[bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks.
Peter Todd
pete at petertodd.org
Wed Aug 19 02:25:29 UTC 2015
On Tue, Aug 18, 2015 at 06:36:45PM -0700, Peter Todd via bitcoin-dev wrote:
> is false. However, in the common scenario of a firewalled node, where
> the operator has neglected to explicitly set -listen=0, the code does
> still download the Tor exit node list, revealing the true location of
> the node. This is contrary to the previous behavior of not revealing any
> IP information in that configuration.
>
> FWIW Gregory Maxwell removed the last "call home" feature in pull-req
> #5161, by replacing the previous calls to getmyip.com-type services with
> a local peer request. Similarly the DNS seeds use the DNS protocol
> specifically to avoid leaking IP address information.
>
> tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
> node list download.
Oh, and I just checked, and Mike's original pull-req for the Tor
blacklist didn't include the proxy disable code; what's in master != the
pull-req, so the OP may have been looking at the wrong code by accident.
(I personally noticed this issue in the pull-req and didn't realise it
hadn't been merged into master w/o modifications)
https://github.com/mikehearn/bitcoinxt/commit/931a4d59a03c7e64d7d85ddfc07ae127533c7f28#diff-11780fa178b655146cb414161c635219R171
Kinda sloppy of Mike to be making changes in master that don't
correspond to the peer-reviewed pull-req code...
--
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150818/6a57599c/attachment.sig>
More information about the bitcoin-dev
mailing list