[bisq-network/bisq] Download a new version via Tor; warning before direct connections (Discussion #5785)

[Liisachan]

When a new version of Bisq is available and user lets Bisq download it, currently Bisq tries to make directly connecion(s), without warning, to clearnet addresses (prob. eventually to github.com and amazonaws.com).

For better privacy, updating via onion would be ideal, or at least there should be a warning before making non-proxied direct connections. As it is now, github and amazonaws could gather private data and have a list of the IPs of unsuspecting Bisq users, potentially producing a loophole of anonymity (inadvertent "centralized points" that could be avoidable), making Bisq less censor-resistant.

It'll be easy for a user to misunderstand that Bisq connections are Tor-based and safe (anonymous), like when Tor Browser updates itself. Am I just too paranoid? I'd like to ask others' opinions about this. Thank you very much.

Workarounds: (1) manually download a new version and verify .asc; or (2) set every connection proxied with VPN, Tails, etc.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/discussions/5785
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20211028/8dfc80ce/attachment.htm>