hush
/
hush3
9
0
Fork 11
Code Issues 143 Pull Requests 3 Projects Releases 16 Wiki Activity
Labels Milestones
New Issue

Restrict self-advertisements with privacy networks to avoid fingerprinting #316

Open
opened 10 months ago by duke · 7 comments
duke commented 10 months ago
Owner

https://github.com/bitcoin/bitcoin/pull/27411

https://github.com/bitcoin/bitcoin/pull/27411
👀 1
duke commented 10 months ago
Poster
Owner

This would improve privacy for nodes that run on both clearnet (ip v4 or v6) and a privacy network (tor or i2p). BTC and HUSH will tell a clearnet peer it's privacy network address (and vice versa) which leaks metadata, i.e. node X has address Y in IPv4 and address Z on Tor v3, for example. Nodes would protect their privacy better to not do this. This code has recently been merged into BTC (it isn't in a release yet) but their internals have changed a lot so it may be some fun to make this change in our codebase.

This would improve privacy for nodes that run on both clearnet (ip v4 or v6) and a privacy network (tor or i2p). BTC and HUSH will tell a clearnet peer it's privacy network address (and vice versa) which leaks metadata, i.e. node X has address Y in IPv4 and address Z on Tor v3, for example. Nodes would protect their privacy better to not do this. This code has recently been merged into BTC (it isn't in a release yet) but their internals have changed a lot so it may be some fun to make this change in our codebase.
duke commented 10 months ago
Poster
Owner

Created the p2p_privacy branch to work on this

Created the `p2p_privacy` branch to work on this
duke commented 10 months ago
Poster
Owner

Functions that need to change to complete this :

  • GetLocalAddress() in src/netaddress.cpp in BTC, src/net.cpp in HUSH
  • GetReachabilityFrom() in src/netaddress.cpp
  • GetExtNetwork() in src/netaddress.cpp
  • GetLocal() in src/net.cpp

BTC upstream code has not diverged as much as I thought so it should be relatively straight forward to port these changes to our codebase

Functions that need to change to complete this : * [ ] GetLocalAddress() in src/netaddress.cpp in BTC, src/net.cpp in HUSH * [ ] GetReachabilityFrom() in src/netaddress.cpp * [ ] GetExtNetwork() in src/netaddress.cpp * [ ] GetLocal() in src/net.cpp BTC upstream code has not diverged as much as I thought so it should be relatively straight forward to port these changes to our codebase
duke commented 10 months ago
Poster
Owner

I have made most of the necessary changes but currently dealing with an issue where BTC's version of GetLocalAddress was already returning a CService before this change, but our version returns a CAddress which means changing code which calls GetLocalAddress to deal with that.

I have made most of the necessary changes but currently dealing with an issue where BTC's version of `GetLocalAddress` was already returning a `CService` before this change, but our version returns a `CAddress` which means changing code which calls `GetLocalAddress` to deal with that.
duke commented 10 months ago
Poster
Owner

OK, I pushed code to the branch. It has not been tested yet. To test this branch :

  • Make sure we didn't break nodes that only use IPv4/IPv6
  • Make sure we didn't break nodes that only use Tor or only i2p
  • Make sure we didn't break nodes that listen on clearnet and a privacy network (such as IPv4+Tor)
    • IPv4+IPv6+Tor
    • IPv4+IPv6+i2p

I don't think it's very important to test full syncs, we mostly want to test that a node can stay in sync with peers. So we just need to test partial syncs.

If this code does not work, then nodes may get stuck with no peers or be unable to sync. We want to make sure that doesn't happen.

OK, I pushed code to the branch. It has not been tested yet. To test this branch : * [ ] Make sure we didn't break nodes that only use IPv4/IPv6 * [ ] Make sure we didn't break nodes that only use Tor or only i2p * [ ] Make sure we didn't break nodes that listen on clearnet and a privacy network (such as IPv4+Tor) * [ ] IPv4+IPv6+Tor * [ ] IPv4+IPv6+i2p I don't think it's very important to test full syncs, we mostly want to test that a node can stay in sync with peers. So we just need to test partial syncs. If this code does not work, then nodes may get stuck with no peers or be unable to sync. We want to make sure that doesn't happen.
duke commented 10 months ago
Poster
Owner

Looks like I missed some code to port and we don't have a function it wants to call, so I am still working on this.

Looks like I missed some code to port and we don't have a function it wants to call, so I am still working on this.
duke commented 10 months ago
Poster
Owner

Current status is that I ported more code but we are starting to run into issues where our internals are out of sync with the BTC code coming in, so lots of updates are required. We didn't have ConnectedThroughNetwork() function which I added, but that relies on the concept of "inbound onions" and a list of "onion binds" which we don't have. Implementing those requires changes to init.cpp and also changing the constructor of the CNode class.

Current status is that I ported more code but we are starting to run into issues where our internals are out of sync with the BTC code coming in, so lots of updates are required. We didn't have `ConnectedThroughNetwork()` function which I added, but that relies on the concept of "inbound onions" and a list of "onion binds" which we don't have. Implementing those requires changes to init.cpp and also changing the constructor of the `CNode` class.
duke added the
feature
 label 9 months ago
duke added the
tor
i2p
 labels 9 months ago
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
arm
asyncnotedecryption
danger
dev
dev-aarch64
dev-mac
dev-old-randomx
divzaddrs
dragonx
duke
freebsd
getfilterednotes
hip39
hushutils
insync
jahway603
master
mvstuff
onryo
p2p_privacy
ramhash
relaytx
rx-largepages
setbestchain
warmup
witness_cache
wolfssl
wolfssl_win
z_createrawtransaction
z_importwallet
z_signmessage
Labels
Apply labels
Clear labels
0-500 bounty
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it testing
related to testing tor
related to tor wontfix
this won't be fixed
No Label 0-500 bounty 2001-5000 bounty 501-2000 bounty arm beginners bug build documentation feature high priority i2p low priority medium priority question release testing tor wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes