Hi Tom > Do you know the trick of having an open wifi basestation in a public street > and how that can lead to tracking? Especially if you have a network of them. > The trick is this; you set up an open wifi base station with a hidden ssid > and phones try to connect to it by saying “Are you ssid=xyz?” > This leads the basestation to know that the phone has known credentials with > another wifi that has a specific ssid. (the trick is slightly more elaborate, > but the basics are relevant here). > > Your BIP is vulnarable to the same issue, as a node wants to connect using > the AUTHCHALLENGE which has as an argument the hash of the person I’m trying > to connect with. This thread is not about BIP150/151. The hash includes the encryption session which makes it impossible to distinct identities. > > Your BIP says "Fingerprinting the requesting peer is not possible”. > Unfortunately, this is wrong. Yes the peer is trivial to fingerprint. Your > hash never changes and as you connect to a node anyone listening can see you > sending the same hash on every connect to that peer, whereever you are or > connect from. Not true. The hash includes the encryption session which is based on a ephemeral ECDH/HKDF per connection-session. Have you read the BIP?