Author

Topic: Trojan - SegWit2x (Read 769 times)

brand new
Activity: 0
Merit: 0
October 15, 2017, 06:00:30 PM
#16
I think this is a very interesting fact pattern to come out of the repo. Comments talk about the possibility of double-staking and possible double instances. As for me,  I think I'm going cold storage during this one. Too much uncertainty with those SegWit nutjobs and the possibility of a 51% this time around is greater than with BCH.
newbie
Activity: 14
Merit: 0
October 15, 2017, 05:57:16 PM
#15
The Segwit2x development team added to the project’s Github repository an implementation allowing BTC1 nodes to be masked, making it more difficult for Core 0.15 nodes to identify them. It is said that, and I quote "this officially makes Segwit2x a Trojan horse as it allows anyone to run 2x nodes in disguise.".

Can anyone explain? Is it a vulnerability of BTC ?

From my understanding of the situation, it is not necessarily a malicious thing, but has the potential to become one.

The change in the code is apparently done so that they can initiate the fork and not be stopped from the initiation process by being disconnected from the network in the process.

However, they will suffer consequences from this implementation, since they will then have a harder time connecting between themselves on the B2X network (the B2X nodes will have a harder time finding each other).

Where there may be consequences for legacy bitcoin is that the coins on the 2 networks may become "stuck" together, with risks of replay attacks, etc.

It is certainly not a best-practices approach and everyone should be careful around the fork with spending their coins (better hold off until the water settles).
sr. member
Activity: 490
Merit: 389
Do not trust the government
October 15, 2017, 05:32:28 PM
#14
It's all fun and games until someone losses their money due deliberately confusing tactics like the ones being employed by segwit2x camp.

Nodes being masked with other software, and B2X tag being masked as BTC tag in certain exchanges, plus both coins sharing the same address format, will not end well.

We already saw people mistakenly sending money to BCH addresses which look the same. This is the same but on steroids.

As an advanced users, im not panicking, my BTC safe, but im pissed off at the fact that most likely the price will crash, and it will be a temporal clusterfuck again of unknown dimensions.

Yeah, the same address format problem is like a joke here compared to no replay protection. May the Gods be with us.
hero member
Activity: 770
Merit: 509
October 15, 2017, 10:48:54 AM
#13
I see a lot of hostile comments on that commit, that I do not support. Especially when people get law involved into this.
It is their right to do this and is in no way a trojan or any kind of vulnerability. They are just doing what they think is best for their network and Bitcoin network will easily overcome any small interruptions caused by this. We should all chill out a little bit.
However, this is not a smart move on their part and it will hurt their network, but whatever, it is their choice.

It worries me when I see people getting so easily scared about Bitcoin. You are safe, it would be easier to stop Internet then Bitcoin.
It worries me because fear is exactly what people use to get more power then they should have, this is what all the regimes do.
Not that this is a treat right now, but it very well could be in the future. Be confident, don't panic so easily.

It's all fun and games until someone losses their money due deliberately confusing tactics like the ones being employed by segwit2x camp.

Nodes being masked with other software, and B2X tag being masked as BTC tag in certain exchanges, plus both coins sharing the same address format, will not end well.

We already saw people mistakenly sending money to BCH addresses which look the same. This is the same but on steroids.

As an advanced users, im not panicking, my BTC safe, but im pissed off at the fact that most likely the price will crash, and it will be a temporal clusterfuck again of unknown dimensions.
newbie
Activity: 48
Merit: 0
October 15, 2017, 10:31:00 AM
#12
Hmm, that looks like a dangerous thing to our BTC environment. Looking forward to hearing some replies from experienced users
sr. member
Activity: 490
Merit: 389
Do not trust the government
October 14, 2017, 08:49:39 AM
#11
They fear that they will be disconnected from the network before their fork happens and don't want that to happen.
And could you tell me/us why would they get disconnected?
To be honest I don't quite get it, what is to gain here with this practice? (lets assume its not privacy)

@gmaxwell you seem like a competent person, could you explain with simple language and easy allegory, what is all this fuss about?

They would get disconnected because most nodes are Bitcoin Core nodes and as far as I know Bitcoin Core nodes will disconnect from the S2X nodes.
They just don't want to their client to have very few connections (some might possibly have trouble connecting at all), so for the purpose of their client running just as well as Bitcoin Core until the fork, they did this so that Core nodes won't discriminate against them. However, this would pose bigger problems during the fork as these clients will get disconnected from Core nodes anyway as they follow a different blockchain and basically a different network. S2X devs might not care so much for that as they maybe just hope that they will convince Core users to switch by then or it might be financial reasons as the slower client with fewer connections might discourage S2X supporters to keep supporting them.
hero member
Activity: 1638
Merit: 756
Bobby Fischer was right
October 14, 2017, 07:44:23 AM
#10
They fear that they will be disconnected from the network before their fork happens and don't want that to happen.
And could you tell me/us why would they get disconnected?
To be honest I don't quite get it, what is to gain here with this practice? (lets assume its not privacy)

@gmaxwell you seem like a competent person, could you explain with simple language and easy allegory, what is all this fuss about?
full member
Activity: 168
Merit: 100
Patience and wisdom is a key
October 14, 2017, 07:25:27 AM
#9
Hm, I'm just wondering, the price of Segwit2X on Bitfinex are down because of this, or for the other reasons?
sr. member
Activity: 490
Merit: 389
Do not trust the government
October 14, 2017, 06:39:46 AM
#8
I see a lot of hostile comments on that commit, that I do not support. Especially when people get law involved into this.
It is their right to do this and is in no way a trojan or any kind of vulnerability. They are just doing what they think is best for their network and Bitcoin network will easily overcome any small interruptions caused by this. We should all chill out a little bit.
However, this is not a smart move on their part and it will hurt their network, but whatever, it is their choice.

It worries me when I see people getting so easily scared about Bitcoin. You are safe, it would be easier to stop Internet then Bitcoin.
It worries me because fear is exactly what people use to get more power then they should have, this is what all the regimes do.
Not that this is a treat right now, but it very well could be in the future. Be confident, don't panic so easily.
staff
Activity: 4284
Merit: 8808
October 13, 2017, 05:13:36 PM
#7
Did you see the last post/response? Seems like a legit answer:
Quote
jgarzik replied 9 days ago • edited
This is a privacy feature. See discussion at PR #109 for more.

This feature defaults to advertise (privacy=off).

Users may optionally disable advertising (privacy=on).

There is historical precedent with Internet browsers: https://stackoverflow.com/questions/7975996/why-does-internet-explorer-9-report-mozilla-in-useragent

Users also rightly requested privacy features like this due to past attacks:

I wonder why Jeff Garzik would tell such a transparent lie.  It only seems like a legit answer if you don't know how things work. Although he has locked the discussion there so no one else can point this out, nothing stops us from discussing it over here.

All his nodes continue to send subver: "Satoshi:1.15.0"  to everything that connects to them, trivially identifying them.  A a result his change has no privacy gain what-so-ever and serves exclusively to undermine the anti-partitioning logic in the Bitcoin node software; leaving users open to unwanted connections that reduce their safety and reliability. This fact couldn't have been missed, especially since the explicitly cited "Bitcoin Classic" identified itself exclusively via subver.

[FWIW, because I'm calling Jeff out on a serious breach of ethics here I think it's important that he have an opportunity to respond, so I am also emailing him a link to this discussion. Edit: Done]
full member
Activity: 490
Merit: 101
October 13, 2017, 04:11:41 PM
#6
This is the commit:
https://github.com/btc1/bitcoin/commit/28ebbdb1f4ab632a1500b2c412a157839608fed0

If segx2 team did that, then other altcoins can also do it ?

Did you see the last post/response? Seems like a legit answer:


Quote
jgarzik replied 9 days ago • edited
This is a privacy feature. See discussion at PR #109 for more.

This feature defaults to advertise (privacy=off).

Users may optionally disable advertising (privacy=on).

There is historical precedent with Internet browsers: https://stackoverflow.com/questions/7975996/why-does-internet-explorer-9-report-mozilla-in-useragent

Users also rightly requested privacy features like this due to past attacks:

Bitcoin XT https://news.ycombinator.com/item?id=10140981
Bitcoin Classic https://news.bitcoin.com/bitcoin-classic-targeted-by-ddos-attacks/
Bitcoin Core violated the Robustness Principle as described in RFC 1122 and elsewhere. https://tools.ietf.org/html/rfc1122
staff
Activity: 3458
Merit: 6793
Just writing some code
October 13, 2017, 04:10:31 PM
#5
Can anyone explain? Is it a vulnerability of BTC ?
This is not a vulnerability. This is simply btc1 nodes (which will fork off in a few weeks) pretending to not be btc1 nodes because they do not want Bitcoin Core 0.15.0+ nodes to disconnect from them. They fear that they will be disconnected from the network before their fork happens and don't want that to happen.

However not everyone is running Bitcoin Core 0.15.0+ so they will still be able to connect to the network via peers running older versions of Bitcoin Core. Furthermore, this behavior is bad for both networks; following the fork, they are far more likely to find themselves isolated from their network. They will be rejected blocks from their Bitcoin Core nodes because of the fork, but won't have any connections to other btc1 nodes so they can follow the segwit2x chain.

If segx2 team did that, then other altcoins can also do it ?
Only altcoins that will fork from Bitcoin in the future. Other altcoins are consensus incompatible with Bitcoin, so they could connect to Bitcoin nodes, but they will experience the same problem that btc1 nodes will face after their fork: they have no connections to nodes that are following their consensus rules.
jr. member
Activity: 57
Merit: 1
October 13, 2017, 04:05:50 PM
#4
This is the commit:
https://github.com/btc1/bitcoin/commit/28ebbdb1f4ab632a1500b2c412a157839608fed0

If segx2 team did that, then other altcoins can also do it ?
full member
Activity: 490
Merit: 101
October 13, 2017, 04:03:47 PM
#3
It's pretty short sighted if they have, as it will just undermine the credibility of both branches.
hero member
Activity: 544
Merit: 507
October 13, 2017, 04:02:19 PM
#2
It does look like a dirty move from the SegWit2X development team.

Could you point out the code that enable this masking you talk about?

I don't know enough to confirm 100% that would not be a treat for Bitcoin or a vulnerability.

I hope someone can answer your (and now my) question.
jr. member
Activity: 57
Merit: 1
October 13, 2017, 03:44:21 PM
#1
The Segwit2x development team added to the project’s Github repository an implementation allowing BTC1 nodes to be masked, making it more difficult for Core 0.15 nodes to identify them. It is said that, and I quote "this officially makes Segwit2x a Trojan horse as it allows anyone to run 2x nodes in disguise.".

Can anyone explain? Is it a vulnerability of BTC ?
Jump to: