privacy leak when calling 3rd party servers such as bitcoinaverage. crash when using torify.

[dan-da]

Presently evaluating electrum client with privacy in mind. In particular running it against local electrum server and the goal is to avoid any network level IP address leaks.

I notice that 3rd party providers are used for exchange rate and possibly other things. ( I see block explorers listed in preferences. )

This constitutes a leak of user's IP address to a 3rd party.

I do not find any option to route these requests over the Tor proxy. There is Tools -> Network -> Proxy dialog, but if I'm not mistaken that is only for connections to electrum server, not to 3rd parties.

So I think there should be an option to proxy calls to 3rd parties also, or at least to make it clear whether those calls are being proxied or sent clearnet.

I attempted to work around the issue by running "torify electrum", which works, except that then the process crashes when I attempt to read a QR code, because torify says "unsupported syscall number 257". It seems that torify/torsocks has syscalls whitelisted in code, so maybe I cannot work around that easily.

[ecdsa]

why do you assume and write an issue, instead of checking first?

[dan-da]

a) because it was unclear and confusing even to me, a developer. indeed, I could have checked further. my apologies. I see you have clarified the language now. thanks!

b) because there is still a technical issue that blocks my privacy goals.

With my current setup which is using --oneserver against electrumx on localhost, if I check the "Use Tor proxy at port 9050" option then I immediately lose the server connection. I assume this is because it is trying to connect to localhost over Tor, which of course fails.

So it seems to me that this is another reason to make the proxy settings settings separate, or perhaps a simpler impementation would be to prevent localhost connections from using proxy connection... possibly as an option. eg: "[x] avoid proxy for localhost connections"