Author: odinn 2015-08-30 23:28:53
Published on: 2015-08-30T23:28:53+00:00
This is a technical discussion that occurred on the Bitcoin-dev mailing list. Wei initiated the conversation by posing seven questions related to the privacy features of the Bitcoin-Qt wallet application. Kristov Atlas responded with his best guesses, as he was not a developer of Bitcoin-Qt.To summarize briefly, Bitcoin-Qt does not try to make non-mixing transactions look like mixing transactions, and outputs are randomized. It is unknown whether the application minimizes the harmful effects of address reuse by spending every spendable input ("sweeping") from an address when a transaction is created. The application fully implements BIP 62. The application does not support mixing or donation features.Regarding balance queries and tx broadcasting, the application keeps a complete copy of the blockchain locally (full node) and does not provide filters that match some fraction of the blockchain while providing a false positive rate. The application only allows configuring a single proxy for outgoing transactions. There is no built-in support for multiple identities, but hot-swapping wallet files can crudely simulate this. When an identity/wallet is deleted, it eliminates most evidence that the wallet was previously installed on that device, but there may be some extra information in ancillary files that should also be deleted.Regarding network privacy, backups are local, and no email or SMS is linked. The application does not perform any lookup external to the user's device related to identifying transaction senders or recipients. It connects to known p2p full nodes to bootstrap the connection to the Bitcoin p2p network. The Bitcoin-QT leaks specific information about its client version through User Agent. Lastly, users can encrypt their wallet file with a password, preventing decryption of the private keys. However, any wallet.dat file can be opened and the public keys inspected without the password.The email thread revolves around a set of questions on privacy and security practices of an application. The first question concerns the user's private keys, public keys or any other wallet metadata used to associate a user with their transactions or balances. The response is that there is no custodianship involved.The second query is about telemetry data being reported by the application. The question is whether users have the chance to review and approve all information transmitted before it is sent. The answer is that no obvious telemetry data is being sent.The third question pertains to the source code and building aspect of the application. The question is whether users can compile the application themselves in a manner that produces a binary version identical to the one distributed. The reply suggests that this is possible through the gitian stuff.In conclusion, the email thread discusses important privacy and security aspects and provides satisfactory answers to the questions posed.
Updated on: 2023-06-10T18:48:41.789743+00:00