Software authors seem to enjoy consciously freaking me out by having vaguely or entirely uncommented options in their software with very ominous labels.
In Bitcoin Core’s settings, it says "[X] Allow incoming connections", which has an entirely meaningless "elaborate description" on hover which just repeats what it already said with a couple more words: "Accept connections from outside."
What does this actually do? My first thought is that this enabled-by-default option somehow allows people from all over the world to connect to my computer and freely grab Bitcoins from my wallet.dat and look through and download files from my computer. Naturally, it doesn’t mean that, but the way it’s so vaguely described does not make me feel good, to put it that way.
My serious guess is that it has some kind of hard to understand technical explanation, but why is it an option to begin with if it’s crucial for Bitcoin to function? Is there some privacy/security benefit to me unchecking it? Does leaving it on pose some sort of privacy/security threat*? Why is it an option?
(* Usually when you ask that kind of question, people will lie to you and claim that there is no security/privacy issue, when in fact there actually is. For example, PHP developers told me that there’s nothing lost by keeping the
expose_php and other configuration options on, but to me, there definitely is as it sneakily lets the world know that you use PHP and even which version. It seems that, whenever something is bad for users, but good for the authors of something, they claim that it doesn’t pose a security/privacy threat.)
Would appreciate some clarification.
A network is formed by computers connecting to other computers. If nobody had that option turned on there would be no network, and no bitcoin. It's possible for some fraction of the nodes to participate while making only outbound connections, without accepting connections from anyone else, but only because there are enough other nodes out there to accept their connections and handle their traffic.
Answered by hobbs on September 22, 2020
There are two ways by which
bitcoind connects to peers.
The default is purely outbound connections - the node will use DNS seeds, as well as its own database of previously seen peers, and attempt to establish connections to them as needed (upon startup, or when existing connections are closed).
Allow incoming connections allows you to return this favour - it lets other peers initiate the connection to your node, instead of all your connections only being with peers where your node initiates it (of course, on the other side of those connections, is a node with
Allow incoming connections enabled).
These peer connections are used for syncing network state, such as blocks, transactions, and information on other peers.
Barring a catastrophic flaw in
bitcoind's implementation, this is not a security risk.
Depending on your network setup, you may need to enable port forwarding in your router and/or local machine's firewall before enabling this option has any effect.
Answered by Raghav Sood on September 22, 2020
1 Asked on November 29, 2020 by libertarian-monarchist-bot
1 Asked on November 18, 2020 by austinfoss
3 Asked on November 8, 2020 by mirsab-jastram
2 Asked on September 22, 2020 by dujon-w
1 Asked on September 3, 2020 by adam-mitchell
1 Asked on August 29, 2020 by nicklessguy
1 Asked on August 22, 2020 by isaac-chen
Get help from others!