Electrum's doc is hosted on a wiki: https://electrum.orain.org/wiki/Main_Page
Edition even seems to be open to non-identified users. So please improve upstream's documentation before including things in Tails. Cheers, BitingBird sajolida: >> On 28/02/2015 21:35, Minoru wrote: >>> sajolida, >> >>> Yes, this attack is not targeted. I think that I have provided >>> enough information about the attack, so now we need to work towards >>> a solution. Currently, I do not think that there a simple solution >>> for all users. I wanted to write documentation so that users who >>> were concerned could execute some solutions. I proposed writing >>> the documentation for Tails because this attack is specific to >>> Tails. Electrum would not want it on their website because it >>> effects so few of their users and they do not host very much >>> documentation anyway. You still have not told me what you think of >>> the three sections of documentation that I proposed writing. I >>> wanted your approval before I started working on it to meet the >>> 1.3.1 release. > > Thomas White: >> If I have followed this topic correctly, a solution or defence against >> it would be to have more hidden service electrum services? > > Right, that's what I understood as well. The proper solution for this > problem would then be to have a bunch of Electrum servers running behind > hidden services and included in the default pool. > > When running Electrum from Tails, I see that it connects to several > servers on port 50002. If we'd have a bunch of hidden services, operated > by different people are organization, then I guess the problem would be > solved. But that's not something we can fix in Tails (I think). > > But I've not seen that topic raised on the Electrum bug tracker. Minoru, > do you know if it is already technically possible to add .onion > addresses to the pool of server? If so, then I'm sure we can find > volunteers to run them. > > Then regarding your documentation proposal, which are: > >>> 1. Explain block confirmations (temporary fix for Electrum displaying >>> money that you actually do not have) >>> 2. Explain watching-only wallets (temporary fix for Electrum not >>> displaying money that you actually do have) > > Could you explain to a Bitcoin ignorant like me what are "watching-only > wallets" and "block confirmations" and how someone using Electrum in > Tails would implement them to defeat the attack? Very quickly, just to > understand the idea... > >>> 3. Explain a possible long term solution to this problem by using >>> trusted Electrum servers accessed by a Tor hidden service (I might >>> remove this point because I'm not sure if it is currently possible >>> execute this solution since not many .onion Electrum servers exist >>> and it is difficult to trust centralized services) > > Seeing that Electrum connects to several servers in parallel, I > understand that it is not relying on a centralized service. > > > > _______________________________________________ > Tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > [email protected]. > _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
