on a desktop, this would be very useful, as pointing JM to Electrum Server is simpler than doing some SSH tunneling or whatever for Bitcoin Core RPC.
Wouldn't it be easier to just support the JM daemon running on another machine?
... some other dedicated device and then want to use JoinMarketQt on a desktop, this would be very useful, as pointing JM to Electrum Server is simpler than doing some SSH tunneling or whatever for Bitcoin Core RPC.
Wouldn't it be easier to just support the JM daemon running on another machine?
Yes, it would. But that option still requires having access to a full node. I want to be able to use JoinMarket on my secondary network, while I'm travelling, or for whatever reason that I don't have access to my Bitcoin full node directly.
Yes, it would. But that option still requires having access to a full node. I want to be able to use JoinMarket on my secondary network, while I'm travelling, or for whatever reason that I don't have access to my Bitcoin full node directly.
So Electrum support would be more for people who don't own a full node / can't connect to a full node? Allowing anyone to spin up joinmarket without any bitcoin node or self hosted elctrum server syncing beforehand