Thanks for spelling this out!! The fear of being hacked has stopped me forging now. I asked a question along these lines a couple of days ago on a related theme but haven't had a response yet (I know everyone on the dev side is super busy now) - My question is, is it possible to detect the location and status of unlocked accounts on other nodes? If it is, then forging with a large account is too risky IMO.
https://bitcointalksearch.org/topic/m.4182386On the other hand, security is sometimes about striking the right balance between benefit and risk. You do right to educate yourself on the security concerns, and adopt those security practices that you see fit, making your own judgements on things like: whether to forge, where to forge, with which funds to forge, how many accounts to spread your total funds over, how to create and store passphrases, etc.
I don't see anything in the protocol that can point a forged block back to the IP address of the host that forged it. The processBlock message originally came from the node that forged it, but it is exactly the same as the copies of the message that are subsequently passed around the network (my assumption - TBC). So although a node that receives such a message knows the IP address of the host that sent it, it wouldn't know if it got it from the forger or secondhand/thirdhand/etc. I imagine it's feasible that some timing analysis could be done on when messages are received from different nodes, and this could help build up a picture of where the forging nodes are (especially those with higher balances, as they would forge more frequently). This picture is unlikely to be a very accurate one.
In your position, I would probably forge with a portion of my total funds, and do so on a private node that only connects to the main network through another node that I control. I don't believe such a setup should be required, and hopefully the designers find a good method to safely allow forging.
Hallmarking a node with your funds should be perfectly safe, and it's probably in your best interests to put your hallmarks on some well-managed public servers. Once the feature CFB recently described is introduced (vote to destroy funds of accounts that hallmark a node and then abuse that hallmark), that might change. Note that creating a hallmark requires you to enter your passphrase, and so should be done on a trusted node only.
You mentioned you recently moved your funds to an account with a stronger passphrase. @c-f-b: if I believed my passphrase was weak and wanted to move to a stronger one, I could easily move my funds, but how do I move my aliases?
