jimbocoin πŸƒ's avatar
jimbocoin πŸƒ 1 year ago
Leaking your XPUB is a privacy risk. Whoever gets that knows every address that belongs to your wallet: past, present and future. They don’t necessarily know those addresses belong to *you* personally, but they know the addresses go together. The most likely way you’ll leak your XPUBs is by connecting to an Electrum server, or a vendor’s wallet that collects this data. When you start up Sparrow, it’ll ask how you want to connect to your node. Options include Bitcoin Core, private Electrum server, and public Electrum server. For maximum privacy and speed, it’s best to run your own Electrum server. I’ve used ElectrumX and Fulcrum. I’ve heard good things about electrs but I haven’t tried it. If your wallet has previously been connected to some other service, like, say, your hardware vendor’s app, then your XPUB has in all likelihood already been leaked. The only way to keep this private is to set up your own wallet from scratch and ensure that your wallet software (Sparrow) only connects to a private Electrum server (preferred self-hosted).
↑ Parent

Replies (3)

binsky's avatar
binsky Binsky@noderunners.org 1 year ago
Wow! Ton of information here indeed! I mean. Using the XPUB to generate a watch-only wallet (for instance on Blockstream green) comes in handy I think. But indeed… it β€œleaks” all your addresses to some software you don’t own. However, that software being open source is β€œsafer”?
1 replies ↓
π–“π–”π–Šπ–—π–’π–˜'s avatar
π–“π–”π–Šπ–—π–’π–˜ noerms@getalby.com 1 year ago
Thanks again for your huge help πŸ™ I thought through this and have another question: When i set up a completely fresh keysore because i am afraid my xpub was leaked and then send the funds to the new keystore, aren’t they still trackable by the entity that knows the previous xpub? canβ€˜t they just link the transaction to the new adress? πŸ€”
2 replies ↓
↑