QUESTION: relevance of the published `bitcoind` version string? Can it be removed? #22933

issue xanoni opened this issue on September 9, 2021
  1. xanoni commented at 6:01 PM on September 9, 2021: none

    I noticed that many node operators customize the version strings of their bitoind, usually by adding their nicknames after the CLIENT_VERSION_BUILD. This typically looks something like 70016/Satoshi:22.99.0(myalias)/ or 70016/Satoshi:22.99.0/myalias/.

    Given there are also other ways to personalize a node (e.g., by generating a vanity Tor / I2P address), I'm wondering if changing the version string is safe to do?

    1. Is adding an alias compliant with the specs?
    2. Does bitcoind check the version strings of its peers to decide whom to communicate with? If yes, which parts specifically are checked?
    3. If not, is it safe to remove the version string completely for privacy/security reasons? I see one node that just displays the protocol (70016), for example, and another one shows nothing at all.

    (This is not a feature request, but I didn't know an easier place to find people who know the Bitcoin Core codebase ...)

  2. xanoni added the label Feature on Sep 9, 2021
  3. ghost commented at 7:32 PM on September 9, 2021: none

    Is adding an alias compliant with the specs?

    It's implemented according to BIP 14. There is a config option to add comments in User Agent string: uacomment

    According to this comment, fancy characters are removed from it: #15048 (comment)

    Practicalswift had opened an issue to simplify UA string in which different parts of this string are shared: #21492 (comment)

    I agree with Marcofalke's comment here: #21492 (comment)

    Given there are also other ways to personalize a node (e.g., by generating a vanity Tor / I2P address), I'm wondering if changing the version string is safe to do?

    Such things affect privacy. For example if 3 people in this GitHub issue share their custom UA strings or vanity onion/i2p address:

    1. Your privacy: everyone knows which node are you using and can spy on you. In some cases even link your different addresses if listening on multiple networks: https://www.erisian.com.au/bitcoin-core-dev/log-2021-09-01.html
    2. Others privacy: if I have 8 outbound connections, 2 are using UA strings shared in this issue, I can focus on other 6 for collecting information if I am not interested in spying on you. If UA strings were same or nothing extra added, I would have to assume all 8 are unknown users, collect, analyze more information.

    Not sure about question 2 and 3. My guess is your node can connect to any version. Removing UA string completely might still affect few things.

  4. ghost commented at 8:06 PM on September 9, 2021: none

    If looking in shodan, most of the nodes are using 0.21.0 and 0.21.1. So best practice would be to use the same version node and don't use anything in -uacomment.

    image

  5. xanoni commented at 9:10 PM on September 9, 2021: none

    #21492 (comment)

    So based on this, the only reason why it's not dropped is "analytics"? I see the value of that, sure.

    So far I have found no indication that deleting the version string or setting it to something absurd (like 13.33.7) causes any trouble.

  6. xanoni closed this on Sep 10, 2021
  7. fanquake removed the label Feature on Sep 23, 2021
  8. fanquake locked this on Sep 23, 2021
Contributors
xanonighost
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-15 00:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me