It's disappointing to read that Dillon and others were thinking about actually doing a real DoS attack on the Bitcoin network, rather than write code to improve bitcoind's resource scheduling and DoS handling. That's fantastically irresponsible, but also entirely unsurprising given his track record.
He's track record is right there isn't it?
I got the impression he got hes ideals intact
Mike's partly mistaken anyway, as I said on reddit the attack on SPV nodes was in that they give very little privacy and can easily wind up revealing the contents of your wallet. jdillon and I eventually decided it'd be worthwhile, and most ethical, to put up a fake website claiming to be a company running many different Bitcoin nodes and explaining how that would let them get data to track who owned what coins - something blockchain.info already does to an extent. It would have been a good warning to the community about what privacy their wallets actually have; we need better privacy protections in Bitcoin wallets given that someone probably will do this for real sooner or later. We
did discuss actually doing the attack, but decided against for ethical reasons.
In the end we never even went that far for a few reasons, including that progress was being made, and public knowledge of the privacy issues seemed to be improving; even a simple website has ethical concerns too.
As for the DoS vulnerabilities, jdillon wanted to demonstrate how SPV is fundamentally flawed right now in that there is no way to distinguish "real" users from a DDoS attacker and the resource consumption is asymmetric; no amount of scheduling that fix that issue although it helps related issues and would help in conjunction with design changes. At the time we were having a very hard time convincing some people, Mike included, that the issue was real, and solutions that could have fixed the design were getting a lot of push-back. But on top of that there were other vulnerabilities too that affected everyone and made other types of attacks possible. So I told jdillon to hold off so the easily fixable problems that he wasn't aware of could be fixed first, and the decision about whether or not the problem needed to be demonstrated to be reconsidered at a later time.
Myself I spent a lot of time on the issue with a small group of devs, and while it's far from perfect, the 0.8.5 release is significantly improved by those efforts. And yes, I did do a type of attack on Bitcoin mainnet. After seeing mainnet nodes begin to be affected after a few minutes I stopped.
What you think of the ethics of all this is up to you, but it seems that the desired end result of getting the people involved to
change their minds is being achieved. I'm not going to claim either myself or jdillon have always gotten the balance right between disclosure, demonstration, and delay, but he never made me question his sense of underlying ethics and end-goal of achieving a more secure Bitcoin in a responsible way.
