š
Original date posted:2015-08-18
š Original message:First of all I would like to say... LOL
Second Andrew LeCody is correct, this is off topic.
On 08/18/2015 04:31 PM, F L via bitcoin-dev wrote:
> Bitcoin XT contains an unmentioned addition which periodically
> downloads lists of Tor IP addresses for blacklisting, this has
> considerable privacy implications for hapless users which are being
> prompted to use the software. The feature is not clearly described,
> is enabled by default, and has a switch name which intentionally
> downplays what it is doing (disableipprio). Furthermore these claimed
> anti-DoS measures are trivially bypassed and so offer absolutely no
> protection whatsoever.
>
> Connections are made over clearnet even when using a proxy or
> onlynet=tor, which leaks connections on the P2P network with the real
> location of the node. Knowledge of this traffic along with uptime
> metrics from bitnodes.io can allow observers to easily correlate the
> location and identity of persons running Bitcoin nodes. Denial of
> service can also be used to crash and force a restart of an
> interesting node, which will cause them to make a new request to the
> blacklist endpoint via the clearnet on relaunch at the same time their
> P2P connections are made through a proxy. Requests to the
> blacklisting URL also use a custom Bitcoin XT user agent which makes
> users distinct from other internet traffic if you have access to the
> endpoints logs.
>
>
> https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150818/081aad9b/attachment.html>