Hi all,
We are working on a new feature for Electron Cash to combat and limit the potential damage a sybil attack could ever have on Electron Cash. (This is in addition to the recent work we did to make phishing attacks impossible).
Background: Electrum was recently hit by a sybil attack that used a phishing scheme to trick users into installing a buggy Electrum that stole your coins. They tried the same on the Electron Cash network but they didn't succeed (probably they couldn't get their code working?).
Here is the relevant issue in Electrum's issue tracker: https://github.com/spesmilo/electrum/issues/4968
Anyway, on to our new feature: In a nutshell, we are adding two new concepts to the UI of the "Servers" tab in the Network Dialog. See the PR here: https://github.com/Electron-Cash/Electron-Cash/pull/1098 (it has a description and screen shots).
The two new concepts are:
Blacklists -- Users can designate servers as blacklisted and Electron Cash will never connect to them (even if told to do so explicitly). This feature actually existed silently in the background and was reserved for misbehaving servers -- but we decided to bring it to the foreground and allow a user to specify/edit the black list.
"White" lists (we haven't decided what to exactly call this yet) -- Users can designate a set of servers as "trusted" or "known-good". This set by default is the set that ships with Electron Cash in servers.json (servers we know the admins of and that have a reputation). The user can modify the white-list as he/she sees fit, however.
White lists do nothing by default -- but if the user elects to, they can tell Electron Cash to only connect to white-listed servers. This option is intended to be for when a sybil attack is in progress (should one ever occur) as a countermeasure whereby users can just click "connect only to whitelisted servers" and then they can have peace of mind that the sybil attack won't ever affect them.
It is the hope that merely the existence of these two features would be enough to discourage any sybil attack/DDoS from even occurring -- as the effort to launch one would be pointless when users have easy countermeasures at their fingertips.
Ok, so where do you come in? Well, we need advice & feedback on two major things:
- What to call "white lists" in the UI: We are having a terrible time deciding what to call the white lists. We don't like the term "white list" (well some of us don't anyway) as it has sort of very "heavy" and "official" sounding overtones.
For now, we've resorted to calling them "Default servers" -- but even that term is not ideal as it's very vague.
- Which icons? You'll notice in the screen-shots for the PR (go to the PR link), I tried out several icons for the servers to identify them in the list. None of the icons are ideal. Let us know which variant you like more or feel free to suggest other ones.
Anyway -- that's all. Hopefully I'll get some feedback from you guys. Let me know here (best place) or in the PR's comment section itself. Either works.
Thanks!
-Calin
UPDATE: I'm heavily inclined to go with this suggestion. You guys are awesome! The grayed text is a nice touch (thanks for that!) as are the other things suggested.
Screenshot of the suggestion I like: https://imgur.com/enjM6F2
[link] [comments]
source https://www.reddit.com/r/btc/comments/aeklpf/electron_cash_users_we_need_feedbackhelp_deciding/
No comments:
Post a Comment