Thanks Jan, we added several additional checks for non-standard protocol responses, and also made the client revert to DNS seeding more quickly if it runs into trouble, so it's now more robust against sybil/DOS attack. I mentioned in the coindesk article that I didn't think what your nodes were doing was intended to be malicious with respect to network disruption. It's our job to better handle non-standard or even malicious behavior from random p2p nodes. Aaron Voisine co-founder and CEO breadwallet.com On Mon, Mar 16, 2015 at 1:44 AM, Jan Møller wrote: > What we were trying to achieve was determining the flow of funds between > countries by figuring out which country a transaction originates from. > To do that with a certain accuracy you need many nodes. We chose a class C > IP range as we knew that bitcoin core and others only connect to one node > in any class C IP range. We were not aware that breadwallet didn't follow > this practice. Breadwallet risked getting tar-pitted, but that was not our > intention and we are sorry about that. > > Our nodes DID respond with valid blocks and merkle-blocks and allowed > everyone connecting to track the blockchain. We did however not relay > transactions. The 'service' bit in the version message is not meant for > telling whether or how the node relays transactions, it tells whether you > can ask for block headers only or full blocks. > > Many implementations enforce non standard rules for handling transactions; > some nodes ignore transactions with address reuse, some nodes happily > forward double spends, and some nodes forward neither blocks not > transactions. We did blocks but not transactions. > > In hindsight we should have done two things: > 1. relay transactions > 2. advertise address from 'foreign' nodes > > Both would have fixed the problems that breadwallet experienced. My > understanding is that breadwallet now has the same 'class C' rule as > bitcoind, which would also fix it. > > Getting back on the topic of this thread and whether it is illegal, your > guess is as good as mine. I don't think it is illegal to log incoming > connections and make statistical analysis on it. That would more or less > incriminate anyone who runs a web-server and looks into the access log. > At lease one Bitcoin service has been collecting IP addresses for years > and given them to anyone visiting their web-site (you know who) and I > believe that this practise is very wrong. We have no intention of giving IP > addresses away to anyone, but we believe that you are free to make > statistics on connection logs when nodes connect to you. > > On a side note: When you make many connections to the network you see lots > of strange nodes and suspicious patterns. You can be certain that we were > not the only ones connected to many nodes. > > My takeaway from this: If nodes that do not relay transactions is a > problem then there is stuff to fix. > > /Jan > > On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn wrote: > >> That would be rather new and tricky legal territory. >> >> But even putting the legal issues to one side, there are definitional >> issues. >> >> For instance if the Chainalysis nodes started following the protocol >> specs better and became just regular nodes that happen to keep logs, would >> that still be a violation? If so, what about blockchain.info? It'd be >> shooting ourselves in the foot to try and forbid block explorers given how >> useful they are. >> >> If someone non-maliciously runs some nodes with debug logging turned on, >> and makes full system backups every night, and keeps those backups for >> years, are they in violation of whatever pseudo-law is involved? >> >> I think it's a bit early to think about these things right now. Michael >> Grønager and Jan Møller have been Bitcoin hackers for a long time. I'd be >> interested to know their thoughts on all of this. >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub >> for all >> things parallel software development, from weekly thought leadership >> blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >