Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 236BF7AA
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 19 Aug 2015 01:36:55 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149081.authsmtp.net (outmail149081.authsmtp.net
	[62.13.149.81])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 315D5157
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 19 Aug 2015 01:36:53 +0000 (UTC)
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
	by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t7J1apsi003017;
	Wed, 19 Aug 2015 02:36:51 +0100 (BST)
Received: from muck (S0106e03f49079160.ok.shawcable.net [174.4.1.120])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t7J1akXl052296
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Wed, 19 Aug 2015 02:36:50 +0100 (BST)
Date: Tue, 18 Aug 2015 18:36:45 -0700
From: Peter Todd <pete@petertodd.org>
To: Christophe Biocca <christophe.biocca@gmail.com>
Message-ID: <20150819013645.GC2835@muck>
References: <CANOOu=_8BA1REkjRA3OUU_UEk6iOkQDW7=C8bEByAFGF4KHrbg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="E13BgyNx05feLLmH"
Content-Disposition: inline
In-Reply-To: <CANOOu=_8BA1REkjRA3OUU_UEk6iOkQDW7=C8bEByAFGF4KHrbg@mail.gmail.com>
X-Server-Quench: c402f5bf-4612-11e5-b398-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aAdMdwsUGUATAgsB AmMbW1ZeU1t7XGI7 ag1VcwFDY1RPXQV1
	VUBOXVMcUAISAE1a bkIeVxtwfgMIeX5x bE4sDXRbXhJ/JxBg
	RkhVF3AHZDJldTIc WUhFdwNWdQpKLx5A PgF4GhFYa3VsNCMk
	FAgyOXU9MCtqYA5U XgoKLFRacXoQVgI7 XVgjJX0lGUQORCEy
	NABuJlkDGkIWO0kz N1RpQkMDLxIXaEVe FloFGy5WIVgPRiEi
	Cx8SRVQfDjRWUG9Y DxQrOVkg
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 174.4.1.120/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Bitcoin XTs Tor IP blacklist downloading system
 has significant privacy leaks.
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 01:36:55 -0000


--E13BgyNx05feLLmH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 18, 2015 at 09:08:01PM -0400, Christophe Biocca via bitcoin-dev=
 wrote:
> So I checked, and the code described *does not* run when behind a
> proxy of any kind, including tor:
>=20
> https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785=
a2f5b68aa4c23#diff-11780fa178b655146cb414161c635219R265
>=20
> At least based on my admittedly weak understanding of how the internal wo=
rks.
>=20
> Hopefully I save the next reader of your post from also having to dig
> around to find the code and realize this is a false alert.

That's not entirely correct.

The code does disable downloading of the Tor exit node list if fListen
is false, or if there is a proxy setup, this means the statement:

>  Connections are made over clearnet even when using a proxy or
>  onlynet=3Dtor,

is false. However, in the common scenario of a firewalled node, where
the operator has neglected to explicitly set -listen=3D0, the code does
still download the Tor exit node list, revealing the true location of
the node. This is contrary to the previous behavior of not revealing any
IP information in that configuration.

FWIW Gregory Maxwell removed the last "call home" feature in pull-req
#5161, by replacing the previous calls to getmyip.com-type services with
a local peer request. Similarly the DNS seeds use the DNS protocol
specifically to avoid leaking IP address information.

tl;dr: Yes, Bitcoin XT has a privacy problem with the automatic Tor exit
node list download.

> On Tue, Aug 18, 2015 at 6:36 PM F L via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
>=20
> > Bitcoin XT contains an unmentioned addition which periodically downloads
> > lists of Tor IP addresses for blacklisting, this has considerable priva=
cy
> > implications for hapless users which are being prompted to use the
> > software.  The feature is not clearly described, is enabled by default,=
 and
> > has a switch name which intentionally downplays what it is doing
> > (disableipprio).  Furthermore these claimed anti-DoS measures are trivi=
ally
> > bypassed and so offer absolutely no protection whatsoever.
> >
> > Connections are made over clearnet even when using a proxy or onlynet=
=3Dtor,
> > which leaks connections on the P2P network with the real location of the
> > node.  Knowledge of this traffic along with uptime metrics from
> > bitnodes.io can allow observers to easily correlate the location and
> > identity of persons running Bitcoin nodes.  Denial of service can also =
be
> > used to crash and force a restart of an interesting node, which will ca=
use
> > them to make a new request to the blacklist endpoint via the clearnet on
> > relaunch at the same time their P2P connections are made through a prox=
y.
> > Requests to the blacklisting URL also use a custom Bitcoin XT user agent
> > which makes users distinct from other internet traffic if you have acce=
ss
> > to the endpoints logs.
> >
> >
> >
> > https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c7=
85a2f5b68aa4c23
> >
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev at lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>=20

--=20
'peter'[:-1]@petertodd.org
00000000000000000402fe6fb9ad613c93e12bddfc6ec02a2bd92f002050594d

--E13BgyNx05feLLmH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGrBAEBCACVBQJV092qXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAwNDAyZmU2ZmI5YWQ2MTNjOTNlMTJiZGRmYzZlYzAyYTJi
ZDkyZjAwMjA1MDU5NGQvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQwIXyHOf0udwfAQgAgGXpUnbQK167awNgcNzuua8Q
6+0NchZJkI78qVRqAF9jrRdapduiTfwicBXBGkevkSPLDTPL4s4WRQQM9P/cRy8W
OC5QNL1/HRy/vH+pZzfBEgBZNf7qHwXNl+Jh50ac/YoLYVByh3Z2RglbvdgHXVOv
EMHYd0spgi+L3RlAG0tXbMSL9VIOnuqAXe2iG42K0V68kOscaUMk4M5pYKCf4/zH
UgTjXBA2DkCtPtIxFsgEgVg30HFA1LuL6SCncQX9M21UXqvdGmGQQZCFA70NWCuA
nmwEneD9zP0m8IbySvmziFCrtnZXI6GoAn2tacKBCwTMtlVJhXajP8jXaQNS4w==
=rw+M
-----END PGP SIGNATURE-----

--E13BgyNx05feLLmH--