6

Software authors seem to enjoy consciously freaking me out by having vaguely or entirely uncommented options in their software with very ominous labels.

In Bitcoin Core's settings, it says "[X] Allow incoming connections", which has an entirely meaningless "elaborate description" on hover which just repeats what it already said with a couple more words: "Accept connections from outside."

What does this actually do? My first thought is that this enabled-by-default option somehow allows people from all over the world to connect to my computer and freely grab Bitcoins from my wallet.dat and look through and download files from my computer. Naturally, it doesn't mean that, but the way it's so vaguely described does not make me feel good, to put it that way.

My serious guess is that it has some kind of hard to understand technical explanation, but why is it an option to begin with if it's crucial for Bitcoin to function? Is there some privacy/security benefit to me unchecking it? Does leaving it on pose some sort of privacy/security threat*? Why is it an option?

(* Usually when you ask that kind of question, people will lie to you and claim that there is no security/privacy issue, when in fact there actually is. For example, PHP developers told me that there's nothing lost by keeping the expose_php and other configuration options on, but to me, there definitely is as it sneakily lets the world know that you use PHP and even which version. It seems that, whenever something is bad for users, but good for the authors of something, they claim that it doesn't pose a security/privacy threat.)

Would appreciate some clarification.

enter image description here

Murch
  • 71,155
  • 33
  • 180
  • 600
Dujon W.
  • 69
  • 2

2 Answers2

11

There are two ways by which bitcoind connects to peers.

The default is purely outbound connections - the node will use DNS seeds, as well as its own database of previously seen peers, and attempt to establish connections to them as needed (upon startup, or when existing connections are closed).

Allow incoming connections allows you to return this favour - it lets other peers initiate the connection to your node, instead of all your connections only being with peers where your node initiates it (of course, on the other side of those connections, is a node with Allow incoming connections enabled).

These peer connections are used for syncing network state, such as blocks, transactions, and information on other peers.

Barring a catastrophic flaw in bitcoind's implementation, this is not a security risk.

Depending on your network setup, you may need to enable port forwarding in your router and/or local machine's firewall before enabling this option has any effect.

Raghav Sood
  • 16,869
  • 3
  • 21
  • 42
  • Only privacy issues can be your IP address if you allow incoming connections I guess but it can be resolved if you are running a VPN like mullvad which allows port forwarding or Tor hidden service for the full node. –  Aug 15 '20 at 18:13
2

A network is formed by computers connecting to other computers. If nobody had that option turned on there would be no network, and no bitcoin. It's possible for some fraction of the nodes to participate while making only outbound connections, without accepting connections from anyone else, but only because there are enough other nodes out there to accept their connections and handle their traffic.

hobbs
  • 121
  • 3