Hi Applications Team!
I would like to propose the following addendum to the SOCKS username
section of the Tor-Friendly Applications Best Practices:
"If your application needs to open a small number of connections (e.g.
10 long-lived connections) to a P2P network, and you want to prevent
Sybil attacks, you should seriously consider using a unique SOCKS5
username per connection (e.g. by including a new randomly generated
string in the username each time a connection is opened), which will
minimize the chance of a malicious exit relay interfering with your view
of the P2P network. For example, Bitcoin Core does this. On the other
hand, if your application intends to open a very large number of
connections, you should probably not do this, as it will put too much
load on the Tor network. For example, Bitcoin DNS seeders should not do
this while spidering P2P nodes."
I think this is probably uncontroversial advice within the Tor community
(I think the Tor devs are aware of Bitcoin Core's behavior and haven't
asked the Bitcoin Core team to change it), but it is not necessarily
obvious to application developers who may be unfamiliar with Tor, so I
think it's worth documenting. Please let me know if this text is okay
to add (or if there's anything that can be improved); I don't want to
step on toes by adding this without consulting anyone.
Cheers,
--
-Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile(a)airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy(a)veclabs.net is having technical issues at the
moment.
