So, Darksend is almost upon us - we still need to think about end-to-end privacy and this is something that is mostly up to the end user.
Ownership of Darkcoins by the process of mining is still potentially traceable on the blockchain and it is therefore possible for an adversary to identify you at the point of spend. For example;
- Registering and mining in a pool could allow an adversary to link your wallet address to your IP address and/or email address to identify you. (Darkcoin pools should implement strong https encryption to help to avoid this - at least 2048-bit or 4096-bit - Self-Signed certs. or even using free certs. like CAcert.org are preferable to having no SSL at all).
- When mining in the pool you are identifiable as being in a sub-set of user accounts due to the tcp http pool address and info. being sent in plain text.
- P2pool users addresses are shown by 'default' and should at least be obfuscated on a pools static pages.
- Changes in a Darkcoin wallet balance at the point of spend could potentially be used to link a transaction to a purchase, given the above.
Darksend obviously makes these examples much more difficult for an adversary to establish and is an improvement on Bitcoins blockchain technology in terms of a users privacy and anonymity.
What we need next is to implement Dark mining.
This can actually be done already by using existing privacy tools and by making all Darkcoin users more aware of what they can do as a community.
We also need to develop some new tools to make this as easy as possible for all Darkcoin users. In fact, the more people that adopt these techniques the better:
"you can't be anonymous by yourself" !
A good way to go about this would be to build and use P2pool's running as dual stack nodes through Tor network .onion addresses.
Setting minerd or sgminer to use this type of pool correctly and efficiently is already possible with existing tools and some know how.
The host system should ideally be connected to a VPN with Tor running through it. The user should create a new dedicated wallet.
Linux users could use proxychains -
http://proxychains.sourceforge.net/ -
http://proxychainsgui.sourceforge.net/ to route traffic via the Tor network.
Windows and Mac users could use ProxyCap -
http://www.proxycap.com/ - or 'Proxifier' -
http://www.proxifier.com/Here is an example of minerd running directly through Tor on the localhost machine via 'Proxifier'.
Proxifier > Profile >
Proxy Servers:
Address:Port : Type
Proxification Rules:
Applications: minerd.exe or sgminer.exe
Target Hosts: as P2pool address or .onion address
Target Ports: as P2pool port
Action: Proxy from Proxy Servers i.e. Tor on localhost (127.0.0.1) Socks5 (9150 TBB or 9050)
Name Resolution:
Proxifier DNS Settings: Resolve hostnames through proxy (only i.e. Tor) to avoid DNS leaks....
Paid for solutions are obviously not ideal in terms of a users privacy. If I'm not mistaken the original stand alone Stratum protocol had support for Tor / Proxy connectivity ?? using;
--socks PROXY - Use socks5 proxy for upstream Stratum connection, specify as host:port
--tor - Configure proxy to mine over Tor (requires Tor running on local machine)
However, windows (particularly version 7) is notoriously bad at forwarding and has issues with DNS leaks etc. This is something to implement fully into new (free) darkcoin mining tools across all platforms.
...
Initial testing has shown that the any loss of accepted shares / work etc. is in fact almost completely negligible with out-of-the-box settings. However, their are some tricks and configurations, both server side and client side, that can be implemented to increase throughput and connectivity.
New P2pool's running on Tor .onion addresses is the first requirement. I'm OK with doing the node hosting and Tor set-up if any experienced Darkcoin P2pool operators want in or to help implement this. Just waiting for Darksend to officially kick-in and for the latest P2pool code to be trusted as stable pending the fork. Anyone else with good knowledge of tcp http address obfuscation and scrubbing ?