Which Masternode model should we implement?

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
I support option 1 because hiding the IP without onion-routing is more or less impossible.

The only feature from option 2 I would LOVE to see implemented is multiple Masternodes per IP. Hey, the peers can broadcast their IPs, why not their ports?
 

GermanRed+

Active Member
Aug 28, 2014
299
109
113
I think that's a dangerous path to go down since those mixing right now are so sporadic and with some parts of the day experiencing more activity than others instead of consistency across the board. With such a large masternode population, I think it's safe to say many would be screwed with the window being very narrow for those with more transactions processed.

Further, there isn't anything from stopping you from running a masternode on your home computer if you want. Whether or not you have a stable enough connection and bandwidth (a non-issue for me) is to be seen.
I agree with what you pointed out. What I am worrying is whether the VPS providers can be the weakest link if someone wants to control a lot of MNs (without buying any DRKs to set them up).
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
I support option 1 because hiding the IP without onion-routing is more or less impossible.

The only feature from option 2 I would LOVE to see implemented is multiple Masternodes per IP. Hey, the peers can broadcast their IPs, why not their ports?
That's already possible... open port 9999 on your IP and then multiple datadir and config files with new RPC ports.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Masternode blinding is happening regardless of what happens with IPs.
Yes I know. Evan said it can be implemented in either model.
What I was saying is I believe anonymity for Masternodes' IPs will be done in the future (or hope so!), as Evan tends to work on improving one or two things at a time.
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Yes I know. Evan said it can be implemented in either model.
What I was saying is I believe anonymity for Masternodes' IPs will be done in the future (or hope so!), as Evan tends to work on improving one or two things at a time.
It all comes back to whether or not it's illegal to run a masternode and for nearly all countries, it isn't. Further, unless you are setting your masternode up on a VPS that takes DRK, your anonymity is already compromised. Further, the majority of existing masternodes won't change out their IP addresses so at least half the network would remain "exposed" anyway.

This is on top of the fact that any sort of onion-based routing will increase latency.
 
  • Like
Reactions: Raico

GermanRed+

Active Member
Aug 28, 2014
299
109
113
I forgot to say that I vote for #1. If option #2 is the ultimate end product, it will be nice to see that MNs are getting paid according to the number of darksend transactions being served instead.
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
-Will support outbound only masternodes. I.e: How do you attack a node you can't connect to?
UDP doesn't use connections. The UDP packet will still be received even with all closed ports. Unless a reverse proxy is used(which can be ddosed) then the masternode will be able to be ddosed. Knowing that most masternodes are hosted on ~5$/month hostings which provide very limited amount of bandwidth and no DDOS protection then anyone with a medium sized botnet(~10k) can easily takedown all 1-2k masternodes. Which completely kills the Darkcoin masternode network.

therefore a anonymity solution such as TOR/I2P is impossible.
Why is this the case? When I2P finds its peers and connects to your wanted hidden service then traffic is exchanged almost instantly. More nodes in the I2P network = faster network.

Test it out with I2P BitTorrent client. You will quickly connect to peers and download at ~100 KB/s. 100 KB/s is the speed you can achieve with current I2P nodes as there aren't that many. Imagine what would happen to the I2P network if 2000 fast-nodes would go under it and start routing traffic? Not only it would improve anonymity but also decrease latency and improve speed.

Tor should be used if UDP support for masternodes is not required because Tor does not support UDP while I2P does. I think masternodes should go under Tor or I2P for anonymity and ddos protection reasons.

I might not know anything about cryptocurrency but when it comes to networking, malware and botnets I can fairly say that I am quite the expert. My hobby ;)
 

GermanRed+

Active Member
Aug 28, 2014
299
109
113
It all comes back to whether or not it's illegal to run a masternode and for nearly all countries, it isn't. Further, unless you are setting your masternode up on a VPS that takes DRK, your anonymity is already compromised. Further, the majority of existing masternodes won't change out their IP addresses so at least half the network would remain "exposed" anyway.

This is on top of the fact that any sort of onion-based routing will increase latency.
It isn't illegal today but it may be illegal in the future. We never know what the banksters will ask our politicians do about something they hate. So, I somehow think MN anonymity is something wanted if technically possible.
 
  • Like
Reactions: strix

darkstrike420

Active Member
Jul 1, 2014
178
136
103
Further, unless you are setting your masternode up on a VPS that takes DRK, your anonymity is already compromised.
When running under a hidden service, there is no way to prove that the IP address in fact is running a masternode.
 
  • Like
Reactions: strix

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
When running under a hidden service, there is no way to prove that the IP address in fact is running a masternode.
Other than the fact that the IP address will show up on the masternode list further proving it is, in fact, running a masternode.
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
Other than the fact that the IP address will show up on the masternode list further proving it is, in fact, running a masternode.
If its running under I2P hidden service then it will show up "random_Shit_here_very_long.b32.i2p" or in Tor case "random_shit_here.onion". Cannot be resolved to IP Address but can be connected to through i2p/tor.
 
  • Like
Reactions: strix

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
If its running under I2P hidden service then it will show up "random_Shit_here_very_long.b32.i2p" or in Tor case "random_shit_here.onion". Cannot be resolved to IP Address but can be connected to through i2p/tor.
Do you have a masternode address so I can see how it appears in the masternode list running a node through tor?
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
It isn't illegal today but it may be illegal in the future. We never know what the banksters will ask our politicians do about something they hate. So, I somehow think MN anonymity is something wanted if technically possible.
Absolutely, but if that's the case, certainly there will be larger ramifications for crypto in general (any full node out there).
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
Do you have a masternode address so I can see how it appears in the masternode list running a node through tor?
Currently, Masternode network does not support nor I2P nor Tor. We are not talking about using Tor or I2P out-proxy but rather using hidden services(like the narcotic shops).

If this was implemented, all masternodes would be required to install Tor or I2P and setup a hidden service(which is easy af).
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Currently, Masternode network does not support nor I2P nor Tor. We are not talking about using Tor or I2P out-proxy but rather using hidden services(like the narcotic shops).
Again, I stated if we're going the onion routing method, then there will be increased latency which may or may not work for the masternode network to secure IX tx's and DS.
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
Again, I stated if we're going the onion routing method, then there will be increased latency which may or may not work for the masternode network to secure IX tx's and DS.
Increasing latency? [sarcasm]Bro 50ms is a fucking HUGE DEAL.[/sarcasm]

Masternodes are connected 24/7 together(if its not, then they should be if using hidden services). Only the initial connection would take ~1-2 sec. When they're connected together then data will be exchanged almost instantly.

You really shouldn't talk about topics you don't understand.

Networking really is my strong side.

Edit: Also running masternodes through an anonymizing network will do nothing for DS or IX. It will only strengthen masternode anonymity and ddos protection.

If Darkcoin was made illegal and Darkcoin masternodes illegal too then running through an anonymizing network would solve arrests and raids.

I think Darkcoin itself should fully be ran under an anonymizing network because Darkcoin WILL BECOME ILLEGAL!
 
Last edited by a moderator:

GermanRed+

Active Member
Aug 28, 2014
299
109
113
I feel that the original idea of forcing one IP per MN is to increase the cost of running a MN. With cheap VPS, that cost is really cheap. If we pay MNs according to the number of darksend transactions served, it also rewards MN operators who invest more resources (e.g. bandwidth, skills, etc.) in running his/her MNs.

EDIT: The 1000 DRKs requirement is an investment, not the cost of running a MN. You still own 1000 DRKs even if you don't run a MN after buying them.
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
I feel that the original idea of forcing one IP per MN is to increase the cost of owning a MN. With cheap VPS, that cost is really cheap. If we pay MNs according to the number of darksend transactions served, it also rewards MN operators who invest more resources (e.g. bandwidth, skills, etc.) in running his/her MNs.

EDIT: The 1000 DRKs requirement is an investment, not the cost. You still own 1000 DRKs even if you don't run a MN after buying them.
This sounds really good on paper. But scraping all masternode IP takes 1 second. It takes just as long to paste them in your botnet C&C. Starting ddos also takes 1 sec. Draining all masternode bandwidth(if not unlimited) would take a couple hours with medium size botnet. On compromised servers which with amplification get you at 400 Gbit/s(if you have 40x1Gbit/s servers and this is only with DNS amplification which gives you the smallest form of amplification at only 10x. There is also NTP, SSDP and countless others which much higher amplification rate) could destroy the whole masternode network within 20 minutes at zero cost and make the masternode operators pay a couple extra hundred(even thousand) dollars just for the overused bandwidth. If this doesn't sound bad, then read further... Most hosting services will nullroute you when you are hit by a large enough attack.

If masternodes were ran under an anonymizing network that totally destroys any kind of amplification. That makes DDOS much more expensive. If thats not enough then read further.. Running through an anonymizing network would require custom coded malware that support Tor/I2P DDoS attacks which I have not seen on any currently known black market.

Now Evan proved that compromising the masternode network by running a lot of nodes IS extremely expensive. But renting 40x1 Gbit/s servers to get 400 Gbit/s with DNS amplification is extremely cheap. Now with 400x1 Gbit/s servers they get 4 Tbit/s enough to take down countries. Imagine how they could totally destroy masternode network with just a push of a button. While this is also possible with anonymizing networks but amplification of any kind is impossible as I said and they would increase both anonymity and performance of such network if they were to run such high performance and high bandwidth dedicated servers. To get 4 Tbit/s under I2P they would have to run 4000x1 Gbit/s servers which is EXPENSIVE AS FUCK. They wouldn't even have 4 Tbit/s with 4k 1Gbit servers on I2P because all data is routed through multiple nodes at the cost of latency and also they would be routing all other user traffic(Torrent, porn streaming, botnets) which is extra cost to them and extra usage of bandwidth.
 

illodin

Member
Apr 26, 2014
122
71
78
That doesn't make the masternode owners anonymous. It just makes the communication a more secure. It doesn't protect the source of the communication at all, just the contents.

Here's how you de-anonymize the masternodes in a system like that:
http://arxiv.org/pdf/1405.7418v1.pdf

Any technology that protects the source of the communication will be very slow.
I'm probably talking out of my ass but if the mixing requests are not the only encrypted messages the clients are sending, then how can they know what it is? We'd just have to come up with new services that are initiated and used with the same type of encrypted communication?
 

GermanRed+

Active Member
Aug 28, 2014
299
109
113
This sounds really good on paper. But scraping all masternode IP takes 1 second. It takes just as long to paste them in your botnet C&C. Starting ddos also takes 1 sec. Draining all masternode bandwidth(if not unlimited) would take a couple hours with medium size botnet. On compromised servers which with amplification get you at 400 Gbit/s(if you have 40x1Gbit/s servers and this is only with DNS amplification which gives you the smallest form of amplification at only 10x. There is also NTP, SSDP and countless others which much higher amplification rate) could destroy the whole masternode network within 20 minutes at zero cost and make the masternode operators pay a couple extra hundred(even thousand) dollars just for the overused bandwidth. If this doesn't sound bad, then read further... Most hosting services will nullroute you when you are hit by a large enough attack.

If masternodes were ran under an anonymizing network that totally destroys any kind of amplification. That makes DDOS much more expensive. If thats not enough then read further.. Running through an anonymizing network would require custom coded malware that support Tor/I2P DDoS attacks which I have not seen on any currently known black market.
The DDOS will not cost the MN operator extra money if he/she is on a monthly unlimited fiber home plan. :D
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
I'm probably talking out of my ass but if the mixing requests are not the only encrypted messages the clients are sending, then how can they know what it is? We'd just have to come up with new services that are initiated and used with the same type of encrypted communication?
Evan is right. Bitmessage is not anonymous but just encrypted. All participants have their IP addresses visible but the intended receiver is impossible to find out because everyone downloads messages and the correct receiver can only decrypt it with public key cryptography.

Bitmessage will never be illegal so it doesn't matter to them. Darkcoin 100% will be illegal.
 
  • Like
Reactions: GermanRed+

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
There is also NTP, SSDP and countless others which much higher amplification rate) could destroy the whole masternode network within 20 minutes at zero cost and make the masternode operators pay a couple extra hundred(even thousand) dollars just for the overused bandwidth. If this doesn't sound bad, then read further... Most hosting services will nullroute you when you are hit by a large enough attack.
Not that I disagree with you (in fact I would LOVE to see Darkcoin via I2P), but not all Masternodes are hosted at those cheap providers. You can certainly bring down a lot of them, but to DDOS ALL needs some serious money.
 
  • Like
Reactions: Raico

GermanRed+

Active Member
Aug 28, 2014
299
109
113
If you like to be at home without internet when under DDOS then be my guest and host your masternode at home.
A home without internet is the worst thing that could happen these days. So, I just mean the attack will not cost extra money like some VPS that is billed based on the bandwidth.
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
Not that I disagree with you (in fact I would LOVE to see Darkcoin via I2P), but not all Masternodes are hosted at those cheap providers. You can certainly bring down a lot of them, but to DDOS ALL needs some serious money.
Depends on how you do it. If you're a hacker then you can compromise massive amount of linux servers, install udp flood /w dns amplification and kill the network with ~100 compromised servers at 0$/year.

Security is so poor thesedays that anyone running Metasploit/sqlmap and Tor can compromise the needed amount of machines.
 
  • Like
Reactions: GermanRed+

eduffield

Core Developer
Mar 9, 2014
1,084
5,323
183
UDP doesn't use connections. The UDP packet will still be received even with all closed ports. Unless a reverse proxy is used(which can be ddosed) then the masternode will be able to be ddosed. Knowing that most masternodes are hosted on ~5$/month hostings which provide very limited amount of bandwidth and no DDOS protection then anyone with a medium sized botnet(~10k) can easily takedown all 1-2k masternodes. Which completely kills the Darkcoin masternode network.
If that's true, can't a medium sized botnet take down Bitcoin? It only has ~6000 full nodes (https://getaddr.bitnodes.io/)?

Why is this the case? When I2P finds its peers and connects to your wanted hidden service then traffic is exchanged almost instantly. More nodes in the I2P network = faster network.

Test it out with I2P BitTorrent client. You will quickly connect to peers and download at ~100 KB/s. 100 KB/s is the speed you can achieve with current I2P nodes as there aren't that many. Imagine what would happen to the I2P network if 2000 fast-nodes would go under it and start routing traffic? Not only it would improve anonymity but also decrease latency and improve speed.

Tor should be used if UDP support for masternodes is not required because Tor does not support UDP while I2P does. I think masternodes should go under Tor or I2P for anonymity and ddos protection reasons.

I might not know anything about cryptocurrency but when it comes to networking, malware and botnets I can fairly say that I am quite the expert. My hobby ;)
My experience with tor/i2p is quite limited, you could definitely be correct about this. I'll see if I can get a masternode running under tor/i2p to test them out.
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
If that's true, can't a medium sized botnet take down Bitcoin? It only has ~6000 full nodes (https://getaddr.bitnodes.io/)?
In theory, yes its the same story about Bitcoin.

If USA was capable of ddosing North Korea why shouldn't it be possible to ddos something so small(compared to a country) like Bitcoin. Would they want to do it? I don't think so.

However, your creation is the biggest harm to any government, any police officer, any banker in the world. Your creation has made the black market as powerful as ever. I hope to never live the day you get arrested, because you don't deserve it.

Evan Duffield, you sure have balls. Even if I was a cryptocurrency expert, I would never create an anonymous coin - I don't have the balls to stand up against the government.

We will see what happens when your creation is illegal.

My experience with tor/i2p is quite limited, you could definitely be correct about this. I'll see if I can get a masternode running under tor/i2p to test them out.
Sure, test it out. I must tell you though, Tor currently is much faster than I2p and you should use it in the case that masternode network does not operate through UDP.
 

eduffield

Core Developer
Mar 9, 2014
1,084
5,323
183
Evan is right. Bitmessage is not anonymous but just encrypted. All participants have their IP addresses visible but the intended receiver is impossible to find out because everyone downloads messages and the correct receiver can only decrypt it with public key cryptography.

Bitmessage will never be illegal so it doesn't matter to them. Darkcoin 100% will be illegal.
The goal of Darkcoin was NEVER to support illegal markets. The goal is to provide a crypto-currency that does a better job at being a crypto-currency than Bitcoin does and compete with it. IX is a powerful addition to the technology and shouldn't be discounted. I just don't agree with your assessment that it will end up illegal. In fact my entire goal of 2015 is to start building a narrative to better compete against ripple and bitcoin. There is planning going on, but I can't say much yet ;)
 

darkstrike420

Active Member
Jul 1, 2014
178
136
103
The goal of Darkcoin was NEVER to support illegal markets. The goal is to provide a crypto-currency that does a better job at being a crypto-currency than Bitcoin does and compete with it. IX is a powerful addition to the technology and shouldn't be discounted. I just don't agree with your assessment that it will end up illegal. In fact my entire goal of 2015 is to start building a narrative to better compete against ripple and bitcoin. There is planning going on, but I can't say much yet ;)
I know its not ur goal. But my gutt tells me you're in some kind of mafia. Like for real, anonymous money? I am holding my DRK because I know that I will be rich one day but.. What ur doing is just.. There is no words to explain how brave you are.