Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Add K-Anonymity to Block and Tx Requests #284

Open
ACK-J opened this issue Mar 8, 2023 · 5 comments
Open

Feature Request: Add K-Anonymity to Block and Tx Requests #284

ACK-J opened this issue Mar 8, 2023 · 5 comments

Comments

@ACK-J
Copy link

ACK-J commented Mar 8, 2023
edited
Loading

The current block explorer implementation has privacy flaws as sensitive information can be learned from a user's requests. This includes IP addresses which can be linked to transaction ID's when an average user browses a block explorer and doesn't take proactive precautions to mask their IP or browser fingerprint. Even using TOR may not be enough OPSEC in certain cases, as explained in breaking monero. This is a fundamental flaw and is difficult to solve. I know of one developer who advertised a trust-less block explorer but after reviewing the code, that does not appear to be the case.

I don't think it should be necessary for users to run their own node and explorer just to avoid compromising their privacy. Privacy by default is a core principle of Monero and I think this enhancement would emphasize that.

K-anonymity is a privacy property of anonymized data and has been used by sites such as Have I Been Pwned to process sensitive passwords without having to trust the server.

I propose we add the capability to return multiple subsequent blocks and search the first-N characters of a tx_hash.

This would look something like this:

Block

User browses to a block explorer -> The user enter 2737640 into the search box -> the browser picks a random index from 0 - 999 -> the browser sends a request to /api/block/2737040/2738040 -> the 1,000 blocks are returned to the user's browser -> the browser searches the results for block 2737640 and disregards all other data -> Data for block 2737640 is shown

Tx Hash

User browses to a block explorer -> The user enters a tx hash into the search box -> the browser sends a request to /api/transaction/8dba0 (first 5 characters of a tx_hash) -> Server responds with all transaction hashes that have the same first five characters -> the browser searches for the transaction hash within the results and disregards all other data -> data for the requested transaction hash is shown

I believe the code modifications should be minimal. The only issue I foresee is figuring how to use a RNG without JavaScript and the obvious bandwidth overhead.
@moneroexamples
Copy link
Owner

Thanks. I will have a look. But if you already know how to do it, a PR into a devel branch would be welcomed.

@ACK-J
Copy link
Author

ACK-J commented Mar 9, 2023

Thanks! I’ve never developed in C++ but I’ve forked the codebase and will try to see what I can get working

@ACK-J
Copy link
Author

ACK-J commented Mar 9, 2023

Note to self, k-anonymity can also be applied when searching for a block hash using the same method described above for a tx hash.

@ACK-J
Copy link
Author

ACK-J commented Mar 17, 2023

#285

@ACK-J
Copy link
Author

ACK-J commented Mar 20, 2023
edited
Loading

I synced the stagenet blockchain and confirmed that k-anonymity for blocks work. Hashes will be a bit more tricky...

image

@ACK-J ACK-J mentioned this issue Mar 20, 2023
Merged
@ACK-J ACK-J mentioned this issue Jul 19, 2023
Merged
@ACK-J ACK-J mentioned this issue Jul 29, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moneroexamples @ACK-J