Indeed, I reiterate that using the Tor network for Bitcoin or whatever protocol not related to the Tor Browser (ie browsing and HS) does not make sense, for plenty of reasons

But using the Tor protocol outside of the Tor network (and inside browsers for wallets for example) does: https://github.com/Ayms/node-Tor#presentation and https://github.com/Ayms/node-Tor#phase-4-and-phase-5, anonymizing nodes can just be already existing bitcoin nodes, example: https://github.com/bitcoin/bitcoin/pull/18988#issuecomment-646564853


Le 11/12/2021 à 17:21, Pieter Wuille via bitcoin-dev a écrit :
It is that the solution to privacy is to use privacy-enhancing network
communications, such as TOR. I am not against a mechanism to rebroadcast
transactions more robustly if the mempool of adjoining nodes has
forgotten about them, but the truth is, all transactions originate from
some node, and there are methods that allow an individual node to be
identified as the likely source of a transaction unless privacy-enabled
networks are utilised. Having a different method to cause rebroadcast
does not obfuscate the origin.

You're talking about distinct aspects of transaction privacy.

The rebroadcasting approach as it exists on the network, where wallets are responsible for their own rebroadcasting, directly reveals to your peers a relation between nodes and transactions: whenever any node relays the same transaction twice, it almost certainly implies they are the origin.

This is just a node-transaction relation, and not necessarily IP-transaction relation. The latter can indeed be avoided by only connecting over Tor, or using other privacy networks, but just hiding the relation with IP addresses isn't sufficient (and has its own downsides; e.g. Tor-only connectivity is far more susceptible to partition/Eclipse/DoS attacks). For example seeing the same node (even without knowing its IP) rebroadcast two transaction lets an observe infer a relation between those transactions, and that too is a privacy leak.

I believe moving to a model where mempools/nodes themselves are responsible for rebroadcasting is a great solution to improving this specific problem, simply because if everyone rebroadcasts, the original author doing it too does not stand out anymore. It isn't "fixing privacy", it's fixing a specific leak, one of many, but this isn't a black and white property.

Cheers,

--
Pieter

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev