Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 236BF7AA for ; Wed, 19 Aug 2015 01:36:55 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from outmail149081.authsmtp.net (outmail149081.authsmtp.net [62.13.149.81]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 315D5157 for ; Wed, 19 Aug 2015 01:36:53 +0000 (UTC) Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t7J1apsi003017; Wed, 19 Aug 2015 02:36:51 +0100 (BST) Received: from muck (S0106e03f49079160.ok.shawcable.net [174.4.1.120]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t7J1akXl052296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 19 Aug 2015 02:36:50 +0100 (BST) Date: Tue, 18 Aug 2015 18:36:45 -0700 From: Peter Todd To: Christophe Biocca Message-ID: <20150819013645.GC2835@muck> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="E13BgyNx05feLLmH" Content-Disposition: inline In-Reply-To: X-Server-Quench: c402f5bf-4612-11e5-b398-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwsUGUATAgsB AmMbW1ZeU1t7XGI7 ag1VcwFDY1RPXQV1 VUBOXVMcUAISAE1a bkIeVxtwfgMIeX5x bE4sDXRbXhJ/JxBg RkhVF3AHZDJldTIc WUhFdwNWdQpKLx5A PgF4GhFYa3VsNCMk FAgyOXU9MCtqYA5U XgoKLFRacXoQVgI7 XVgjJX0lGUQORCEy NABuJlkDGkIWO0kz N1RpQkMDLxIXaEVe FloFGy5WIVgPRiEi Cx8SRVQfDjRWUG9Y DxQrOVkg X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 174.4.1.120/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has significant privacy leaks. X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2015 01:36:55 -0000 --E13BgyNx05feLLmH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 18, 2015 at 09:08:01PM -0400, Christophe Biocca via bitcoin-dev= wrote: > So I checked, and the code described *does not* run when behind a > proxy of any kind, including tor: >=20 > https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785= a2f5b68aa4c23#diff-11780fa178b655146cb414161c635219R265 >=20 > At least based on my admittedly weak understanding of how the internal wo= rks. >=20 > Hopefully I save the next reader of your post from also having to dig > around to find the code and realize this is a false alert. That's not entirely correct. The code does disable downloading of the Tor exit node list if fListen is false, or if there is a proxy setup, this means the statement: > Connections are made over clearnet even when using a proxy or > onlynet=3Dtor, is false. However, in the common scenario of a firewalled node, where the operator has neglected to explicitly set -listen=3D0, the code does still download the Tor exit node list, revealing the true location of the node. This is contrary to the previous behavior of not revealing any IP information in that configuration. FWIW Gregory Maxwell removed the last "call home" feature in pull-req #5161, by replacing the previous calls to getmyip.com-type services with a local peer request. Similarly the DNS seeds use the DNS protocol specifically to avoid leaking IP address information. tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit node list download. > On Tue, Aug 18, 2015 at 6:36 PM F L via bitcoin-dev < > bitcoin-dev at lists.linuxfoundation.org> wrote: >=20 > > Bitcoin XT contains an unmentioned addition which periodically downloads > > lists of Tor IP addresses for blacklisting, this has considerable priva= cy > > implications for hapless users which are being prompted to use the > > software. The feature is not clearly described, is enabled by default,= and > > has a switch name which intentionally downplays what it is doing > > (disableipprio). Furthermore these claimed anti-DoS measures are trivi= ally > > bypassed and so offer absolutely no protection whatsoever. > > > > Connections are made over clearnet even when using a proxy or onlynet= =3Dtor, > > which leaks connections on the P2P network with the real location of the > > node. Knowledge of this traffic along with uptime metrics from > > bitnodes.io can allow observers to easily correlate the location and > > identity of persons running Bitcoin nodes. Denial of service can also = be > > used to crash and force a restart of an interesting node, which will ca= use > > them to make a new request to the blacklist endpoint via the clearnet on > > relaunch at the same time their P2P connections are made through a prox= y. > > Requests to the blacklisting URL also use a custom Bitcoin XT user agent > > which makes users distinct from other internet traffic if you have acce= ss > > to the endpoints logs. > > > > > > > > https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c7= 85a2f5b68aa4c23 > > > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev at lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >=20 --=20 'peter'[:-1]@petertodd.org 00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d --E13BgyNx05feLLmH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJV092qXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAwNDAyZmU2ZmI5YWQ2MTNjOTNlMTJiZGRmYzZlYzAyYTJi ZDkyZjAwMjA1MDU5NGQvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQwIXyHOf0udwfAQgAgGXpUnbQK167awNgcNzuua8Q 6+0NchZJkI78qVRqAF9jrRdapduiTfwicBXBGkevkSPLDTPL4s4WRQQM9P/cRy8W OC5QNL1/HRy/vH+pZzfBEgBZNf7qHwXNl+Jh50ac/YoLYVByh3Z2RglbvdgHXVOv EMHYd0spgi+L3RlAG0tXbMSL9VIOnuqAXe2iG42K0V68kOscaUMk4M5pYKCf4/zH UgTjXBA2DkCtPtIxFsgEgVg30HFA1LuL6SCncQX9M21UXqvdGmGQQZCFA70NWCuA nmwEneD9zP0m8IbySvmziFCrtnZXI6GoAn2tacKBCwTMtlVJhXajP8jXaQNS4w== =rw+M -----END PGP SIGNATURE----- --E13BgyNx05feLLmH--