Author Topic: Are there any privacy/security issues using a socket provided by 3rd party?  (Read 1237 times)

0 Members and 1 Guest are viewing this topic.

Offline JA

  • Hero Member
  • *****
  • Posts: 650
    • View Profile
the wallet does all the nasty crypto stuff for you in javascript and the websocket connection is only an entry point to query the blockchain or send signed transactions ..
atm there are not so many publicly known websocket servers avaialble .. but i really hope this will change quickly
wss://sync.cryptofeed.net
if you connect to a websocket its like voting for a witness.
you have to trust the socket.
btw if trustworthy community members want contribute with a node just pm me and i will add it (self-signed or verified ssl is required).

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
the wallet does all the nasty crypto stuff for you in javascript and the websocket connection is only an entry point to query the blockchain or send signed transactions ..
atm there are not so many publicly known websocket servers avaialble .. but i really hope this will change quickly

Offline puppies

  • Hero Member
  • *****
  • Posts: 1659
    • View Profile
  • BitShares: puppies
Afaik Arhag mentioned a coupe of exploits were possible.  Something about tricking you into believing a transaction had gone through.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Tuck Fheman

  • Guest
Yes they can front run you.  So can witnesses.   At the end of the day worst cas is you get what you asked for

 :-\

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
Yes they can front run you.  So can witnesses.   At the end of the day worst cas is you get what you asked for

Tuck Fheman

  • Guest
@bytemaster <-- this never works for me, but here it is anyway.

What information can a site that is providing a socket gather from the client (IP, etc)?

Can a socket provider find out what market orders you are placing? (my understanding is that it would be possible)

If it is possible, does that allow the provider to take advantage of that trading information before it reaches the market? (before everyone else knows)

If so, isn't this an unfair advantage (front-running)?

I"m aware that we can setup our own node and avoid this altogether (I think), but if the above is true, I think people need to be made aware of it if they're using an exchanges socket.

Or am I concerned about something that can't happen (please tell me that's the case)?