From: Peter Todd <pete@petertodd.org>
To: Christophe Biocca <christophe.biocca@gmail.com>,
bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
Date: Tue, 18 Aug 2015 19:25:29 -0700 [thread overview]
Message-ID: <20150819022528.GA8920@muck> (raw)
In-Reply-To: <20150819013645.GC2835@muck>
[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]
On Tue, Aug 18, 2015 at 06:36:45PM -0700, Peter Todd via bitcoin-dev wrote:
> is false. However, in the common scenario of a firewalled node, where
> the operator has neglected to explicitly set -listen=0, the code does
> still download the Tor exit node list, revealing the true location of
> the node. This is contrary to the previous behavior of not revealing any
> IP information in that configuration.
>
> FWIW Gregory Maxwell removed the last "call home" feature in pull-req
> #5161, by replacing the previous calls to getmyip.com-type services with
> a local peer request. Similarly the DNS seeds use the DNS protocol
> specifically to avoid leaking IP address information.
>
> tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
> node list download.
Oh, and I just checked, and Mike's original pull-req for the Tor
blacklist didn't include the proxy disable code; what's in master != the
pull-req, so the OP may have been looking at the wrong code by accident.
(I personally noticed this issue in the pull-req and didn't realise it
hadn't been merged into master w/o modifications)
https://github.com/mikehearn/bitcoinxt/commit/931a4d59a03c7e64d7d85ddfc07ae127533c7f28#diff-11780fa178b655146cb414161c635219R171
Kinda sloppy of Mike to be making changes in master that don't
correspond to the peer-reviewed pull-req code...
--
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
next prev parent reply other threads:[~2015-08-19 2:25 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-19 1:08 [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks Christophe Biocca
2015-08-19 1:36 ` Peter Todd
2015-08-19 1:48 ` Gregory Maxwell
2015-08-19 2:25 ` Peter Todd [this message]
2015-08-19 15:45 ` Mike Hearn
2015-08-19 18:51 ` Btc Drak
-- strict thread matches above, loose matches on Subject: below --
2015-08-18 23:31 F L
2015-08-18 23:56 ` Andrew LeCody
2015-08-19 0:00 ` Patrick Strateman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150819022528.GA8920@muck \
--to=pete@petertodd.org \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=christophe.biocca@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox