Re: [Tails-dev] Electrum doc wrt. avoiding the negative effe…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Electrum doc wrt. avoiding the negative effects of DoS [was: Re: Article: Bitcoin over Tor isn't a good idea]
Minoru:
> sajolida,
>
> I agree with your changes so far. The reason for the specific
> explanation is that Electrum over Tor is extremely vulnerable to
> attack. If you read the article http://arxiv.org/pdf/1410.6079v2.pdf
> it only takes 2500 USD and publicly available information to have
> complete control over which Bitcoin blocks and transactions users are
> aware of. Would you still be interested in the additional documentation
> that I proposed? I wanted to add three subsections to the Electrum
> documentation focused on Tor DoS on SPV:
> 1. Explain block confirmations (temporary fix for Electrum displaying
> money that you actually do not have)
> 2. Explain watching-only wallets (temporary fix for Electrum not
> displaying money that you actually do have)
> 3. Explain a possible long term solution to this problem by using
> trusted Electrum servers accessed by a Tor hidden service (I might
> remove this point because I'm not sure if it is currently possible
> execute this solution since not many .onion Electrum servers exist and
> it is difficult to trust centralized services)
> I understand that you want to keep the documentation short and easy to
> understand, but Electrum over Tor using SPV has a serious vulnerability
> that needs a little more documentation to help users avoid the negative
> effects of DoS.


Thanks for following up on this. I'm still trying to understand the
issue as I'm far from being a bitcoin expert. This whole issue is still
quite fresh and I want to be sure that we first understand it correctly,
and then put our energy in the best place to fix it.

I'm worried about providing too much scary information that our users
cannot act upon. Because giving people gory details about how they could
be attacked might not be the best thing to do if they cannot do anything
to protect themselves from such an attack. And if we believe Electrum in
Tails is not good enough then we should remove it, but I think we're not
there yet.

I read the thread on tor-talk about that:
https://lists.torproject.org/pipermail/tor-talk/2014-October/thread.html#35329

And if I understand correctly, if this attack was to be conducted it
would affect *all* bitcoin users over Tor. It is not a targeted attack
at only some individuals, right?

I also understood that a workaround would be to rely on a list of
decentralized hidden services to mitigate the DoS power that exit nodes
could have.

So to be more useful to our users, what could you do, as a user of Tails
1.3, to protect yourself against such an attack? For example, is it
possible to configure more hidden services for Electrum to use? If so,
could we provide this as a fix in 1.3.1 for everybody? Could it be fixed
upstream by the Electrum people?