Bitcoin XT has backdoor that may reveal real IP address of its users?

[zeroday]

Bitcoin XT contains an unmentioned addition which periodically downloads
lists of Tor IP addresses for blacklisting, this has considerable privacy
implications for hapless users which are being prompted to use the
software. The feature is not clearly described, is enabled by default,
and has a switch name which intentionally downplays what it is doing
(disableipprio). Furthermore these claimed anti-DoS measures are
trivially bypassed and so offer absolutely no protection whatsoever.

Connections are made over clearnet even when using a proxy or
onlynet=tor, which leaks connections on the P2P network with the real
location of the node. Knowledge of this traffic along with uptime metrics
from bitnodes.io can allow observers to easily correlate the location and
identity of persons running Bitcoin nodes. Denial of service can also be
used to crash and force a restart of an interesting node, which will
cause them to make a new request to the blacklist endpoint via the
clearnet on relaunch at the same time their P2P connections are made
through a proxy. Requests to the blacklisting URL also use a custom
Bitcoin XT user agent which makes users distinct from other internet
traffic if you have access to the endpoints logs.

https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23

Source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010379.html



To conclude. NSA/CIA can run simple ddos attack which activates "Anti-DDOS" backdoor in XT client which blocks Tor connections and de-anonimyzes users by revealing their real IP addresses.

[1714694302]

1714694302

[1714694302]

1714694302

[knight22]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

[zeroday]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

Your answer is pretty clear. So basically give up privacy.
Gotcha.

[manselr]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on.

[croTek4]

Zeroday is filling in for TurtleHurricane today.

[knight22]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

Your answer is pretty clear. So basically give up privacy.
Gotcha.

It's not giving up privacy. It’s not like bitcoin will always be under DDOS or there would be a problem. If that happens there are other means to achieve privacy anyway.

[zeroday]

It's not giving up privacy. It’s not like bitcoin will always be under DDOS or there would be a problem. If that happens there are other means to achieve privacy anyway.

How will you comment this finding:

Connections are made over clearnet even when using a proxy or
onlynet=tor, which leaks connections on the P2P network with the real
location of the node.

source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010379.html

[LiteCoinGuy]

Zeroday is filling in for TurtleHurricane today.

  - maybe the turtle has two accounts

[ChetnotAtkins]

One seriously has to wonder how some characters here still defend XT after all the recent revelations. Why exactly do you use/ like Bitcoin?

I for one view it as a decentralized monetary system, that allows me to store and transfer my wealth globally without any limitations of borders and jurisdictions while retaining complete privacy. If XT is a measure to undermine this fantastic invention then what does it say about the people who support it?

[meono]

One seriously has to wonder how some characters here still defend XT after all the recent revelations. Why exactly do you use/ like Bitcoin?

I for one view it as a decentralized monetary system, that allows me to store and transfer my wealth globally without any limitations of borders and jurisdictions while retaining complete privacy. If XT is a measure to undermine this fantastic invention then what does it say about the people who support it?

Speak for yourself, some kind of character you got there


Are you sure you dont have a mental issue?


This is what you wrote, isnt it

Already have there been dubious code segments detected in XT's code base. XT is a trojan horse that plans to base it's hostile takeover of Bitcoin on manipulating the notoriously stupid masses.

I for one will dump ALL my Bitcoins immediately on the XT chain, should it ever be tradeable, which will certainly not be without effect. Bitcoin simply cannot be in control of two people with very questionable motives and tactics. It is a tool of the cypherpunks

How are developers responding to this severe limitation of Bitcoin's usage. There are currently 72000 (!) unconfirmed transactions but it seems they don't really want to acknowledge it.

Perhaps set a limit of tx/s to discourage spamming the mempool and block malicious nodes.

[Elwar]

I think a lot of people are changing their minds on XT after the addition of blacklisting code.

Why didn't they just keep the Core code except add the block size upgrade?

[Lauda]

I think a lot of people are changing their minds on XT after the addition of blacklisting code.

Why didn't they just keep the Core code except add the block size upgrade?

Because the intentions of Hearn aren't pure. Obviously if it was only about the block size, then the XT client would only contain a increased block size limit. However it contains controversial patches that they call "bug fixes", all that were rejected when proposed to Core for being buggy and whatnot.

Also, it can't contain a 'backdoor', since it is open source. People just need to check the source code themselves to verify, which is different from the classic backdoors (usually within finished products).

[Sitarow]

I think a lot of people are changing their minds on XT after the addition of blacklisting code.

Why didn't they just keep the Core code except add the block size upgrade?

I agree with you completely.

As I have posted before.

""Bitcoin XT" is like getting Thrush in your mouth. This is the result of yeast permitted to overgrow as a result of taking antibiotics to destroy all good and bad bacteria in your body."

[turvarya]

I think a lot of people are changing their minds on XT after the addition of blacklisting code.

Why didn't they just keep the Core code except add the block size upgrade?

Because BitcoinXT exists since Jan 6, 2014
https://github.com/bitcoinxt/bitcoinxt/commits/master?page=100

[Elwar]

I think a lot of people are changing their minds on XT after the addition of blacklisting code.

Why didn't they just keep the Core code except add the block size upgrade?

Because BitcoinXT exists since Jan 6, 2014
https://github.com/bitcoinxt/bitcoinxt/commits/master?page=100

Yes, but the block size code was only recently added.

[Thekool1s]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on.

Exactly but few greedy people know what will happen at exact time

[turvarya]

I think a lot of people are changing their minds on XT after the addition of blacklisting code.

Why didn't they just keep the Core code except add the block size upgrade?

Because BitcoinXT exists since Jan 6, 2014
https://github.com/bitcoinxt/bitcoinxt/commits/master?page=100

Yes, but the block size code was only recently added.

So, what exactly is so hard to understand about BitcoinXT being an alternative client, with additional features?
Should they drop all their features, because people are to dumb to read?

Oh, wait, they already made a version for that:
https://github.com/bitcoinxt/bitcoinxt/tree/only-bigblocks

[meono]

I think OP should edit the tittle of this thread now. Unless he is just a troll ....  

[turvarya]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on.

It's about the client being DDosed. It's when the limit of 127 connections is reached(which doesn't happen usually)
Do you guys do any research ever? They same things are clarified over and over again, but seems like even long time members are just reading headlines.

[meono]

So basically don’t use TOR if bitcoin is being DDOSed.

Gotcha.

What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on.

It's about the client being DDosed. It's when the limit of 127 connections is reached(which doesn't happen usually)
Do you guys do any research ever? They same things are clarified over and over again, but seems like even long time members are just reading headlines.

LOL right after you posted, an idiot showed up and did exactly that.....

This forum never ceases to amaze me......