You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a new version of Bisq is available and user lets Bisq download it, currently Bisq tries to make directly connecion(s), without warning, to clearnet addresses (prob. eventually to github.com and amazonaws.com).
For better privacy, updating via onion would be ideal, or at least there should be a warning before making non-proxied direct connections. As it is now, github and amazonaws could gather private data and have a list of the IPs of unsuspecting Bisq users, potentially producing a loophole of anonymity (inadvertent "centralized points" that could be avoidable), making Bisq less censor-resistant.
It'll be easy for a user to misunderstand that Bisq connections are Tor-based and safe (anonymous), like when Tor Browser updates itself. Am I just too paranoid? I'd like to ask others' opinions about this. Thank you very much.
Workarounds: (1) manually download a new version and verify .asc; or (2) set every connection proxied with VPN, Tails, etc.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
When a new version of Bisq is available and user lets Bisq download it, currently Bisq tries to make directly connecion(s), without warning, to clearnet addresses (prob. eventually to github.com and amazonaws.com).
For better privacy, updating via onion would be ideal, or at least there should be a warning before making non-proxied direct connections. As it is now, github and amazonaws could gather private data and have a list of the IPs of unsuspecting Bisq users, potentially producing a loophole of anonymity (inadvertent "centralized points" that could be avoidable), making Bisq less censor-resistant.
It'll be easy for a user to misunderstand that Bisq connections are Tor-based and safe (anonymous), like when Tor Browser updates itself. Am I just too paranoid? I'd like to ask others' opinions about this. Thank you very much.
Workarounds: (1) manually download a new version and verify .asc; or (2) set every connection proxied with VPN, Tails, etc.
Beta Was this translation helpful? Give feedback.
All reactions