Author: Patrick Strateman 2015-08-19 00:00:09
Published on: 2015-08-19T00:00:09+00:00
A message posted on the Bitcoin-dev mailing list by F L via bitcoin-dev points out that the Bitcoin XT software contains an unmentioned addition which periodically downloads lists of Tor IP addresses for blacklisting, posing considerable privacy implications for users. The feature is not clearly described, is enabled by default, and has a switch name which intentionally downplays what it is doing (disableipprio). It is also claimed that the anti-DoS measures are trivially bypassed and offer no protection whatsoever. Connections are made over clearnet even when using a proxy or onlynet=tor, which leaks connections on the P2P network with the real location of the node. Denial of service can also be used to crash and force a restart of an interesting node. Requests to the blacklisting URL also use a custom Bitcoin XT user agent which makes users distinct from other internet traffic if you have access to the endpoints logs.
Updated on: 2023-06-10T20:24:04.964599+00:00