IMPORTANCE OF PRIVACY AND NETWORK HARDENING FOR FULL NODES

[Eze BTC]

Full nodes on their own, without interference, verify transactions and blocks. But this can only be achieved executing consensus rules and as well keeping the UTXO set and P2P gossip. For this infrastructure to be trusted though, there's requirement of certain level of disk performance, certain memory needed in handling of mempool and trusted bandwidth to maintain synchronization with network. Node infrastructure gives strength to network's reliance - minimized design.

Enjoyment of full node caused security starts when and where there's a haddened host and isolated network. This is why it is important that operators should endeavor to reduce services that may render their network exposed. To improve network privacy which will allow proper functioning of the security rendered by node, they should endeavor to use 12P or Tor for P2P traffic. This  improve security, strengthening privacy and thereby reducing attacking of eclipse and IP tracking.

In a nutshell, one must strengthen its privacy and make host haddened in order to give way to proper security as full nodes need no unnecessary interference.

[BattleDog]

Most privacy leaks and compromises is just simple stuff like accidentally exposing RPC, leaving default ports open, UPnP doing you "favors", or running the node on the same box you use to click random links.

Tor/I2P for P2P traffic is a good move if you care about hiding your home IP and reducing cheap network surveillance, but I'd pair that with basic host hygiene. Keep RPC bound to localhost only, don't run bitcoind as root, patch the OS, and lock down inbound with a firewall so the only thing listening is what you intentionally want listening.

People love talking about eclipse attacks, but the real eclipse is when your router configuration is doing stand-up comedy behind your back.  

[ABCbits]

For this infrastructure to be trusted though, there's requirement of certain level of disk performance, certain memory needed in handling of mempool and trusted bandwidth to maintain synchronization with network.

1. I don't see correlation between trusting (Bitcoin network) and disk performance/certain memory, when other node unable to know what disk and memory you use.
2. What does trusted bandwidth mean?

To improve network privacy which will allow proper functioning of the security rendered by node, they should endeavor to use 12P or Tor for P2P traffic. This  improve security, strengthening privacy and thereby reducing attacking of eclipse and IP tracking.

I wouldn't worry about eclipse attack. Even on 2021, Bitcoin Core already put countermeasure for 5 out of 6 known weakness[1]. As for IP tracking, it's worth to mention it's hard to know whether your node is first node to broadcast certain TX/block.

[1] https://web.archive.org/web/20211208221646/http://cs-people.bu.edu/heilman/eclipse/

[NotATether]

1. I don't see correlation between trusting (Bitcoin network) and disk performance/certain memory, when other node unable to know what disk and memory you use.

They can view this information, if you left an unauthenticated public-facing RPC server running for your node. They can just view getblockchaininfo and getnetworkinfo command or something like that to estimate the amount of memory and disk space used by Core, and in some cases maybe they can run an RCE exploit on the JSON-RPC port to get the total resource usage of your entire system.

[ABCbits]

1. I don't see correlation between trusting (Bitcoin network) and disk performance/certain memory, when other node unable to know what disk and memory you use.

They can view this information, if you left an unauthenticated public-facing RPC server running for your node. They can just view getblockchaininfo and getnetworkinfo command or something like that to estimate the amount of memory and disk space used by Core, and in some cases maybe they can run an RCE exploit on the JSON-RPC port to get the total resource usage of your entire system.

Those are good points. But last time i checked, Bitcoin Core doesn't enable RPC server by default. And even if you enable RPC server, it only listen to localhost by default. So it require poor configuration from the node operator/owner side.

[Eze BTC]

For this infrastructure to be trusted though, there's requirement of certain level of disk performance, certain memory needed in handling of mempool and trusted bandwidth to maintain synchronization with network.

1. I don't see correlation between trusting (Bitcoin network) and disk performance/certain memory, when other node unable to know what disk and memory you use.
2. What does trusted bandwidth mean?

To improve network privacy which will allow proper functioning of the security rendered by node, they should endeavor to use 12P or Tor for P2P traffic. This  improve security, strengthening privacy and thereby reducing attacking of eclipse and IP tracking.

I wouldn't worry about eclipse attack. Even on 2021, Bitcoin Core already put countermeasure for 5 out of 6 known weakness[1]. As for IP tracking, it's worth to mention it's hard to know whether your node is first node to broadcast certain TX/block.

[1] https://web.archive.org/web/20211208221646/http://cs-people.bu.edu/heilman/eclipse/

Yeah, a user's trust in the Bitcoin network and disk performance /memory don't really have a direct correlation just like you have pointed out.

Howbeit, just like I said, FULL NODE. where it's the choice of a user to navigate or let me say run a full nodes that's non-pruned, it pushes need for independence and trustlessness and it makes it need great amount of disk performance and as well memory.

I am not saying there's a direct correlation just like that.


As for TRUSTED BANDWIDTH, it's an informal word usage because I don't think it's formal. It means basically a type of connection or let me put simply networking that exists in nodes in which there is speculation of non interference. Here, the data transmitted is seen to be authentic and not tampered with.

[NotATether]

As for TRUSTED BANDWIDTH, it's an informal word usage because I don't think it's formal. It means basically a type of connection or let me put simply networking that exists in nodes in which there is speculation of non interference. Here, the data transmitted is seen to be authentic and not tampered with.

You can achieve this by wrapping all node communication around SSL, but this doesn't really work for the P2P port because it's unencrypted by default since nodes expect it that way, however the same effect can be achieved by running an onlynet=tor node, that listens on Tor only, since Tor provides its own encryption. Also works with i2p, cdjns (or whatever it's called), and other traffic layers.

[ABCbits]

As for TRUSTED BANDWIDTH, it's an informal word usage because I don't think it's formal. It means basically a type of connection or let me put simply networking that exists in nodes in which there is speculation of non interference. Here, the data transmitted is seen to be authentic and not tampered with.

You can achieve this by wrapping all node communication around SSL, but this doesn't really work for the P2P port because it's unencrypted by default since nodes expect it that way, however the same effect can be achieved by running an onlynet=tor node, that listens on Tor only, since Tor provides its own encryption. Also works with i2p, cdjns (or whatever it's called), and other traffic layers.

At least for the encryption part, you could just use recent version of Bitcoin Core (26.0[1] or newer). It use BIP 324 (also called transport protocol v2), which encrypt connection without authentication.

[1] https://bitcoincore.org/en/releases/26.0/