Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Setting nLockTime on all transactions allows offline clients to be fingerprinted #10020
An unsynchronized client sets nLockTime to its current height (or possibly slightly further back). There is a privacy implication which was not discussed in pull #2340. Since offline clients have a different chainActive.Height(), it is possible to link different wallets to individual clients. This additional metadata can tie everything back to the client's blockchain state even when different wallets are swapped in.
One possible fix would be to not set nLockTime on a transaction if the client has not recently connected to the network.
This was one of my gripes as well when nLockTime was started to be added by default. Note that there is some mitigation for this by randomizing the nLockTime in one of then cases:
// Secondly occasionally randomly pick a nLockTime even further back, so // that transactions that are delayed after signing for whatever reason, // e.g. high-latency mix networks and some CoinJoin implementations, have // better privacy. if (GetRandInt(10) == 0) txNew.nLockTime = std::max(0, (int)txNew.nLockTime - GetRandInt(100));
So up-to-date nodes will occasionally send older locktimes as well.
There might be additional privacy improvements possible, of course.
referenced this issue
Mar 20, 2017
I found a total of 33 old locktimes in the blockchain in 94 transactions, which indicate offline wallets which can potentially be fingerprinted using this technique.
One example is locktime 267128 which can be found in 7 transactions including these two:
My output is here: https://www.jamesevans.is/locktime.txt