moneroexamples
commented
1 year ago Thanks. I will have a look. But if you already know how to do it, a PR into a devel branch would be welcomed.
Open ACK-J opened 1 year ago
moneroexamples
commented
1 year ago Thanks. I will have a look. But if you already know how to do it, a PR into a devel branch would be welcomed.
ACK-J
commented
1 year ago Thanks! I’ve never developed in C++ but I’ve forked the codebase and will try to see what I can get working
ACK-J
commented
1 year ago Note to self, k-anonymity can also be applied when searching for a block hash using the same method described above for a tx hash.
ACK-J
commented
1 year ago ACK-J
commented
1 year ago 
The current block explorer implementation has privacy flaws as sensitive information can be learned from a user's requests. This includes IP addresses which can be linked to transaction ID's when an average user browses a block explorer and doesn't take proactive precautions to mask their IP or browser fingerprint. Even using TOR may not be enough OPSEC in certain cases, as explained in breaking monero. This is a fundamental flaw and is difficult to solve. I know of one developer who advertised a trust-less block explorer but after reviewing the code, that does not appear to be the case.
I don't think it should be necessary for users to run their own node and explorer just to avoid compromising their privacy. Privacy by default is a core principle of Monero and I think this enhancement would emphasize that.
K-anonymity is a privacy property of anonymized data and has been used by sites such as Have I Been Pwned to process sensitive passwords without having to trust the server.
I propose we add the capability to return multiple subsequent blocks and search the first-N characters of a tx_hash.
This would look something like this:
Block
User browses to a block explorer->The user enter 2737640 into the search box->the browser picks a random index from 0 - 999->the browser sends a request to/api/block/2737040/2738040 ->the 1,000 blocks are returned to the user's browser->the browser searches the results for block 2737640 and disregards all other data->Data for block 2737640 is shownTx Hash
User browses to a block explorer->The user enters a tx hash into the search box->the browser sends a request to /api/transaction/8dba0 (first 5 characters of a tx_hash)->Server responds with all transaction hashes that have the same first five characters->the browser searches for the transaction hash within the results and disregards all other data->data for the requested transaction hash is shownI believe the code modifications should be minimal. The only issue I foresee is figuring how to use a RNG without JavaScript and the obvious bandwidth overhead.