Multisig Setup - Security Tradeoffs With Pruned Bitcoin Core Node?

[adam-hurwitz]

What are the security tradeoffs of running a pruned Bitcoin Core node for a multisig wallet, such as Specter?

It seems that using a multisig wallet with a pruned Bitcoin Core node could be a good incremental improvement of securing assets vs. storing funds on an exchange or on a single seed hardware wallet.

1. How is the pruned node run for Specter? Is it running off of Bitcoin Core directly?
   I've heard that similar services, Unchained Capital, run a node supported by Blockstream if I understand correctly.

2. Is the privacy risk mitigated by connecting Bitcoin Core's pruned node through Tor/VPN (That do not save/collect logs)?
   Chain analysis companies are able to gather information from non-self-hosted nodes and tie it to personal information.

3. Are there additional tradeoffs to consider?

The Specter GitHub FAQ "Can I use pruned node?" mentions privacy implications and does not provide further info.

[adam-hurwitz]

1. How is the pruned node run for Specter? Is it running off of Bitcoin Core directly?

• In the Specter setup a pruned node is directly downloaded from Bitcoin Core with the 1-click install in ≥ v1.3.0, as shown in Coinkite's How To Use Specter Wallet video.
• A user on bitcointalk.org provided clarity on using a pruned node in this post.

Security of running a full node versus a light client is obviously higher. Being pruned doesn't change the fact that the node is still a full node, it just doesn't store the historical blocks that are too old.

• It seems I was confusing Specter's usage of Blockstream for their Bitcoin explorer with running the Bitcoin Core node which is unrelated.

2. Is the privacy risk mitigated by connecting Bitcoin Core's pruned node through Tor/VPN (That do not save/collect logs)?

• The bitcointalk.org post also mentions there are potential privacy implications from exposing the Bitcoin Core node on a non-private IP address.

Chain analyzers are analyzing the "chain" not the network although that is a possibility but it is a much harder thing to do. However, you do gain additional privacy when running your clients through TOR since it prevents other kinds of attack such as packet sniffing.