-
Notifications
You must be signed in to change notification settings - Fork 757
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote nodes #605
Remote nodes #605
Conversation
I am strongly against the idea of adding a dropdown list of remote nodes to the GUI. Here's my thoughts as posted recently on Reddit (source):
|
I could see the complaint for this. Perhaps there's something to be said here for the possibility of moving to SRV records? I know that I would happily register my nodes in a central database that could maintain a status check on all of the nodes involved. It would be a small set of changes to move such support into something like: https://github.com/monero-project/xmr-seeder (Which I already redid to CF support), and using SRV records, we could use non-standard ports that would be registered at the DNS servers. Then an automation tool could manage these records, keeping an eye on the state (Height anyone...) of the nodes and knock them in and out automatically. This would allow the DNS records to be controlled centrally by the Monero project, and would allow control without excessive centralization, then allow a manual punch-in override box. Yes, it's still centralization, but it's no better/worse than the current DNS seeding system in my eyes. |
As mentioned in #602 I think we should wait with integrating non-manual node support until we have a discussion with the wider dev community, perhaps include this as an item during the Sunday dev meeting. If people like it, the concept of scanning the p2p network for open remote nodes (or whatever mechanism we decide on) could be integrated at the protocol/CLI level, and the wallet could simply add pure GUI functionality (which, I think is all we've been doing anyways). |
Snipa22 wrote:
What are the specific privacy implications to using a remote node? EDITED: [Suggesting a node to connect to is less severe than suggesting a node to leak all the outputs you are interested in to.] |
I'm against this as I don't think we should be encouraging remote nodes at all - they place an incredible burden on the network by chewing up the same amount of downstream bandwidth as a full node, but with no upstream assistance to the network, and with no validation. People are better served either running a full node, or waiting for the light wallet / remote viewkey scanning stuff that we're building out. If people want to manually connect to a full node, that's fine, but we shouldn't make it easy:) |
@danrmiller see here. You no longer leak the outputs you are interested in, but you connect your IP address with your outgoing transactions, and you leak some other metadata. |
@fluffypony Don't really understand what you are saying here. There's no difference between a remote node and and a local node in p2p bandwidth usage. If you are referring to the wallet bandwidth usage it's ~98% less than a node after the recent wallet optimization work iirc. Please correct me if i'm wrong @moneromooo-monero and @luigi1111. I do however fully understand the points raised by @xmr-eric about centralization. The point of this PR is to improve the user experience by speeding up the time between download and first usage from several hours to seconds. As soon as the local node is synced the wallet automatically switch to the local node. |
@Jaqueeee a wallet needs all the block headers, and then it needs a copy of every new tx output as blocks come in. That's ~the same bandwidth as a full node, from an inbound perspective, just that it doesn't have to relay blocks are txs so it doesn't use upstream bandwidth. |
Monero's principle is Security by Default. So the GUI should not encourage users to use untrusted (random) remote nodes. |
This is ultimately a debate over optimizing for usability or privacy.
There is not a lack of a security by using untrusted remote nodes, but a
lack of privacy (and only some loss of privacy). Additionally, it wouldn't
need to be the default option, only an option.
Personally I believe the slight hit to privacy to be okay in this instance,
as *most* users will opt to use a remote node anyway, whether its through a
light-wallet or this. This just makes it easier for them to do it.
Riccardo's point about the node getting some extra usage is a good one, so
perhaps we don't want to encourage usage of remote nodes at such a level
that those nodes begin to suffer.
…On Sat, Mar 25, 2017 at 2:31 PM, maitscha ***@***.***> wrote:
Monero's principle is Security by Default. So the GUI should not encourage
users to use untrusted (random) remote nodes.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#605 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHf02exPO_QtFvSFfPMGPAsFyTTyCcX0ks5rpWt6gaJpZM4MouoZ>
.
|
Ok it's added to the meeting agenda for tomorrow's dev meeting, so we can discuss it then. |
What about having a normal mode where everything is taken care of for you (automatically connecting to a load-balanced pool of remotes nodes) and an advanced mode (where more options granularity is available ?) |
@dternyak after recent wallet optimizations the bandwidth used by each wallet is not a big issue. However, the trust issue seems to be the biggest concern. I'll remove the dropdown by request from @fluffypony. People who want to use remote nodes will need search for them. |
Dropdown replaced with an empty input field.
Please test @xmr-eric and @medusadigital Question is if this PR adds any value to the user when they have to input the daemon address manually? I think it does because it adds a page in wizard where new users gets information about daemon/node setup. It also makes it easier to follow the status of the local node sync when connected to a remote node. |
@fluffypony I don't understand how headers+outputs would be similar bandwidth to a full node. That would not include signatures nor range proofs, which make up most of the current bandwidth usage. Eventually I think lightweight wallets (by which I mean lightweight in terms of bandwidth) are very possible with ~90% less bandwidth usage than full nodes (not even factoring in upstream). They can use the p2p and check PoW just like Bitcoin light wallets do. (This might require some protocol changes, but it is do-able). There was a previous objection to this concept raised elsewhere in terms of a wallet with private keys in process memory making untrusted p2p connections, but that could be addressed with a separate "light deamon". Whether that is desirable in terms of privacy and security is a different matter. |
Closing for now. Could bring up the discussion again after next beta. |
See discussion in #572 and #602
Not ready to be merged yet.
Ping @Gingeropolous, Snipa (github user?)