The dangers of proliferation of XPUBs \ stacker news ~bitcoin

693 sats \ 16 comments \ @chungkingexpress 26 Dec 2022 bitcoin

Does anyone have any thoughts on the dangers of XPUB proliferation? It seems a lot of services enjoy asking for these, which seems to prevents a serious privacy risk.

The XPUB reveals all past transactions and enables "watching" a wallet without the ability to spend. This can be useful to watch your own cold storage wallet on your mobile wallet, for example, but it also means that if other people have your XPUB they can watch every transaction you make and start building a profile on your actions.

It seems both Ledger Live and Trezor Suite allow you to import XPUBs and use them on their mobile apps. Is this something that is strictly locally stored? Does it call home to mama? Have the HW manufacturers clarified what their data retention process is here?

It seems in an adversarial environment, the Government etc, could request Ledger / Trezor to handover all XPUBs and IP addresses of those user to start narrowing down who's who and start putting total net balances against people's names (which in the case of Ledger are already leaked).

I guess these providers are already privy to sensitive traffic as you are using their nodes when going through Ledger Live or Trezor Suite. I think there needs to be more awareness of the tradeoffs of using the default software packages, and many people don't realise that you can access the HW through less invasive software such as Electrum.

Anyway thought I would throw it out there and see what everyone thinks!

view all related items

31 sats \ 2 replies \ @DarthCoin 26 Dec 2022

If you use a hardware wallet, use it connected to Electrum and / or Sparrow, that is connected to your own node. Done. And nobody will "see" your xpub.

Seems that many people love to use the Muun wallet, but I wonder why they never ask an important question in regards of xpub of Muun: WHO is reading that xpub? Because the user itself cannot obtain it / extract it to manage it separately. Muun server must know it, otherwise can't do the mumbo jumbo with submarine swaps.

I really don't understand how so many "privacy advocates" recommend Muun as safe wallet app when only Muun servers control the xpub of that wallet.

😂😂😂😂😂😂😂😂😂

11 sats \ 0 replies \ @guyfawkes 26 Dec 2022

Great write up of how to run your own node. As a non tech person, so glad I invested the time to learn. https://darthcoin.substack.com/p/umbrel-bitcoin-ln-node

0 sats \ 0 replies \ @ln123 26 Dec 2022

Good point. Muun does have many shortcomings.

25 sats \ 1 reply \ @ln123 26 Dec 2022

quite right, xpubs are / should be kept private

best to avoid the vendor sites if possible and connect your HW device to your own node

1 sat \ 0 replies \ @chungkingexpress OP 26 Dec 2022

I don't know how well-known it is that you can skip the vendor software mostly (once firmware is up-to-date, I think - maybe for initial seed generation but while offline?).

40 sats \ 5 replies \ @notgeld 26 Dec 2022

You can create as many XPUBs as you need. There is no danger.

The problem on the other hand is that it may be more practical to re-use single address since many services may channel small UTXOs on different addresses which inevitably will be joined together in one transaction. See donation case (Tallycoin) for example.

In case you have mentioned I'd rather use self-hosted backends for watch wallets. Services like Trezor, Leger and famously Samourai Wallet may collect user's XPubs, indeed.

199 sats \ 0 replies \ @Eximpius 26 Dec 2022

Yeah, this is what I do. If i buy from a KYC-CEX. I send to the same address every time. That way there is only ever 1 address tied to me by kyc. I can then coinjoin those UTXOs if I want over time.

2 sats \ 1 reply \ @chungkingexpress OP 26 Dec 2022

Does Wasabi collect XPUBs? For the others, I imagine the issue is that there is a large number of mid-skill people who are comfortable using a hardware wallet, but they only want to do the seed phrase once and then that is that. So ends up being 1 XPUB for everything. They connect it via Trezor / Ledger and then that company has a pretty solid record of everything.

1 sat \ 0 replies \ @notgeld 26 Dec 2022

I don't know about Wasabi. Likely no. Yes. But there is also a convenience factor at play. With increased adoption and many services allowing to use Bitcoin people may get used to sharing XPubs across services.

1 sat \ 1 reply \ @TheGoon 27 Dec 2022

I don't understand why Craig Raw added it, but it doesn't look good for software that markets itself as a "privacy tool", dubious. But hey, I didn't understand Moxie's motives either...

0 sats \ 0 replies \ @notgeld 27 Dec 2022

There is Samourai Community and everybody else. I don't think they do intersect much since anything said about SW provokes a tsunami of aggressive responses.

Nobody really markets Lightning Network as privacy tool since this is a network and many builders do something else and privacy comes as sort of by-product not a major feature for sale. So I can't remember really big flame wars around privacy in LN.

10 sats \ 0 replies \ @sime 28 Dec 2022

It seems both Ledger Live and Trezor Suite allow you to import XPUBs and use them on their mobile apps. Is this something that is strictly locally stored? Does it call home to mama? Have the HW manufacturers clarified what their data retention process is here?

Yes, Trezor uses XPUBs. Why? Because it faster, thus better UX.

Queries to Blockbook (the backend Trezor Suite connects to) with a XPUB rather than sending hundreds of individual addresses.

Though, if you are privacy conscience, you can connect Trezor Suite to your own Electrum node: https://blog.trezor.io/connecting-your-wallet-to-a-full-node-edf56693b545

If that is too hard, you can enable Tor within Trezor Suite. That that way there is no connect between your real IP and XPUB on Blockbook.

What data does Trezor collect? Firstly, it's opt-in and it's anonymous: https://github.com/trezor/trezor-suite/blob/develop/docs/analytics/index.md

1 sat \ 0 replies \ @0260378aef 26 Dec 2022

What you describe is indeed very problematic.

Here's something else that's problematic: if you made your xpub public and ever revealed even one private key, for example thinking that it's safe because you already spent the money and there's nothing "on" that private key any more, then you accidentally revealed all the private keys in that entire account... (this is warned about in BIP32 btw).

(If you have a multi-account wallet, then at least compromise of one account like this doesn't compromise others .. unfortunately almost nobody uses multi-account wallets any more, though).

0 sats \ 1 reply \ @byzantine 27 Dec 2022

what service are actively asking for private xpubs? I understand the leaking of them via query servies like a a ledger live or electrum but those are not kyc linking to an xpub

0 sats \ 0 replies \ @chungkingexpress OP 27 Dec 2022

Coin watch tools, accounting tools

0 sats \ 0 replies \ @01xCc 26 Dec 2022

скачай кошелек на пк core 21.

но если найден метод сбора информации значит нужно сделать способ отсутствия информации в этом сигменте.