I’m working on new instructions for the wiki.
Edit: With the exception of some screenshot edits and some minor content edits, this is page is done. Will post tomorrow for review 
2 Likes
We are looking forward it!
New Electrum instructions are available. Be sure to verify the AppImage and create a backup of you seed before hand.
2 Likes
Electum allows you to open many wallets at once, all of them seem to open the same settings window which shows the same electrum server, so I guess all instances use the same electrum server to query the blockchain BUT does each of them use the same tor circuit?
Because if that is the case, whoever runs the server can see that all those wallets are used by the same end IP, hence probably by the same person.
So, privacy decrease.
please?
Hi Queens
Its hard to say. To find out you can install onioncircuits from jessie-backports. You can find instructions for adding backports to the sources.list here
Whonix 14 (upcoming release) onioncircuits is installed by default
Probably not unless they designed it to explicitly support Tor and documented that somewhere.
Make a separate snapshot for each identity to be absolutely safe. Also backup all keys so your accounts don’t get destroyed if you accidentally rollback or corrupt a snapshot.
I followed this guide How-to: Use Electrum Bitcoin Wallet in Whonix ™ and installed electrum from debian stretch-backports repository, but it installs version 3.1.3 which is old version, the latest version is 3.3.3. I tried to install the latest version following the instructions from electrum site, but it needs python 3.6, and the installed version of python is 2.7. I found some guides which show how to install python 3.6 from debian testing repository, which i haven’t tested, but will this break whonix security?
Electrum version 3.1.3 is vulnerable to a phishing malware popup attack: http://electrum-malware.surge.sh/
Users should not be installing Electrum version 3.1.3, the wiki needs updating.
Since there is not possible to install the latest 3.3.3 version via apt, what can happen if i use version 3.1.3? The warning from electrum site is:
Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack 1, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.
Which means that if i don’t download fake version of electrum i will be safe. Is there any other risks of using version 3.1.3?
As long as you use APT to install/update electrum (sudo apt-get install electrum // sudo apt-get update && sudo apt-get dist-upgrade) this vulnerability will not affect you.
As far as any other risks, there are always risks and/or unknown vulnerabilities.
1 Like
Yes, but updating electrum using apt will not be possible until debian include version 3.3.3 in its repository, correct? Which i think will not happen with the current debian stretch version, because electrum 3.3.3 needs python 3.6, and debian stretch do not use python 3.6.
Correct.
Looks likely.
python3.6 is not stretch-backports, so unlikely indeed.
And worse so, python3.6 is not even in Debian buster, only in Debian sid.
https://packages.debian.org/sid/python3.6
https://tracker.debian.org/python3.6
https://tracker.debian.org/news/1025205/python36-removed-from-testing/
This is what i don’t like in debian, it uses too many outdated packages.
Hi @,
I am currently using Electrum-3.3.2 which is not recommended anymore.
Is there an easily and safest way to upgrade my current version to Electrum-3.3.4.?
Thank you for your greatful help.
Best regards,
Edit : I read the thread and it seems I can’t upgrade as python 3.6 is not available on debian stretch, would you please confirm ? Thanks
Hi Cottonwoodhill
Good to see you again!
The latest version of Electrum available from the Debian repositories is electrum-3.2.3-1 . This is from the unstable (sid) repo.
https://packages.debian.org/sid/electrum
The only easy/safe way that i know to install electrum is from Debian repositories.
Please see:
2 Likes
Hi 0brand
It is always a pleasure to read you and I really appreciate the help & time you provide when somebody needs some support 
Well, I’m still over there, reading & learing but you are right I haven’t posted for some time.
I’m gonna to have a look on your documentation but just to be sure, you wanted to point out the Electrum (3.2.3-1) version and not Electrum-3.3.2 which I am allready using ?
Thanks again and best regards.
Edit : typos, sorry for that.
1 Like
Correct. That was a typo. (my bad) Its electrum-3.2.3-1 installed from Debian unstable (sid). Keep in mind the older versions are vulnerable to the fishing attack vulnerability but that will not be a problem as long as you update your packages using APT.
2 Likes
Correct. That was a typo. (my bad) Its electrum-3.2.3-1 installed from Debian unstable (sid). Keep in mind the older versions are vulnerable to the fishing attack vulnerability but that will not be a problem as long as you update your packages using APT.
Great 
Thanks so much for your precision !
Have a nice day and read you soon 
1 Like
I have setup Electrum with the stream isolation recommendations as per the documentation. It works fine. However, the following does cause concern:
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
some recommendations on the interwebs involve updating Python to 2.9. Not sure how credible those are though
any opinions?