Merge branch 'make-it-obvious-where-keys-are-stored' into 'master'

Fix #45 & #47 Closes #45 See merge request zcash-docs/zcash-docs!267
Electric-Coin-Company · Jul 16, 2021 · a62f77c · a62f77c
2 parents 55600ec + 8017efd
commit a62f77c
Show file tree

Hide file tree

Showing 4 changed files with 136 additions and 1 deletion.
diff --git a/source/rtd_pages/development_guidelines.rst b/source/rtd_pages/development_guidelines.rst
@@ -368,6 +368,13 @@ Below describes a standard workflow for developing code in the zcash repository:
 
             make
 
+    5. Run Zcashd
+        .. code-block:: bash
+
+            ./src/zcashd
+
+.. tip:: Logs are always written to ``debug.log`` in the data directory unless the ``-nodebuglogfile`` flag is specified. Use the ``-debug=category`` flag to enable specific debug :ref:`logging categories<Logging Categories>`. Include the ``-printtoconsole`` flag to stream logs to ``stdout``.
+
 This will allow you to create/edit existing Zcash code, and build it locally. 
 If you want to submit a PR for this newly created code, please refer back to
 :ref:`Make & Commit Changes` section. After completing those steps, please ensure

diff --git a/source/rtd_pages/logging_categories.rst b/source/rtd_pages/logging_categories.rst
@@ -0,0 +1,55 @@
+.. _Logging Categories:
+
+Logging Categories
+====================
+
+.. list-table::
+   :widths: 25 50
+   :header-rows: 1
+
+   * - Category
+     - Description
+   * - ``addrman``
+     - Logging related to tracking network peer addresses in memory before caching to `peers.dat`.
+   * - ``alert``
+     - Logging related to Version Upgrades (status bar)
+   * - ``bench``
+     - Logging related to benchmarking.
+   * - ``coindb``
+     - Logging related to the storage of transaction outputs.
+   * - ``db``
+     - Logging related to storage of wallet data (data that is relevant to the spend authority and/or viewing keys that the wallet is using to track transactions).
+   * - ``estimatefee``
+     - Logging related to Fee Calculations
+   * - ``http``
+     - Logging related to HTTP requests & HTTP work queuing.
+   * - ``libevent``
+     - Logging related to HTTP event threading.
+   * - ``mempool``
+     - Logging related to in-memory ephemeral storage for incoming transactions.
+   * - ``net``
+     - Logging related to network data incoming and outgoing.
+   * - ``paymentdisclosure``
+     - Logging related to `disclosing the details of a shielded payment <https://garethtdavies.medium.com/an-introduction-to-payment-disclosure-in-zcash-96748c209d49>`_.
+   * - ``pow``
+     - Logging related to the Equihash Proof-of-Work algorithm.
+   * - ``proxy``
+     - Logging related to SOCKS5 proxy authentication.
+   * - ``prune``
+     - Logging related to removing block/rev files in order to remain under target space goal.
+   * - ``receiveunsafe``
+     - Logging related to accessing unencrypted notes.
+   * - ``reindex``
+     - Logging related to the process of rebuilding wallet state by replaying and re-evaluating the blockchain data from a specific height forward.
+   * - ``rpc``
+     - Logging related to maintaining the HTTP RPC service.
+   * - ``selectcoins``
+     - Logging related to the automatic `selection of coins <https://murch.one/wp-content/uploads/2016/11/erhardt2016coinselection.pdf>`_ to be spent that is produced during transaction construction by the wallet.
+   * - ``tor``
+     - Logging related to communication with a locally running Tor process.
+   * - ``zmq``
+     - Logging related to ZeroMQ inter-process notifications.
+   * - ``zrpc``
+     - Logging related to transaction building & async operations.
+   * - ``zrpcunsafe (implies zrpc)``
+     - Same as ``zrpc`` utilizes a separate log category as the information logged is private and more care should be taken not to leak it.
diff --git a/source/rtd_pages/privacy_recommendations_best_practices.rst b/source/rtd_pages/privacy_recommendations_best_practices.rst
@@ -0,0 +1,65 @@
+.. _Privacy Recommendations and Best Practices:
+
+Privacy Recommendations and Best Practices
+==========================================
+
+There are simple best practices to follow to minimize data leakage and protect your financial privacy. This post outlines important considerations for users who want to maintain optimal transaction privacy, no matter which supporting software (wallets, exchanges, web browsers) is being used.
+
+Shielding Funds
+----------------
+
+One of the most important ways to maintain financial privacy with Zcash is by holding a certain amount or all of your funds in a shielded address. The more funds held in shielded pools, the greater the overall privacy of the network.
+
+**Privacy Protection Best Practices for Shielded Zcash**
+
+1. Store more Zcash on a shielded address than is need for any single transaction
+2. Do not leak metadata such as the tx id, tx amount, or counterparty information as they can be used to create linkages.
+3. Do not share viewing keys without understanding privacy implications
+
+Pass-through Linkability
+------------------------
+
+`Transaction linkability <https://electriccoin.co/blog/transaction-linkability/>`_ is the ability to connect unique transactions to an individual address or group of addresses through monitoring activity on-chain. Partial and fully shielded transactions help mitigate and greatly reduce transaction linkability but people should still be mindful of meta-data leakages. 
+
+Pass-through operations are when a given amount of ZEC is “passed-through” addresses, most commonly to break linkability.
+
+Network Graph Analysis
+----------------------
+
+A unique IP address can allow network observers to correlate your Zcash transactions with each other and with your other traffic. Zcash is a global network using IP addresses over TCP for maintaining connections between nodes and does not obfuscate users’ IP addresses.
+
+Users should be aware that when an adversary knows a person’s IP address, other private details can easily be discovered (names, locations, business interests, etc). For example, in Zcash, correlations can be made between transactions sent from shielded addresses and those sent from transparent addresses.
+
+Additional Recommendations
+--------------------------
+
+- The transaction fees are publicly visible for all transactions, so when using a shielded address it’s best for privacy to rely on a privacy-focused wallet to select a fee rather than to select them manually.
+- While it is safe to reuse one shielded address for receiving payments for a single purpose (e.g. donations to a non-profit), using one shielded address to receive payments for multiple purposes (e.g. a business service and donations to a non-profit), makes it possible for someone to compare the contexts where the address is used and build an identity profile.
+- Be aware of IP linkability between transactions sent from shielded addresses and your other network traffic.
+- Advanced users :ref:`may use Tor<tor>` to obfuscate the IP address of their Zcash node.
+
+Security Considerations for zcashd
+----------------------------------
+> Warnings & Recommendations (applicable on any platform)
+
+- Wallet encryption is disabled, use full-disk encryption (or encryption of your home directory) to protect your wallet at rest. 
+- Ensure no other users have the ability to execute code (even unprivileged) on the hardware your zcashd process runs on unless you have fully analysed your operational security.
+- Make regular backups of your wallet.
+- Do not change the default setting that only allows RPC connections from localhost.
+- Use a minconf of 15 (minimum number of confirmations) to defend against potential blockchain reorganizations (note: we may increase this number if ongoing research reveals notable risks).
+- Setting ``the-debug=zrpcunsafe`` configuration is helpful for diagnosing issues but the log will contain private information, so be careful when sharing the contents of it with others. If this is too much liability, use ``-debug=zrpc`` instead.
+
+When you send a transaction, your node sends the transaction to other nodes that are part of the Zcash peer-to-peer network. By observing that your node was the first to broadcast the transaction, those nodes may learn that your node created the transaction. To prevent this, configure zcashd to use Tor.
+
+References
+----------
+
+:fa:`arrow-circle-right` `Transaction Linkability <https://electriccoin.co/blog/transaction-linkability/>`_
+
+:fa:`arrow-circle-right` `A Shielded Ecosystem <https://electriccoin.co/blog/shielded-ecosystem/>`_ 
+
+:fa:`arrow-circle-right` `Anatomy of A Zcash Transaction <https://electriccoin.co/blog/anatomy-of-zcash/>`_ 
+
+:fa:`arrow-circle-right` `Payment Contexts & Reusing Shielded Addresses <https://electriccoin.co/blog/shielded-address-contexts/>`_
+
+:fa:`arrow-circle-right` `The Encrypted Memo Field <https://electriccoin.co/blog/encrypted-memo-field/>`_
diff --git a/source/rtd_pages/zcashd.md b/source/rtd_pages/zcashd.md
@@ -51,6 +51,14 @@ With a fully-synced running ``zcashd`` in the background, open a new terminal wi
 
 See the available [RPC commands](https://zcash-rpc.github.io/) for all the capabilities of Zcashd & Zcash-cli.
 
+Every Zcashd comes with an embedded Zcash **wallet**. The private keys and transaction information are associated with this wallet are stored in:
+
+```
+~/.zcash/wallet.dat
+```
+
+Ensure this file is regularly backed up and permissions are private.
+
 Try generating some addresses, then sending and receiving transparent and shielded transactions! Note that there are separate commands for transparent and shielded addresses/transactions.
 
 If you're running Zcashd for development, configure Zcashd to run on testnet, which takes significantly less time to sync than mainnet. Use the [Zcash Testnet Faucet](https://faucet.testnet.z.cash/) to get test funds.
@@ -90,4 +98,4 @@ An extensive list of Zcashd & Zcash-cli pages, including ones linked inline in t
 * [Zcash Mining guide](zcash_mining_guide.html)
 * [Known Issues](security_warnings.html)
 * [Data Directory Files](files.html)
-* [Tor Support in zcashd](tor.html)
+* [Tor Support in zcashd](tor.html)