Privacy implications of accessing Bitshares without a proxy

[xeroc]

I use it over HTTPS but there is a place for a WIF key in config.json.   The WIF key may be much harder to use but it does not rely on the certificate authorities.

though that wif key is for the RPC interface only ..
connection to the network itself (other peers) is still unencrypted AFAIK

[jamesc]

If you're going to use a block chain get account to send funds, etc. you have to be concerned about a man in the middle attack.

I use it over HTTPS but there is a place for a WIF key in config.json.   The WIF key may be much harder to use but it does not rely on the certificate authorities.

[karnal]

Since there isn't any proxying support so far, I'm wondering, what information can an adversary who can monitor everything that goes in and out learn ?
Ie,
- Accounts & their balances
- Transactions made & received
Ideally the adversary would be able to learn nothing more than "this person uses bitshares". Can some developer confirm this to be the case, and possibly comment on the eventual future inclusion of proxy (SOCKS5 preferred) support in the client?

accounts & balances are stored on the blockchain .. obviously .. so you cannot gain extra information from listening to the machines ..
if you are connected to many machines you may be able to identify an ip address that might have access to funds and identify a person/organization that holds an address

you may gain information about which IP addresses are delegates and which ones run a default full-node using timing-analysis

You could, if the information is sent in the clear, ie after sending funds from an account in your wallet to anywhere. Transactions that you receive could be for anyone, they end up on everyone's computer by design, but transactions being broadcast FROM your computer? Very simple to figure out what's happening there..

Is the connection to the bitshares network encrypted? If not, why, and are there plans to implement it?

[xeroc]

Since there isn't any proxying support so far, I'm wondering, what information can an adversary who can monitor everything that goes in and out learn ?
Ie,
- Accounts & their balances
- Transactions made & received
Ideally the adversary would be able to learn nothing more than "this person uses bitshares". Can some developer confirm this to be the case, and possibly comment on the eventual future inclusion of proxy (SOCKS5 preferred) support in the client?

accounts & balances are stored on the blockchain .. obviously .. so you cannot gain extra information from listening to the machines ..
if you are connected to many machines you may be able to identify an ip address that might have access to funds and identify a person/organization that holds an address

you may gain information about which IP addresses are delegates and which ones run a default full-node using timing-analysis

[karnal]

Since there isn't any proxying support so far, I'm wondering, what information can an adversary who can monitor everything that goes in and out learn ?

Ie,

- Accounts & their balances
- Transactions made & received


Ideally the adversary would be able to learn nothing more than "this person uses bitshares". Can some developer confirm this to be the case, and possibly comment on the eventual future inclusion of proxy (SOCKS5 preferred) support in the client?