1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
Return-Path: <bitcoin@hellokitty.com.sg>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 775E125A
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 18 Aug 2015 23:36:46 +0000 (UTC)
X-Greylist: delayed 00:05:14 by SQLgrey-1.7.6
Received: from outbound3.messaging.lotuslive.com
(outbound3.messaging.lotuslive.com [192.86.64.20])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id CC7BD21B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 18 Aug 2015 23:36:45 +0000 (UTC)
Received: from outbound3.messaging.lotuslive.com (unknown [10.5.33.50])
by c-in3ofal03-02.sv2.lotuslive.com (Postfix) with ESMTP id 3D137733055
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 18 Aug 2015 23:31:31 +0000 (GMT)
Received: from c-in3ofil03-02.sv2.lotuslive.com (unknown [10.6.33.55])
by c-in3obnd03-02.sv2.lotuslive.com (Postfix) with ESMTP id B575BC01AE
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 18 Aug 2015 23:31:30 +0000 (GMT)
Received: from c-in3ofil03-02.sv2.lotuslive.com (unknown [127.0.0.1])
by c-in3ofil03-02.sv2.lotuslive.com (Postfix) with ESMTP id 9B80527E93
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 18 Aug 2015 23:31:30 +0000 (GMT)
Received: from c-in3ws--03-03.ben.sv2.lotuslive.com
(c-in3ws--03-03.sv2.lotuslive.com [10.6.33.83])
(sender bitcoin@hellokitty.com.sg) by c-in3ofil03-02.sv2.lotuslive.com
(LotusLive iNotes outfilter/0.91)
with ESMTP; Tue, 18 Aug 2015 23:31:30 +0000
Received: by c-in3ws--03-03.sv2.lotuslive.com (Postfix, from userid 1001)
id 7A22815F000; Tue, 18 Aug 2015 23:31:30 +0000 (GMT)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_1439940690254870"
MIME-Version: 1.0
From: "F L" <bitcoin@hellokitty.com.sg>
To: bitcoin-dev@lists.linuxfoundation.org
Date: Wed, 19 Aug 2015 00:31:30 +0100
Received: from [178.62.29.158] by
Yy1pbjN3cy0tMDMtMDMuc3YyLmxvdHVzbGl2ZW9wcy5jb20= with http for
bitcoin@hellokitty.com.sg; Wed, 19 Aug 2015 00:31:30 +0100
X-Originating-Ip: 178.62.29.158
X-Originating-Server: c-in3ws--03-03.sv2.lotuslive.com
X-Ob-Auth: bitcoin:hellokitty.com.sg@sanriotown.com
Message-Id: <20150818233130.7A22815F000@c-in3ws--03-03.sv2.lotuslive.com>
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.1 cv=Hp6LYBnS c=1 sm=1 tr=0
a=WkljmVdYkabdwxfqvArNOQ==:117 a=ZrQYtpJMxNmQxXOXqYkeMQ==:17
a=SDDnXvVnAAAA:8 a=smd98w2VAAAA:8 a=NJMzuC_RAAAA:8 a=lqcCkvJ1e38A:10
a=uRRa74qj2VoA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=NEAV23lmAAAA:8
a=AYFnbYCA9cEmZSKz7mcA:9 a=QEXdDO2ut3YA:10 a=TykrZ_oL86MB5f_u4MMA:9
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system has
significant privacy leaks.
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 23:36:46 -0000
This is a multi-part message in MIME format.
--_----------=_1439940690254870
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
Bitcoin XT contains an unmentioned addition which periodically downloads
lists of Tor IP addresses for blacklisting, this has considerable privacy
implications for hapless users which are being prompted to use the
software. The feature is not clearly described, is enabled by default,
and has a switch name which intentionally downplays what it is doing
(disableipprio). Furthermore these claimed anti-DoS measures are
trivially bypassed and so offer absolutely no protection whatsoever.
Connections are made over clearnet even when using a proxy or
onlynet=3Dtor, which leaks connections on the P2P network with the real
location of the node. Knowledge of this traffic along with uptime metrics
from bitnodes.io can allow observers to easily correlate the location and
identity of persons running Bitcoin nodes. Denial of service can also be
used to crash and force a restart of an interesting node, which will
cause them to make a new request to the blacklist endpoint via the
clearnet on relaunch at the same time their P2P connections are made
through a proxy. Requests to the blacklisting URL also use a custom
Bitcoin XT user agent which makes users distinct from other internet
traffic if you have access to the endpoints logs.
https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2=
f5b68aa4c23
--_----------=_1439940690254870
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
<span style=3D'font-family: Arial,Helvetica,sans-serif;'><div dir=3D"ltr">
Bitcoin XT contains an unmentioned addition which periodically downloads l=
ists of Tor IP addresses for blacklisting, this has considerable privacy im=
plications for hapless users which are being prompted to use the software.&=
nbsp; The feature is not clearly described, is enabled by default, and has =
a switch name which intentionally downplays what it is doing (disableipprio=
). Furthermore these claimed anti-DoS measures are trivially bypassed=
and so offer absolutely no protection whatsoever.<br />
<br />
Connections are made over clearnet even when using a proxy or onlynet=3Dto=
r, which leaks connections on the P2P network with the real location of the=
node. Knowledge of this traffic along with uptime metrics from bitno=
des.io can allow observers to easily correlate the location and identity of=
persons running Bitcoin nodes. Denial of service can also be used to=
crash and force a restart of an interesting node, which will cause them to=
make a new request to the blacklist endpoint via the clearnet on relaunch =
at the same time their P2P connections are made through a proxy. Requ=
ests to the blacklisting URL also use a custom Bitcoin XT user agent which =
makes users distinct from other internet traffic if you have access to the =
endpoints logs. </div>
<div dir=3D"ltr">
<br />
</div>
<div dir=3D"ltr">
<a href=3D"https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8fae=
a9c2b2c785a2f5b68aa4c23">https://github.com/bitcoinxt/bitcoinxt/commit/73c9=
efe74c5cc8faea9c2b2c785a2f5b68aa4c23</a></div>
</span><BR>
--_----------=_1439940690254870--
|