Author: Peter Todd 2015-08-19 01:36:45
Published on: 2015-08-19T01:36:45+00:00
A user on the Bitcoin development mailing list pointed out that Bitcoin XT has a privacy issue with its automatic Tor exit node list download. The code does disable downloading the Tor exit node list if fListen is false or if there is a proxy setup, but if the operator neglects to explicitly set -listen=0, the code will still download the Tor exit node list, revealing the true location of the node. Gregory Maxwell removed the last "call home" feature in pull-req #5161 by replacing the previous calls to getmyip.com-type services with a local peer request and DNS seeds use the DNS protocol specifically to avoid leaking IP address information. Bitcoin XT's addition of a blacklist that periodically downloads lists of Tor IP addresses was not clearly described, is enabled by default, and has a switch name which intentionally downplays what it is doing (disableipprio). Requests to the blacklisting URL also use a custom Bitcoin XT user agent which makes users distinct from other internet traffic if you have access to the endpoints logs.
Updated on: 2023-06-10T20:24:14.636123+00:00