Bad wallet summaries

[luke-jr]

"Simplified validation" should be "negative" orange.

Bloom-using wallets shouldn't say they have any privacy.

[greenaddress]

Mostly agree however if you connect to your own Node via Onion/SSH tunnel/VPN then you do have your privacy.

[crwatkins]

Thanks for pointing this out. I'll try to explain how I think the current scoring is supposed to work.

The validation scoring relates to trust and not privacy. We currently give wallets that use random servers a better score (color) than those that use centralized servers. I'm definitely not opposed to making improvements in this area, but I personally think that this is an important distinction we should continue to emphasize.

[evoskuil]

@greenaddress Only query privacy, you remain unprotected against new transaction taint. That requires using a distinct anonymized connection to a public node (vs. your own node) for each tx posted.

[greenaddress]

@evoskuil What if your own node is also only connecting via Tor? Then you only need a e2e encrypted/authenticated channel with your node

[evoskuil]

• When you post multiple txs over same same Tor channel they are correlated, since the other end can be the attacker and see them all arriving from one node first. It doesn't make a difference that you relay them though a node that you control.

• When you connect via Tor to your own node that connects only via Tor to peers, the node needs to drop each connection before sending your second tx (in order to prevent the first problem). To my knowledge no node does this. The node also needs to guard against unmasking, which is problematic.

• A connection to your own node via Tor/VPN/SSH protects only the communication. The tx still originates from a node that you visibly own.

Using an independent Tor connection (for each post) to a public server eliminates these risks to the extent that one can rely on Tor to mask an IP address. The public server works as long as there is the possibility that anyone can be using it. It's also true that one's trusted (optionally remote) query server can at the same time be exposed as a public relay server for other users.

This approach is much safer than relying on each node (including those not under your control) to try and break timing attacks. It is also easy to implement safely. Finally, it also removes the very dangerous presumption that the P2P network carries private information. This stands to push the whole network into trusted connections. The use of an anonymizing network to connect to a public server provides a bridge between private wallets and the public network, and it does not require the P2P protocol (which was not designed for tx posting, wallet querying, anonymizing traffic, private connecting or identity).

[wbnns]

Hey all, thanks for the comments on this. Spoke with @crwatkins and am closing this for now as it seems there was a basically just a misunderstanding in regard to the validation score. If that assertion is incorrect, please let me know and we can reopen.