Remove node.moneroworld.com from default public node options

[sausagenoods]

node.moneroworld.com used to point at Chainanalysis run malicious nodes. It was shown several times in the Chainanalysis training video. This isn't a real node, it's just a domain with many A records pointing to other nodes.

Cake Wallet also removed it https://github.com/cake-tech/cake_wallet/pull/1667

[stnby]

More info at: https://www.digilol.net/blog/chainanalysis-malicious-xmr.html As for a good replacement: node.monerodevs.org (its one of the nodes that node.moneroworld.com currently points to)

[anhdres]

Thanks for the heads up @stnby and @sausagenoods, great article btw. We'll look into it asap.

[Nyr]

Given the news, node.moneroworld.com is shutting down anyway: https://www.reddit.com/r/Monero/comments/1fm2ahi/nodemoneroworld_is_shutting_down/

Monerujo developers should probably consider which nodes can be trusted individually, and which ones do not.

For example, in my opinion and given its open nature, there is no way that opennode.xmr-tw.org can be trusted.

But node1.xmr-tw.org and node2.xmr-tw.org (both point to the same IP address) could potentially be considered trusted, if we trust the Monero-Taiwan project.

While there is not an easy solution to this problem, we can at least compile a list of reasonably trusted nodes to be included, which is better than the current approach of including random and thus unsafe nodes.

A different possible approach would be for the Monerujo team or close collaborators to run all of the default nodes themselves.

[Nyr]

Commit 3e56d5a54bb9747db61616b0693207163a254623 has been pushed, removing node.moneroworld.com.

But opennode.xmr-tw.org is still included, and given that it is powered by Lafudoci/moneriote-python, is sure to contain nodes hosted by Chainalysis and other malicious actors.