|
Title: Android wallet and TOR Post by: yabu on November 02, 2013, 07:27:23 AM I'm wondering whether the Android bitcoin wallet works with TOR?
Because this page https://code.google.com/p/bitcoinj/wiki/Limitations gives the impression that it wouldn't work. But then again Orbot https://www.torproject.org/docs/android.html.en gives the impression that it can take the network traffic from the bitcoin wallet and route it over TOR. I'm confused. Title: Re: Android wallet and TOR Post by: Andreas Schildbach on November 02, 2013, 03:53:09 PM I think it doesn't work because bitcoinj/netty doesn't support setting a proxy.
Title: Re: Android wallet and TOR Post by: Mike Hearn on November 02, 2013, 04:23:32 PM Matt has been working on a rewrite of the network layer that would let us route traffic over Tor. It's not obvious that it's a good idea though. Using Tor essentially puts a MITM on every connection you make, unless you're connecting to hidden services. Supporting discovery of hidden services would take a bit more work.
Title: Re: Android wallet and TOR Post by: yabu on November 03, 2013, 06:05:09 AM Is there a way to know for sure whether the android wallet bypasses Orbot or not?
I did a test transaction and looked it up at http://blockchain.info and the IP address listed under 'Relayed by IP' was not my own. But then again it doesn't have to be even if the android wallet connects directly. Title: Re: Android wallet and TOR Post by: lukey on November 17, 2013, 08:36:21 PM I don't know if this can answer this question, but i recently sent a small amount of bitcoins to a market place. I'm still waiting on the transaction. It still hasn't transmitted and completely froze my wallet on my phone you can say. Every time I try to send a payment, it says that my current balance on my wallet is still waiting for confirmation. I don't understand lol.
~ I did use Tor Title: Re: Android wallet and TOR Post by: Andreas Schildbach on November 18, 2013, 10:15:45 AM @lukey I pm'ed you.
Title: Re: Android wallet and TOR Post by: yabu on November 23, 2013, 04:03:43 PM Just to follow up on this. I tested this network log application
https://f-droid.org/repository/browse/?fdid=com.googlecode.networklog And with the information it provides it looks very much like Orbot manages to route the Android Wallet over Tor. Btw. is the Android wallet more at risk from an rogue exit node than the satoshi client? Title: Re: Android wallet and TOR Post by: Mike Hearn on November 24, 2013, 01:42:58 PM Yes, the risk is higher.
The new network stack is ready for testing. Andreas could produce a test/beta version that routes traffic over Tor now. But if Orbot is already doing it for all applications, then it doesn't seem useful. Title: Re: Android wallet and TOR Post by: yabu on November 24, 2013, 06:16:18 PM Exactly what kind of an attack could a rogue exit node orchestrate?
And why is the android wallet more vulnerable than the satoshi client? Title: Re: Android wallet and TOR Post by: Mike Hearn on November 24, 2013, 07:02:30 PM It could feed you transactions that are fake and will never confirm. If you're not waiting for confirmations, then you could be fooled by this. The Satoshi client has all the data needed to validate even unconfirmed transactions, so the tx can't actually be fake (although with a MITM you cannot know if the tx was really propagated and thus, whether it could be double spent).
Basically, Tor is bad news unless you're OK with waiting for confirmations (preferably, several), and that's true regardless of which client you use. Even if you THINK you're OK with waiting, the MITM could filter out block announcements so you just think the network is being really unlucky and not finding a block, so you give up waiting and decide to risk it. Title: Re: Android wallet and TOR Post by: yabu on November 24, 2013, 09:23:30 PM Ok, thanks for the info
|