public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd.org>
To: Christophe Biocca <christophe.biocca@gmail.com>,
	bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
Date: Tue, 18 Aug 2015 19:25:29 -0700	[thread overview]
Message-ID: <20150819022528.GA8920@muck> (raw)
In-Reply-To: <20150819013645.GC2835@muck>

[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]

On Tue, Aug 18, 2015 at 06:36:45PM -0700, Peter Todd via bitcoin-dev wrote:
> is false. However, in the common scenario of a firewalled node, where
> the operator has neglected to explicitly set -listen=0, the code does
> still download the Tor exit node list, revealing the true location of
> the node. This is contrary to the previous behavior of not revealing any
> IP information in that configuration.
> 
> FWIW Gregory Maxwell removed the last "call home" feature in pull-req
> #5161, by replacing the previous calls to getmyip.com-type services with
> a local peer request. Similarly the DNS seeds use the DNS protocol
> specifically to avoid leaking IP address information.
> 
> tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
> node list download.

Oh, and I just checked, and Mike's original pull-req for the Tor
blacklist didn't include the proxy disable code; what's in master != the
pull-req, so the OP may have been looking at the wrong code by accident.
(I personally noticed this issue in the pull-req and didn't realise it
hadn't been merged into master w/o modifications)

https://github.com/mikehearn/bitcoinxt/commit/931a4d59a03c7e64d7d85ddfc07ae127533c7f28#diff-11780fa178b655146cb414161c635219R171

Kinda sloppy of Mike to be making changes in master that don't
correspond to the peer-reviewed pull-req code...

-- 
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

  parent reply	other threads:[~2015-08-19  2:25 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-19  1:08 [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks Christophe Biocca
2015-08-19  1:36 ` Peter Todd
2015-08-19  1:48   ` Gregory Maxwell
2015-08-19  2:25   ` Peter Todd [this message]
2015-08-19 15:45     ` Mike Hearn
2015-08-19 18:51       ` Btc Drak
  -- strict thread matches above, loose matches on Subject: below --
2015-08-18 23:31 F L
2015-08-18 23:56 ` Andrew LeCody
2015-08-19  0:00 ` Patrick Strateman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150819022528.GA8920@muck \
    --to=pete@petertodd.org \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=christophe.biocca@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox