<div dir="ltr">This should probably be posted on the BitcoinXT mailing-list, as Bitcoin Core does not currently include this feature.</div><br><div class="gmail_quote"><div dir="ltr">On Tue, Aug 18, 2015 at 6:36 PM F L via bitcoin-dev <<a href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span style="font-family:Arial,Helvetica,sans-serif"><div dir="ltr">
Bitcoin XT contains an unmentioned addition which periodically downloads lists of Tor IP addresses for blacklisting, this has considerable privacy implications for hapless users which are being prompted to use the software. The feature is not clearly described, is enabled by default, and has a switch name which intentionally downplays what it is doing (disableipprio). Furthermore these claimed anti-DoS measures are trivially bypassed and so offer absolutely no protection whatsoever.<br>
<br>
Connections are made over clearnet even when using a proxy or onlynet=tor, which leaks connections on the P2P network with the real location of the node. Knowledge of this traffic along with uptime metrics from <a href="http://bitnodes.io" target="_blank">bitnodes.io</a> can allow observers to easily correlate the location and identity of persons running Bitcoin nodes. Denial of service can also be used to crash and force a restart of an interesting node, which will cause them to make a new request to the blacklist endpoint via the clearnet on relaunch at the same time their P2P connections are made through a proxy. Requests to the blacklisting URL also use a custom Bitcoin XT user agent which makes users distinct from other internet traffic if you have access to the endpoints logs. </div>
<div dir="ltr">
<br>
</div>
<div dir="ltr">
<a href="https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23" target="_blank">https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23</a></div>
</span><br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href="mailto:bitcoin-dev@lists.linuxfoundation.org" target="_blank">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" rel="noreferrer" target="_blank">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>