Author: Jonas Schnelli 2017-02-14 21:01:51
Published on: 2017-02-14T21:01:51+00:00
The current SPV clients available in the market reveal complete wallet content to every network observer between the user and the connected node. This means that if a user pays for a coffee while on the owner's WIFI, the coffee owner and all involved ISPs can correlate the wallet with the user's other internet behavior. The same is true for the user's cellphone provider if they use cellular. To address this issue, one suggestion is to allow trusted users to connect via a different, encrypted connection, similar to the RPC one. It is proposed to use the same p2p protocol but a different port and/or process, or to form a standard if not using the p2p protocol. If such an additional channel is not available, it is possible to fall back to the current SPV model against random untrusted peers. However, there are downsides to using the current p2p network, and creating designated channels between peers based on IPs (the "addnode" thing) poses a security problem. Therefore, implementing a new protocol or standard for secure connections between trusted users could solve these issues.
Updated on: 2023-06-11T21:34:13.942342+00:00