public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
@ 2015-08-18 23:31 F L
  2015-08-18 23:56 ` Andrew LeCody
  2015-08-19  0:00 ` Patrick Strateman
  0 siblings, 2 replies; 9+ messages in thread
From: F L @ 2015-08-18 23:31 UTC (permalink / raw)
  To: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1347 bytes --]

Bitcoin XT contains an unmentioned addition which periodically downloads
lists of Tor IP addresses for blacklisting, this has considerable privacy
implications for hapless users which are being prompted to use the
software. The feature is not clearly described, is enabled by default,
and has a switch name which intentionally downplays what it is doing
(disableipprio). Furthermore these claimed anti-DoS measures are
trivially bypassed and so offer absolutely no protection whatsoever.

Connections are made over clearnet even when using a proxy or
onlynet=tor, which leaks connections on the P2P network with the real
location of the node. Knowledge of this traffic along with uptime metrics
from bitnodes.io can allow observers to easily correlate the location and
identity of persons running Bitcoin nodes. Denial of service can also be
used to crash and force a restart of an interesting node, which will
cause them to make a new request to the blacklist endpoint via the
clearnet on relaunch at the same time their P2P connections are made
through a proxy. Requests to the blacklisting URL also use a custom
Bitcoin XT user agent which makes users distinct from other internet
traffic if you have access to the endpoints logs.


https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23


[-- Attachment #2: Type: text/html, Size: 1633 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-18 23:31 [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks F L
@ 2015-08-18 23:56 ` Andrew LeCody
  2015-08-19  0:00 ` Patrick Strateman
  1 sibling, 0 replies; 9+ messages in thread
From: Andrew LeCody @ 2015-08-18 23:56 UTC (permalink / raw)
  To: F L, bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1777 bytes --]

This should probably be posted on the BitcoinXT mailing-list, as Bitcoin
Core does not currently include this feature.

On Tue, Aug 18, 2015 at 6:36 PM F L via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Bitcoin XT contains an unmentioned addition which periodically downloads
> lists of Tor IP addresses for blacklisting, this has considerable privacy
> implications for hapless users which are being prompted to use the
> software.  The feature is not clearly described, is enabled by default, and
> has a switch name which intentionally downplays what it is doing
> (disableipprio).  Furthermore these claimed anti-DoS measures are trivially
> bypassed and so offer absolutely no protection whatsoever.
>
> Connections are made over clearnet even when using a proxy or onlynet=tor,
> which leaks connections on the P2P network with the real location of the
> node.  Knowledge of this traffic along with uptime metrics from
> bitnodes.io can allow observers to easily correlate the location and
> identity of persons running Bitcoin nodes.  Denial of service can also be
> used to crash and force a restart of an interesting node, which will cause
> them to make a new request to the blacklist endpoint via the clearnet on
> relaunch at the same time their P2P connections are made through a proxy.
> Requests to the blacklisting URL also use a custom Bitcoin XT user agent
> which makes users distinct from other internet traffic if you have access
> to the endpoints logs.
>
>
>
> https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 2520 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-18 23:31 [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks F L
  2015-08-18 23:56 ` Andrew LeCody
@ 2015-08-19  0:00 ` Patrick Strateman
  1 sibling, 0 replies; 9+ messages in thread
From: Patrick Strateman @ 2015-08-19  0:00 UTC (permalink / raw)
  To: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1710 bytes --]

First of all I would like to say... LOL

Second Andrew LeCody is correct, this is off topic.

On 08/18/2015 04:31 PM, F L via bitcoin-dev wrote:
> Bitcoin XT contains an unmentioned addition which periodically
> downloads lists of Tor IP addresses for blacklisting, this has
> considerable privacy implications for hapless users which are being
> prompted to use the software.  The feature is not clearly described,
> is enabled by default, and has a switch name which intentionally
> downplays what it is doing (disableipprio).  Furthermore these claimed
> anti-DoS measures are trivially bypassed and so offer absolutely no
> protection whatsoever.
>
> Connections are made over clearnet even when using a proxy or
> onlynet=tor, which leaks connections on the P2P network with the real
> location of the node.  Knowledge of this traffic along with uptime
> metrics from bitnodes.io can allow observers to easily correlate the
> location and identity of persons running Bitcoin nodes.  Denial of
> service can also be used to crash and force a restart of an
> interesting node, which will cause them to make a new request to the
> blacklist endpoint via the clearnet on relaunch at the same time their
> P2P connections are made through a proxy.  Requests to the
> blacklisting URL also use a custom Bitcoin XT user agent which makes
> users distinct from other internet traffic if you have access to the
> endpoints logs. 
>
>  
> https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


[-- Attachment #2: Type: text/html, Size: 2878 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-19 15:45     ` Mike Hearn
@ 2015-08-19 18:51       ` Btc Drak
  0 siblings, 0 replies; 9+ messages in thread
From: Btc Drak @ 2015-08-19 18:51 UTC (permalink / raw)
  To: Mike Hearn; +Cc: Bitcoin Dev

On Wed, Aug 19, 2015 at 4:45 PM, Mike Hearn via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> The code was peer reviewed, in the XT project. I didn't bother submitting
> other revisions to Core, obviously, as it was already rejected.
>
> The quantity of incorrect statements in this thread is quite ridiculous.

Would you kindly link to said peer review as I was unable to find it
other than a couple of comments between you and Gavin which hardly
amounts to peer review.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-19  2:25   ` Peter Todd
@ 2015-08-19 15:45     ` Mike Hearn
  2015-08-19 18:51       ` Btc Drak
  0 siblings, 1 reply; 9+ messages in thread
From: Mike Hearn @ 2015-08-19 15:45 UTC (permalink / raw)
  To: Peter Todd; +Cc: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 212 bytes --]

The code was peer reviewed, in the XT project. I didn't bother submitting
other revisions to Core, obviously, as it was already rejected.

The quantity of incorrect statements in this thread is quite ridiculous.

[-- Attachment #2: Type: text/html, Size: 302 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-19  1:36 ` Peter Todd
  2015-08-19  1:48   ` Gregory Maxwell
@ 2015-08-19  2:25   ` Peter Todd
  2015-08-19 15:45     ` Mike Hearn
  1 sibling, 1 reply; 9+ messages in thread
From: Peter Todd @ 2015-08-19  2:25 UTC (permalink / raw)
  To: Christophe Biocca, bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]

On Tue, Aug 18, 2015 at 06:36:45PM -0700, Peter Todd via bitcoin-dev wrote:
> is false. However, in the common scenario of a firewalled node, where
> the operator has neglected to explicitly set -listen=0, the code does
> still download the Tor exit node list, revealing the true location of
> the node. This is contrary to the previous behavior of not revealing any
> IP information in that configuration.
> 
> FWIW Gregory Maxwell removed the last "call home" feature in pull-req
> #5161, by replacing the previous calls to getmyip.com-type services with
> a local peer request. Similarly the DNS seeds use the DNS protocol
> specifically to avoid leaking IP address information.
> 
> tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
> node list download.

Oh, and I just checked, and Mike's original pull-req for the Tor
blacklist didn't include the proxy disable code; what's in master != the
pull-req, so the OP may have been looking at the wrong code by accident.
(I personally noticed this issue in the pull-req and didn't realise it
hadn't been merged into master w/o modifications)

https://github.com/mikehearn/bitcoinxt/commit/931a4d59a03c7e64d7d85ddfc07ae127533c7f28#diff-11780fa178b655146cb414161c635219R171

Kinda sloppy of Mike to be making changes in master that don't
correspond to the peer-reviewed pull-req code...

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-19  1:36 ` Peter Todd
@ 2015-08-19  1:48   ` Gregory Maxwell
  2015-08-19  2:25   ` Peter Todd
  1 sibling, 0 replies; 9+ messages in thread
From: Gregory Maxwell @ 2015-08-19  1:48 UTC (permalink / raw)
  To: Peter Todd; +Cc: Bitcoin Dev

On Wed, Aug 19, 2015 at 1:36 AM, Peter Todd via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
> node list download.

It's not a bug, it's a feature: These concerns and others were
specifically called out when we rejected this submission to Bitcoin
Core in favor of a more generic approach that lacks the privacy
problems and avoids being explicitly punitave to the use of Tor.

At least it's not a full on block as soon a the node fills for the
first time like the first implementation.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
  2015-08-19  1:08 Christophe Biocca
@ 2015-08-19  1:36 ` Peter Todd
  2015-08-19  1:48   ` Gregory Maxwell
  2015-08-19  2:25   ` Peter Todd
  0 siblings, 2 replies; 9+ messages in thread
From: Peter Todd @ 2015-08-19  1:36 UTC (permalink / raw)
  To: Christophe Biocca; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 3555 bytes --]

On Tue, Aug 18, 2015 at 09:08:01PM -0400, Christophe Biocca via bitcoin-dev wrote:
> So I checked, and the code described *does not* run when behind a
> proxy of any kind, including tor:
> 
> https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23#diff-11780fa178b655146cb414161c635219R265
> 
> At least based on my admittedly weak understanding of how the internal works.
> 
> Hopefully I save the next reader of your post from also having to dig
> around to find the code and realize this is a false alert.

That's not entirely correct.

The code does disable downloading of the Tor exit node list if fListen
is false, or if there is a proxy setup, this means the statement:

>  Connections are made over clearnet even when using a proxy or
>  onlynet=tor,

is false. However, in the common scenario of a firewalled node, where
the operator has neglected to explicitly set -listen=0, the code does
still download the Tor exit node list, revealing the true location of
the node. This is contrary to the previous behavior of not revealing any
IP information in that configuration.

FWIW Gregory Maxwell removed the last "call home" feature in pull-req
#5161, by replacing the previous calls to getmyip.com-type services with
a local peer request. Similarly the DNS seeds use the DNS protocol
specifically to avoid leaking IP address information.

tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
node list download.

> On Tue, Aug 18, 2015 at 6:36 PM F L via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
> 
> > Bitcoin XT contains an unmentioned addition which periodically downloads
> > lists of Tor IP addresses for blacklisting, this has considerable privacy
> > implications for hapless users which are being prompted to use the
> > software.  The feature is not clearly described, is enabled by default, and
> > has a switch name which intentionally downplays what it is doing
> > (disableipprio).  Furthermore these claimed anti-DoS measures are trivially
> > bypassed and so offer absolutely no protection whatsoever.
> >
> > Connections are made over clearnet even when using a proxy or onlynet=tor,
> > which leaks connections on the P2P network with the real location of the
> > node.  Knowledge of this traffic along with uptime metrics from
> > bitnodes.io can allow observers to easily correlate the location and
> > identity of persons running Bitcoin nodes.  Denial of service can also be
> > used to crash and force a restart of an interesting node, which will cause
> > them to make a new request to the blacklist endpoint via the clearnet on
> > relaunch at the same time their P2P connections are made through a proxy.
> > Requests to the blacklisting URL also use a custom Bitcoin XT user agent
> > which makes users distinct from other internet traffic if you have access
> > to the endpoints logs.
> >
> >
> >
> > https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23
> >
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev at lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
@ 2015-08-19  1:08 Christophe Biocca
  2015-08-19  1:36 ` Peter Todd
  0 siblings, 1 reply; 9+ messages in thread
From: Christophe Biocca @ 2015-08-19  1:08 UTC (permalink / raw)
  To: bitcoin-dev

So I checked, and the code described *does not* run when behind a
proxy of any kind, including tor:

https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23#diff-11780fa178b655146cb414161c635219R265

At least based on my admittedly weak understanding of how the internal works.

Hopefully I save the next reader of your post from also having to dig
around to find the code and realize this is a false alert.

On Tue, Aug 18, 2015 at 6:36 PM F L via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> Bitcoin XT contains an unmentioned addition which periodically downloads
> lists of Tor IP addresses for blacklisting, this has considerable privacy
> implications for hapless users which are being prompted to use the
> software.  The feature is not clearly described, is enabled by default, and
> has a switch name which intentionally downplays what it is doing
> (disableipprio).  Furthermore these claimed anti-DoS measures are trivially
> bypassed and so offer absolutely no protection whatsoever.
>
> Connections are made over clearnet even when using a proxy or onlynet=tor,
> which leaks connections on the P2P network with the real location of the
> node.  Knowledge of this traffic along with uptime metrics from
> bitnodes.io can allow observers to easily correlate the location and
> identity of persons running Bitcoin nodes.  Denial of service can also be
> used to crash and force a restart of an interesting node, which will cause
> them to make a new request to the blacklist endpoint via the clearnet on
> relaunch at the same time their P2P connections are made through a proxy.
> Requests to the blacklisting URL also use a custom Bitcoin XT user agent
> which makes users distinct from other internet traffic if you have access
> to the endpoints logs.
>
>
>
> https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2015-08-19 18:51 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-18 23:31 [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks F L
2015-08-18 23:56 ` Andrew LeCody
2015-08-19  0:00 ` Patrick Strateman
2015-08-19  1:08 Christophe Biocca
2015-08-19  1:36 ` Peter Todd
2015-08-19  1:48   ` Gregory Maxwell
2015-08-19  2:25   ` Peter Todd
2015-08-19 15:45     ` Mike Hearn
2015-08-19 18:51       ` Btc Drak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox