I have a privacy concern regarding the current use of slate-pack addresses as external tor address directly.
My concern is two fold
a) By directly broadcasting a tor address as external tor address, anyone who scans the tor network can simply log and collect slatepack address information. With this information public, it is easy to mark wallets with outputs especially when there is auto-receive enabled in the wallet, which is currently the case.
Correction, it is not directly visible, luckily. There is however still a fixed .onion link for an online wallet.
b) When a node goes offline, anyone who connects to enough nodes can detect this and store the IP and time information. An attacker who monitors the tor network and connects to enough nodes, can also map tor/slatepack nodes that go offline.
by matching the time, an attacker can relatively easily map IP's to slatepack addresses which compromise the online ID of the wallet owner.
Possible solutions
1) Add one extra level to tor, meaning you broadcast a random address and only when asked for the specific slatepack address, the wallet pretends to relay it. This only adds one extra step of decrypting incoming packages which is relatively cheap with a lot of privacy gain. At least it will not enable attack a), anyone from scanning for slate-pack addresses, and it will make b) slightly more difficult. Apparently this one extra level is there. To my understanding it is fixed still. So would be nice if we can make it random/changing each time a wallet goes online.
2) Make it possible to run nodes via tor. Even if they would have some sort of permanent ID, as long as that would not involve an IP address, there is no significant privacy leak when nodes and wallets go offline at the same time.
3) Optionally make some sort of tor decoy service, meaning when you shutdown your wallet. The tor address stays online longer or pretends to be online even when all packages are simply written to output 0.
I have a privacy concern regarding the current use of slate-pack addresses as external tor address directly.
My concern is two fold a) By directly broadcasting a tor address as external tor address,
anyone who scans the tor network can simply log and collect slatepack address information. With this information public, it is easy to mark wallets with outputs especially when there is auto-receive enabled in the wallet, which is currently the case. Correction, it is not directly visible, luckily. There is however still a fixed .onion link for an online wallet. b) When a node goes offline, anyone who connects to enough nodes can detect this and store the IP and time information. An attacker who monitors the tor network and connects to enough nodes, can also map tor/slatepack nodes that go offline. by matching the time, an attacker can relatively easily map IP's to slatepack addresses which compromise the online ID of the wallet owner.Possible solutions 1)
Add one extra level to tor, meaning you broadcast a random address and only when asked for the specific slatepack address, the wallet pretends to relay it. This only adds one extra step of decrypting incoming packages which is relatively cheap with a lot of privacy gain. At least it will not enable attack a), anyone from scanning for slate-pack addresses, and it will make b) slightly more difficult. Apparently this one extra level is there. To my understanding it is fixed still. So would be nice if we can make it random/changing each time a wallet goes online. 2) Make it possible to run nodes via tor. Even if they would have some sort of permanent ID, as long as that would not involve an IP address, there is no significant privacy leak when nodes and wallets go offline at the same time. 3) Optionally make some sort of tor decoy service, meaning when you shutdown your wallet. The tor address stays online longer or pretends to be online even when all packages are simply written to output 0.