Design proposal. Replace electrum to sparrow

Design proposal: Replace electrum bitcoin wallet with a more privacy and anonymity oriented Sparrow wallet? electrum is the standard, popular and installed by default in Tails, but lacks many important privacy (and user experience) features.
http://sparrowa7io5pz6ud3ehqzosvepbxbxt2zphmkjsylp2zgxooko23pqd.onion
https://sparrowwallet.com/

Reasons to leave Electrum:
Popularity and time tested
Ability to easily update via apt,

Reasons to replace Electrum:
Sparrow supports deterministic builds, build process from source is trivial, instructions on github,
Focused on privacy, security and convenience, description: http://sparrowa7io5pz6ud3ehqzosvepbxbxt2zphmkjsylp2zgxooko23pqd.onion/features/
Provides the ability to check the signatures of installation files.
Works more efficiently with whonix (Electrum doesn’t work for me when started with stream isolation with torsocks, Sparrow works fine)

Problems:
Impossibility of updating via apt, only self-assembly or installation of deb from github. Whonix developers will either have to build themselves and add whonix to the whonix repository, or install each whonix update as a deb package from github (cannot be updated via apt upgrade)

1 Like

First, don’t take the following response as personal, it is only resource based, not opinions.

Sparrow supports deterministic builds

False.

22 days ago the developer said to try again: SystemModulesPlugin sometimes breaks reproducibility by encoding different ModuleDescriptor hashCodes · Issue #197 · sparrowwallet/sparrow · GitHub
But really I am tired of compiling, java is resource hungry to build.
So the thing is, the developer said: “try again”
He didn’t say: “it is working, try again”

So if you videoclip your build and diff -R the built directory and the release directory and the output is exactly 0, let me know.

Also deterministic doesn’t mean that it is building deterministically only on the maintainer machine, but on all new debian installs.

build process from source is trivial,

False.

Reason 1 is java is resource hungry, try to build it and see how much ram and cpu it uses.

Reason 2: docs to build are incomplete, Reproducible doc by nyxnor · Pull Request #200 · sparrowwallet/sparrow · GitHub

Reason 3: the developer advertised it is a reproducible build before it being reproducible, and hasn’t removed it yet, because it is not.

Focused on privacy

Besides BIP47, the rest is using a centralized coinjoin server by samourai, the whirlpool.

Read the docs Electrum Bitcoin Wallet

It is not to start with torsocks, it is to set its own socksport.
Electrum respects the proxy field.

That is the main reason that it is not gonna happen.

I don’t disagreee that Sparrow is better than Electrum with UX and features, I’m just saying that it doesn’t meet 2 requirements:

1 Like

https://github.com/sparrowwallet/sparrow/issues/619#issuecomment-1209304845

latest release not reproducible v1.6.6.

one extra release was made to compare but still, show that it is not complete.

I agree with you and thank you for your time and detailed answers, I’m sorry for the bad suggestion

Sparrow is not a “bad” suggestion.
It is a great wallet, it is just not reproducible nor in the deb.debian.org repo.

Keep up exploring.

2 Likes

Sparrow phones home

Tested electrum, it is worse, phones to all the available servers, even before trying to set your own server.

Quite difficult to configure electrum (or any Bitcoin light wallet) for higher privacy.

For blockchain generally, it seems always required to download the full blockchain for highest privacy. Even for Monero.

As for using electrum with higher privacy, a full blockchain download, it is possible in combination with ElectrumX. See:

1 Like

I’m aware of electrum servers, the issue I reported above was that just by opening the wallet, it starts trying to reach the default servers, even before you configure you own.
Not that it is downloading anything, it is just testing if it is reacheable.

But yes, using self hosted electrum server is the best.

But on the regards of wallet sync, Sparrow and Electrum uses Electrum Server, but Sparrow does not ping that many domains on wallet startup.

1 Like

Patrick, Sparrow is becoming reproducible soon, this, for me, makes it much more trustworthy.

The telemetry issue was fixed, but needs to disable by configuration, so it basically will ping on the first wallet startup. It checks third party exchange rates and software updates.

There is a person trying Sparrow with Whonix:

But I managed to make it work, with electrum proxy host and port, so didn’t understand his issue.

Even if there is no package for whonix because it takes some resources to build and adding extra jdk repo and not official to deb.debian.org, do you mind if I do a guide for it?

Another reason I see to do it is it a modern client compared to electrum.

One reason I didn’t manage to fix is that the help options on the gui are not really clickable on Qubes, you have to press Ctrl+p for preferences because on Qubes, the Sparrow GUI doesn’t properly work.

The guide would differ from electrum because it would need to check the signed binaries.

But in the end, the guide would equal on setting the proxy to electrum, setting a private server if any and

  • setting the proxy url to the GW IP and port 9111
    • Non-Qubes-Whonix GW IP → 10.152.152.10
    • Qubes-Whonix GW IP → From WS: qubesdb-read /qubes-gateway

2 open issues, Debian integration and menu disappearing on Qubes XFCE (less important as whonix is not only for Qubes). Non-Qubes-Whonix don’t have this problem as far as I know from people using it.