One more thing i cannot understand...if using a remote node is unsafe, why cannot i choose an specific node (it gets chosen automatically and i don't know which one, i mean address). Some nodes are safest others, aren't they?
It's not that it is unsafe, merely a greater chance of security compromise than one you control. There is no 100% guarantee even on your own node. Only you can decide what degree of paranoia/safety is comfortable for you. My method is to use my own for any larger transactions/wallets, and a modest balance in a wallet I use with Monerujo/random remote nodes for smaller transactions. Compartmentalize like the
Titanic to be sure your ship doesn't sink
The principal problem with untrusted remote nodes is
privacy, not security compromise. There are some known attacks for monitoring, linking, or finding the real inputs of your transactions, which a remote node can do (or
attempt), even with
untrusted-daemon=1 in your configuration. It is for this reason that,
e.g., the Monero CLI wallet emits scary warnings and advice if an attempt to create a transaction fails with an
untrusted-daemon. Also, of course, you had damn well better have
untrusted-daemon=1 in your config of the daemon is untrusted! That mitigates
much, but not all of the problem, AFAIK.
(I have never tried the Monero GUI, or any other Monero wallets; so I cannot speak to how those may mitigate some known potential problems with untrusted remote nodes.) Obviously, if you connect to a single untrusted node and send more than one transaction (within the same session over Tor/in any way linkable without Tor/etc.), then that node will know that the same party sent those txids!
(I will omit further discussion here; this could get lengthy.) The best way for privacy is always to run your own node, especially since Dandelion++ was implemented to help obscure the originating node for transactions.
None of that has anything whatsoever to do with the amounts of transactions, or the amount that you keep in a wallet.You seem to be worried about a security compromise by a remote node which exploits some hypothetical 0day in your wallet. That is a general software security concern, which also applies to your own Monero full node daemon—or your own Bitcoin node, or your e-mail client, or,
worst of all, to the web browser that you are using to peruse this forum. It applies to
each and every bit of software running on any computer that ever connects to the Internet, directly or indirectly.
Yes, compartmentalize—among other things. But I have never heard of a remote node pwning a wallet.
(Was there ever some obscure CVE that I don’t know about? I am not, and do not claim to be a Monero expert as such.) The aforestated privacy concern is much more significant.
Compartmentalize like the
Titanic to be sure your ship doesn't sink
P.S., RMS
Titanic sank. ;-)
This security product is 100% endorsed by nullius!The Ultimately Secure DEEP PACKET INSPECTION AND APPLICATION SECURITY SYSTEM[...]
Installation Instructions- For best effect install the firewall between the CPU unit and the wall outlet. Place the jaws of the firewall across the power cord, and bear down firmly. Be sure to wear rubber gloves while installing the firewall or assign the task to a junior system manager. If the firewall is installed properly, all the lights on the CPU will turn dark and the fans will grow quiet. This indicates that the system has entered a secure state
- For Internet use install the firewall between the demarc of the T1 to the Internet. Place the jaws of the firewall across the T1 line lead, and bear down firmly. When your Internet service provider's network operations center calls to inform you that they have lost connectivity to your site, the firewall is correctly installed.
[...]
P.P.S., do you kids even recognize the terminology? This webpage is a few decades old. Still true!
