Assume Alice is using SDL for 1 hour and makes many transactions, perhaps using HushChat with Bob.
The lite server she is connected to will know know that IP address A has created transaction id B,
i.e. linkability of IP addresses to all the transaction ids that are created while she is connected.
If Bob is connected to the same lite server for some or all of those transactions, the complete
transaction graph is known : IP address A created txid B sending to IP address C which is the receiver
of txid B. This is not good.
One improvement could be that we change lite servers on an interval, such as every 5 minutes. That would
be better than nothing, but what seems to be even better is to change the lite server after every tx.
This means that every time Alice (or Bob) makes a new transaction, they are potentially talking to a
different lite server. It is potentially because it is possible that our randomly chosen new lite server
is the same as our previous lite server. We could try to ensure that the new random server is different
than our previous, but in edge case of only one server being up, the code gets annoying.
This commit implements changing to a likely different lite server after every transaction. In the worst
case scenario, it reduces to the privacy of the old behavior, which is to leak all data to the current
lite server. In the best case, we spread out metadata leakage to every lite server that is currently up.
The average case is to spread out our metadata to more than just one lite server, which is a privacy win.
If stickyServer=1, this code is disabled, since it's better for somebody to connect to their own lite server
and not leak any metadata to 3rd parties.
This algorithm should also be implemented in SDA.
As an aside, Zcash has ignored this problem for 2.5 years and only supports talking to a single lite wallet
at a time (no random selection on startup) which provides further evidence that ZEC mainnet is a honeypot.
Removing duplicate disconnect/connect signals/slots since moved earlier in wizard in previous commit. Duplicate caused event to be called twice and not work correctly.
Fixed cancelEvent slot, disabled back butttons, removed close button since cancel button displays alert and can close app instead of loading GUI with light server error.
This commit prevents the basic bug of allowing a user to click "Next" without
entering any information. This is done by telling QT which fields are mandatory.
I am not sure if it fixes the "Cancel button does a coredump" because I cannot
reproduce that.
I also made various strings use the translation file.
I removed the "Back" button from the first page, because that makes no sense.
I removed the "Passphrase don't match" red text that is shown by default, because
it was ugly and immediately shows users a negative "you did something wrong" as their
very first visual of the wallet. That seemed like bad UI/UX. Now we only show red
text there if passwords are too short or do not match.
I made the TOS button text red, which makes it more clear that it's necessary
to click it.
As a consequence of these changes, you cannot input ANY values until the TOS radio
button is clicked, so it seemed important to highlight it in red. Otherwise users
may click other areas and it seems like nothing works.
I deleted an unused file restoreSeed.ui .