Firo-qt makes several DNS calls to seednodes every time it's launched, to bootstrap and join the Firo network.
These servers are owned by the Firo team and protected by CloudFlare:
While seednodes are necessary, contacting them through DNS and more so, CloudFlare, has privacy implications. Cloudflare is used by the vast majority of internet services and are known for tracking users across websites/services. Every time a user fires up a firo-qt wallet, CloudFlare knows a request for a Firo seednode was made and from where. Basically, every time firo-qt is launched, CloudFlare knows the person behind that ip address is using Firo and the exact moment they launched the wallet. These are sensitive information.
A solution would be to directly call the IP addresses. This would avoid DNS calls entirely. I know Bitcoin used dns for seednodes (i don't know how they do now), but if there aren't strong reasons to do so, i'd avoid it.
I tried to run firo-qt by hardcoding the ip addresses of seednodes instead of using DNS and could connect to the network without issues or noticeable performance impact. I opened a pr with the changes in case we decide to go that way: https://github.com/firoorg/firo/issues/1442
Firo-qt makes several DNS calls to seednodes every time it's launched, to bootstrap and join the Firo network. These servers are owned by the Firo team and protected by CloudFlare:
https://github.com/firoorg/firo/blob/cf19353555dea925fcadb4381f5ac5fa9c87cc47/src/chainparams.cpp#L345-L353
While seednodes are necessary, contacting them through DNS and more so, CloudFlare, has privacy implications. Cloudflare is used by the vast majority of internet services and are known for tracking users across websites/services. Every time a user fires up a firo-qt wallet, CloudFlare knows a request for a Firo seednode was made and from where. Basically, every time firo-qt is launched, CloudFlare knows the person behind that ip address is using Firo and the exact moment they launched the wallet. These are sensitive information.
A solution would be to directly call the IP addresses. This would avoid DNS calls entirely. I know Bitcoin used dns for seednodes (i don't know how they do now), but if there aren't strong reasons to do so, i'd avoid it.
I tried to run firo-qt by hardcoding the ip addresses of seednodes instead of using DNS and could connect to the network without issues or noticeable performance impact. I opened a pr with the changes in case we decide to go that way: https://github.com/firoorg/firo/issues/1442
On a related note i opened another issue, to discuss the diversification of seednodes: https://github.com/firoorg/firo/issues/1441