For privacy concern, an option to prevent Electrumx from using the default peers should be provided along with the PEER_DISCOVERY environment variable #199
Comments
|
What do you mean used? What evidence do you have? |
|
That doesn't mean those servers are being queried. |
|
The .onion peers are forwarded to the electrum client. |
|
That's because it asked for peers, so it gets the default list, or whatever you had previously. It doesn't mean peer discovery is happening. |
|
Ok, the title of this issue should be renamed then. Should I create a new issue? |
Thireus
changed the title
|
I'm not understanding what the issue is. If you disable peer discovery then
peer discovery should be disabled.
How the server responds to client requests is entirely separate.
…On Sun, 2 Jul 2017, 19:46 Thireus ☠, ***@***.***> wrote:
[image: proofclient]
<https://user-images.githubusercontent.com/721759/27769172-f3bd3038-5f1b-11e7-9d46-e15c4e06b10d.png>
[image: proofserver]
<https://user-images.githubusercontent.com/721759/27769173-f3bde668-5f1b-11e7-8667-b2de839672d6.png>
Ok, the title of this issue should be renamed then. Should I create a new
issue?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#199 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADKliBXbA05JPtEKoEt8g1UDt5vjAAEkks5sJ3UWgaJpZM4OLi7N>
.
|
|
I've changed the title, you can mark it as enhancement instead of issue. The concern is a privacy concern. For users who wish to run electrumx as a server that doesn't communicate with anyone/anything but only their own bitcoind. (and ultimately for their Electrum client to only connect to their own electrumx server) |
|
That should be done on client level and not on the server. For example, recent clients will always try to connect to servers from the default list. |
|
I understand you do not wish to make the necessary changes to provide users with an option to segregate their Electrumx server from the rest of the world. I just wanted to point this out in case you'd like to provide this option in the future or if users wish to make the necessary changes to make this happen on their server. |
|
I don't understand your privacy concerns as you are not being specific enough. If you turn off peer discovery your server cannot be discovered unless it was already known. If you want to prevent people connecting to you, you have a firewall. If you don't want to be known, turn off peer discovery. If you're already known, well that's too bad, nothing local can help you. The network will forget you within a week anyway. |
|
Peer discovery is one thing. Enforcing both the client and the server to only refer to a specific whitelisted list of peers is another. What I'm saying is that while it's true that peer discovery enforces some privacy by preventing the server to discover other peers and leaks its identity, another identity leak can happen when the client attempts to connect to the peers provided by the server. By deactivating the peer discovery feature users may think that no peer will be provided to their Electrum client, but this isn't true as there is a default list of peers hardcoded in the Electrumx code. So my point is actually to allow users to enforce their privacy by providing an option on the server side to prevent the server from providing any peer list to the connected clients. That way if the client is misconfigured (which is something that can happen upon update and/or fresh install) the Electrum client will not automatically connect to untrusted servers (the ones provided in that default Electrumx hardcoded list). Does it make more sense? |
The ./server/peers.py file contains default servers for several coin networks. These peer servers are being used even if the PEER_DISCOVERY option is set to nil.
In /etc/electrumx.conf:
journalctl -u electrumx -f:
For users concerned about their privacy, disabling peer discovery should also disable these servers from being used. Or alternatively an option to disable default peer servers should be present in the environment variables.
The text was updated successfully, but these errors were encountered: