doc: document fingerprinting risk when operating node on multiple networks #33750

pull da1sychain wants to merge 2 commits into bitcoin:master from da1sychain:fingerprinting-docs changing 2 files +15 −0
  1. da1sychain commented at 9:55 pm on October 30, 2025: none

    Operating a Bitcoin node across multiple networks poses some fingerprinting risk. [0] Currently, this is not clear from the documentation and may be causing direct harm to users who are unaware of this.

    The included documentation change indicates this risk factor but also notes that operating a node across multiple networks does provide an important benefit (increases the cost of eclipse and partitioning attacks) and is thus not discouraged outright.

    The i2p documentation did not include a privacy recommendations section, so that is added as well.

    [0] https://delvingbitcoin.org/t/fingerprinting-nodes-via-addr-requests/1786

  2. DrahtBot added the label Docs on Oct 30, 2025
  3. DrahtBot commented at 9:55 pm on October 30, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33750.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK mzumsande

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  4. Add eclipse, partitioning, and fingerprinting note in tor.md 
    Minor spelling correction in privacy recommendations section
    19a6a3e75e
  5. da1sychain force-pushed on Oct 30, 2025
  6. Add eclipse, partitioning, and fingerprinting note to i2p.md 
    Also introduced a Privacy Recommendations section to docs.
    9dc9c54834
  7. da1sychain force-pushed on Oct 30, 2025
  8. jonatack commented at 10:27 pm on October 30, 2025: member
    See #33498.
  9. in doc/tor.md:242 in 19a6a3e75e outdated 
    237@@ -238,3 +238,9 @@ for normal IPv4/IPv6 communication, use:
238   Otherwise it is trivial to link them, which may reduce privacy. Onion
239   services created automatically (as in section 2) always have only one port
240   open.
241+- Operating a node that listens on multiple networks (e.g. IPv4 and Tor) can increase
242+  the cost and complexity of eclipse and partition attacks. However, under certain
    mzumsande commented at 1:50 pm on October 31, 2025:
    maybe add something like “… and therefore helps strengthen the network” to stress that it’s also common to be a bridge node for altruistic reasons, even if the node operator isn’t particularly concerned about attacks on their own node.
  10. mzumsande commented at 2:11 pm on October 31, 2025: contributor

    Concept ACK

    I think that fingerprinting attacks are easy enough (and some, such as #33498, are hard to fix) that this warning is justified. Fingerprinting methods have never been researched systematically as far as I know, so I’m sure there are various unknown ones besides the ones publicly and privately known. Newly found fingerprinting methods aren’t classified as CVEs but reported and fixed openly. So this is just a reflection of the status quo.

    If we manage to make progress and, in a few years, are confident that fingerprinting is really hard / impossible, that would be great and we could remove this again, but I don’t think we are even remotely close to that state yet.


da1sychain DrahtBot jonatack mzumsande

Labels
Docs

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-10-31 18:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me