bisq-network / proposals

@bisq-network improvement proposals
https://bisq.wiki/Proposals
44 stars 16 forks source link

Show a Warning for potentially misconfigured network settings #452

Closed salokiam closed 3 weeks ago

salokiam commented 8 months ago

This is a Bisq Network proposal. Please familiarize yourself with the submission and review process.

When using Bisq with self hosted Bicoin code node, there are a couples of tutorials out there, and even the network setup that was used by Ronin, which can easily lead to network instability and a privacy leak. For these cases, I think we should show a warning to the user when configuring the network. In a typical home environment, where the user is running Local Area Network, which is connected to the Internet (usuall by DSL, Cable,...) both Bisq and bitcoin core are run inside the same LAN. If the user configures Bisq to use the Bitcoin core node through Tor network, the privacy and the network stability actually decreases. In a default Tor connection the connection needs to hop serval times inside the Tor network. However, since there are most likely no Tor Nodes inside the LAN, the Tor protocol will route the traffic outside the LAN through the Internet. A user can verify this by unplugging his LAN from the Internet and trying to access a Tor URL (onion-address). it will not succeed even though boths ends are on the same LAN. When internet access is turned on again, as the Internet Service Provider will see the outgoing and the incoming network traffic, he might learn that this traffic is related to a Bisq instance connecting to a Bitoin core node by profiling the timing, size and frequency of the TCP packets (encryption wont help here). I know it is counterintuitive that the use of Tor can actually descrease privacy, but thats whats happening in this corner case. Besides that, the reliability of that network setup is not very good, since Tor is not very reliable and Bisq does request frequently information from Bitcoin core. If the user enters only one Tor address to connect to, it is likely that Bisq will bark about a bad network, hence we are seeing many support incidents which are related to bad network setup. Bisq usually mitigates this by connecting to many Tor bitcoin core instances at the same time, hoping that at least one will succeed. But the user can overide this setting. Some prepackaged bitcoin core node solutions, like Ronin, let you only connect to the bitcoin core node through Tor, where direct LAN connection would be much more private and more reliable.

This problem can obviously not be mitigted by using an indexer instead of SPV.

So I want to suggest, that if the Bisq user wants to save the network settings for bitcoin core, the program checks if there is only one bitcoin core AND the connection type is Tor. In that case a warning should popup saying something like: "Setting up only one Connection which is using Tor can lead to privacy reduction and instability, please see "

I think this will save us some support incidents and teach the user what he is actually doing.

suddenwhipvapor commented 3 weeks ago

While I found this proposal interesting, it seems that all efforts are understandably being spent on Bisq2, so I reckon this should be closed as stalled.