« previous next »
Pages: [1]   Go Down

Author Topic: Are there any privacy/security issues using a socket provided by 3rd party?  (Read 1880 times)

0 Members and 1 Guest are viewing this topic.

October 19, 2015, 02:50:22 pm Reply #6

Offline JA

  • Hero Member
  • *****
  • Posts: 650
    • View Profile
Re: Are there any privacy/security issues using a socket provided by 3rd party?
Quote from: xeroc on October 19, 2015, 09:02:17 am
the wallet does all the nasty crypto stuff for you in javascript and the websocket connection is only an entry point to query the blockchain or send signed transactions ..
atm there are not so many publicly known websocket servers avaialble .. but i really hope this will change quickly
wss://sync.cryptofeed.net
if you connect to a websocket its like voting for a witness.
you have to trust the socket.
btw if trustworthy community members want contribute with a node just pm me and i will add it (self-signed or verified ssl is required).
Logged
October 19, 2015, 09:02:17 am Reply #5

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: Are there any privacy/security issues using a socket provided by 3rd party?
the wallet does all the nasty crypto stuff for you in javascript and the websocket connection is only an entry point to query the blockchain or send signed transactions ..
atm there are not so many publicly known websocket servers avaialble .. but i really hope this will change quickly
Logged
October 18, 2015, 09:36:11 pm Reply #4

Offline puppies

  • Hero Member
  • *****
  • Posts: 1659
    • View Profile
  • BitShares: puppies
Re: Are there any privacy/security issues using a socket provided by 3rd party?
Afaik Arhag mentioned a coupe of exploits were possible.  Something about tricking you into believing a transaction had gone through.
Logged
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads
October 18, 2015, 04:51:54 pm Reply #3

Tuck Fheman

  • Guest
Re: Are there any privacy/security issues using a socket provided by 3rd party?
Quote from: sittingduck on October 18, 2015, 02:14:54 pm
Yes they can front run you.  So can witnesses.   At the end of the day worst cas is you get what you asked for

 :-\
Logged
October 18, 2015, 02:14:54 pm Reply #2

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
Re: Are there any privacy/security issues using a socket provided by 3rd party?
Yes they can front run you.  So can witnesses.   At the end of the day worst cas is you get what you asked for
Logged
October 17, 2015, 05:02:41 pm Reply #1

Tuck Fheman

  • Guest
Are there any privacy/security issues using a socket provided by 3rd party?
@bytemaster <-- this never works for me, but here it is anyway.

What information can a site that is providing a socket gather from the client (IP, etc)?

Can a socket provider find out what market orders you are placing? (my understanding is that it would be possible)

If it is possible, does that allow the provider to take advantage of that trading information before it reaches the market? (before everyone else knows)

If so, isn't this an unfair advantage (front-running)?

I"m aware that we can setup our own node and avoid this altogether (I think), but if the above is true, I think people need to be made aware of it if they're using an exchanges socket.

Or am I concerned about something that can't happen (please tell me that's the case)?

Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.028 seconds with 25 queries.