zeroday (OP)
Donator
Hero Member
Offline
Activity: 784
Merit: 1000
|
|
August 20, 2015, 02:42:37 PM |
|
Bitcoin XT contains an unmentioned addition which periodically downloads lists of Tor IP addresses for blacklisting, this has considerable privacy implications for hapless users which are being prompted to use the software. The feature is not clearly described, is enabled by default, and has a switch name which intentionally downplays what it is doing (disableipprio). Furthermore these claimed anti-DoS measures are trivially bypassed and so offer absolutely no protection whatsoever. Connections are made over clearnet even when using a proxy or onlynet=tor, which leaks connections on the P2P network with the real location of the node. Knowledge of this traffic along with uptime metrics from bitnodes.io can allow observers to easily correlate the location and identity of persons running Bitcoin nodes. Denial of service can also be used to crash and force a restart of an interesting node, which will cause them to make a new request to the blacklist endpoint via the clearnet on relaunch at the same time their P2P connections are made through a proxy. Requests to the blacklisting URL also use a custom Bitcoin XT user agent which makes users distinct from other internet traffic if you have access to the endpoints logs. https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23Source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010379.htmlTo conclude. NSA/CIA can run simple ddos attack which activates "Anti-DDOS" backdoor in XT client which blocks Tor connections and de-anonimyzes users by revealing their real IP addresses.
|
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
August 20, 2015, 02:45:37 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
|
|
|
|
zeroday (OP)
Donator
Hero Member
Offline
Activity: 784
Merit: 1000
|
|
August 20, 2015, 02:50:02 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
Your answer is pretty clear. So basically give up privacy. Gotcha.
|
|
|
|
manselr
Legendary
Offline
Activity: 868
Merit: 1006
|
|
August 20, 2015, 02:50:52 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on.
|
|
|
|
croTek4
Sr. Member
Offline
Activity: 392
Merit: 250
the Cat-a-clysm.
|
|
August 20, 2015, 02:56:19 PM |
|
Zeroday is filling in for TurtleHurricane today.
|
Catether is an open source mineable ERC20 Token, powered by Cates.
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
August 20, 2015, 02:56:39 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
Your answer is pretty clear. So basically give up privacy. Gotcha. It's not giving up privacy. It’s not like bitcoin will always be under DDOS or there would be a problem. If that happens there are other means to achieve privacy anyway.
|
|
|
|
zeroday (OP)
Donator
Hero Member
Offline
Activity: 784
Merit: 1000
|
|
August 20, 2015, 03:18:56 PM |
|
It's not giving up privacy. It’s not like bitcoin will always be under DDOS or there would be a problem. If that happens there are other means to achieve privacy anyway.
How will you comment this finding: Connections are made over clearnet even when using a proxy or onlynet=tor, which leaks connections on the P2P network with the real location of the node.
source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010379.html
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
August 20, 2015, 03:21:09 PM |
|
Zeroday is filling in for TurtleHurricane today.
- maybe the turtle has two accounts
|
|
|
|
ChetnotAtkins
|
|
August 20, 2015, 03:28:48 PM |
|
One seriously has to wonder how some characters here still defend XT after all the recent revelations. Why exactly do you use/ like Bitcoin?
I for one view it as a decentralized monetary system, that allows me to store and transfer my wealth globally without any limitations of borders and jurisdictions while retaining complete privacy. If XT is a measure to undermine this fantastic invention then what does it say about the people who support it?
|
|
|
|
meono
|
|
August 20, 2015, 03:36:02 PM |
|
One seriously has to wonder how some characters here still defend XT after all the recent revelations. Why exactly do you use/ like Bitcoin?
I for one view it as a decentralized monetary system, that allows me to store and transfer my wealth globally without any limitations of borders and jurisdictions while retaining complete privacy. If XT is a measure to undermine this fantastic invention then what does it say about the people who support it?
Speak for yourself, some kind of character you got there Are you sure you dont have a mental issue? This is what you wrote, isnt it Already have there been dubious code segments detected in XT's code base. XT is a trojan horse that plans to base it's hostile takeover of Bitcoin on manipulating the notoriously stupid masses.
I for one will dump ALL my Bitcoins immediately on the XT chain, should it ever be tradeable, which will certainly not be without effect. Bitcoin simply cannot be in control of two people with very questionable motives and tactics. It is a tool of the cypherpunks
How are developers responding to this severe limitation of Bitcoin's usage. There are currently 72000 (!) unconfirmed transactions but it seems they don't really want to acknowledge it.
Perhaps set a limit of tx/s to discourage spamming the mempool and block malicious nodes.
|
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
August 20, 2015, 03:46:37 PM |
|
I think a lot of people are changing their minds on XT after the addition of blacklisting code.
Why didn't they just keep the Core code except add the block size upgrade?
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
August 20, 2015, 03:51:47 PM |
|
I think a lot of people are changing their minds on XT after the addition of blacklisting code.
Why didn't they just keep the Core code except add the block size upgrade?
Because the intentions of Hearn aren't pure. Obviously if it was only about the block size, then the XT client would only contain a increased block size limit. However it contains controversial patches that they call "bug fixes", all that were rejected when proposed to Core for being buggy and whatnot. Also, it can't contain a 'backdoor', since it is open source. People just need to check the source code themselves to verify, which is different from the classic backdoors (usually within finished products).
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
Sitarow
Legendary
Offline
Activity: 1792
Merit: 1047
|
|
August 20, 2015, 03:52:54 PM |
|
I think a lot of people are changing their minds on XT after the addition of blacklisting code.
Why didn't they just keep the Core code except add the block size upgrade?
I agree with you completely. As I have posted before. ""Bitcoin XT" is like getting Thrush in your mouth. This is the result of yeast permitted to overgrow as a result of taking antibiotics to destroy all good and bad bacteria in your body."
|
|
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
August 20, 2015, 04:01:08 PM |
|
Yes, but the block size code was only recently added.
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
Thekool1s
Legendary
Offline
Activity: 1512
Merit: 1218
Change is in your hands
|
|
August 20, 2015, 04:12:28 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on. Exactly but few greedy people know what will happen at exact time
|
|
|
|
turvarya
|
|
August 20, 2015, 04:55:13 PM |
|
Yes, but the block size code was only recently added. So, what exactly is so hard to understand about BitcoinXT being an alternative client, with additional features? Should they drop all their features, because people are to dumb to read? Oh, wait, they already made a version for that: https://github.com/bitcoinxt/bitcoinxt/tree/only-bigblocks
|
|
|
|
meono
|
|
August 20, 2015, 04:55:41 PM |
|
I think OP should edit the tittle of this thread now. Unless he is just a troll ....
|
|
|
|
turvarya
|
|
August 20, 2015, 05:01:26 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on. It's about the client being DDosed. It's when the limit of 127 connections is reached(which doesn't happen usually) Do you guys do any research ever? They same things are clarified over and over again, but seems like even long time members are just reading headlines.
|
|
|
|
meono
|
|
August 20, 2015, 05:06:41 PM |
|
So basically don’t use TOR if bitcoin is being DDOSed.
Gotcha.
What dumb workaround is this and how do you even know Bitcoin is being DDOSed in before hand? That just makes 0 sense. Also all the options are set on by default which will mean all noobs dont even know whats going on. It's about the client being DDosed. It's when the limit of 127 connections is reached(which doesn't happen usually) Do you guys do any research ever? They same things are clarified over and over again, but seems like even long time members are just reading headlines. LOL right after you posted, an idiot showed up and did exactly that..... This forum never ceases to amaze me......
|
|
|
|
|