Am Donnerstag, 12. Oktober 2017 12:49:25 UTC-5 schrieb Andreas Schildbach: > > On 10/12/2017 02:08 AM, Manfred Karrer wrote: > > > I had the same concerns regarding Bloq's seed node addition and removed > > it from Bisq's BitcoinJ fork > > ( > https://github.com/bisq-network/bitcoinj/commit/7b2ed972fa09237a79388d39c49f51ee6aa17ac3). > > > > Perhaps we should add methods for removing and adding DNS seeds from > NetworkParameters. NetworkParameters is meant to be constant, but we > could have a configuration phase before it is actually being used. >
Yes that would be a good idea. Also to make usage of http seed optional (there are some concerns with http seed regarding privacy as well - See Peter Todd’s replies when Mike was suggesting that). > > > Though there are much more problematic privacy issues with the broken > > Bloom filter implementation and design. Any full node (operated by a > > surveillance company like Skry) can find out that all wallet addresses > > belong to one user and if you don't use Tor they even know your IP > address. > > > > Unfortunately nobody is working on that to fix that. > > The current plan to fix this is by full nodes offering reverse bloom > filters (or similar), if I remember this correctly. Instead of lite > clients sending their custom bloom filter to the full node, full nodes > would construct filters from their blocks and send them to the lite > clients. They would be committed to the blockchain so full nodes could > not lie. > > One unsolved problem with this is this idea would not work with pending > transactions. > I would be happy if the low hanging fruits would get fixed like: - persisting the nonce - not adding both pukKey and pukKeyHash as that reveals the real addresses I am aware that this would also not lead to perfect privacy, but it would be at least better as the current state. > > > The chain blindness of BitcoinJ is another major concern not addressed > > as far I know and will set BitcoinJ users at risk to spend their Bitcoin > > on a chain which they don't want to support and/or get exposed to replay > > attacks. Very concerning IMO! > > I would not say bitcoinj is blind to the chain. It always follows the > chain with most accumulated work, which is a very specific chain from a > users point of view. > A big problem with that is, that if miners switch between chains (as we saw with BCH/BTC) the longest PoW chain might change as well, leading to security risks and potential losses. So if today I am following the BTC chain and sending you coins and tomorrow the longest PoW chain becomes B2X then BitcoinJ will not recognise that tx anymore. In Bisq the deposit tx might get renders invalid after a chain switch and the exchange loses its primary security mechanism. I am tired of those fork attacks and don’t assume they will succeed (as all the past attempts) but it consumes valuable dev time to prepare strategies how to deal with that menace… Best would be if there would be some option in BitcoinJ to guarantee to stay on one chain (Luke DashJr has recommended one solution a few months ago at the last fork attempt. Don’t remember the details but as far I remember it was not a huge change, just a small extra check when accepting blocks/nodes). Otherwise we need to setup own BTC full nodes and use those instead of the public network. But that would render the SPV model obsolete and would turn BitcoinJ to a Electrum federated server model. To move to Bitcoin Core SPV mode is our preferred strategy to get rid of those attacks (and the latest features instantly like SegWit), but that requires much more effort and time and I am not sure how good that SPV model really works. Not looked closer so far into it... So all in all it would be great to get some solid protection from the BitcoinJ library. And forking off from Bitcoin without proper separation as an altcoin seems to be something we will see more often in future as long it is hurting the ecosystem and therefore serves as an efficient attack. Br, Manfred -- You received this message because you are subscribed to the Google Groups "bitcoinj" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoinj+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
