Author: F L 2015-08-18 23:31:30
Published on: 2015-08-18T23:31:30+00:00
Bitcoin XT has an unmentioned feature that downloads Tor IP addresses for blacklisting, posing a privacy risk for its users. The feature is not clearly described and is enabled by default with a switch name that downplays its function. Additionally, the anti-DoS measures are easily bypassed, providing no protection. Even when using a proxy or onlynet=tor, connections are still made over clearnet, leaking the node's real location and identity. Observers can use this information to correlate the location and identity of persons running Bitcoin nodes. Denial of service attacks can also be used to crash interesting nodes and force them to restart and make new requests to the blacklist endpoint via the clearnet while their P2P connections are made through a proxy. Requests to the blacklisting URL also use a custom Bitcoin XT user agent, making users distinct from other internet traffic if access to the endpoint logs is available.
Updated on: 2023-06-10T20:23:57.134409+00:00