hey uh, we know that GUI simple mode is basically broken for new users, right?

<o​frnxmr:monero.social> Yes

<o​frnxmr:monero.social> i'd disable it altogether, personally. Its not really even safe. Bootstrap mode is the same issue.

<o​frnxmr:monero.social> my assumptions: the pool of honest nodes making use of --public-node flag is small because it is opt in. It also doesn't make sense to change it to be opt out.

<o​frnxmr:monero.social> UX is the reasoning for simple mode, but when often not functional or connected to malicious nodes, i think the risk outweighs the benefit.

<o​frnxmr:monero.social> Solution? Im not sure there is one. Perhaps use a "monerod-proxy" to randomly choose from a centralize/commercial list of nodes that are both trusted and community funded for "bootstrap" and "simple" mode.

<n​ikg83:matrix.org> Or just have a list taken from monero.fail and simple mode user can connect to a random node

<n​ikg83:matrix.org> How does btc electrum wallet get a list ?

everyone can add their node to monero.fail

it's equally unsafe

<n​ikg83:matrix.org> Don’t they moderate it ? Can’t we build some system that checks or puts a score for these nodes

moderate how?

nodes can be legit and suddenly switch to malicious

nodes can appear legit while spying on you

etc.

the only solution would be setup nodes by "trusted members", or "community funded nodes" or whatever, even if it's centralized

<n​ikg83:matrix.org> Every node can be spied with mitm, most nodes don’t even have https

nodes use ssl by default

<n​ikg83:matrix.org> Nor can clients verify those ssl certs

<n​ikg83:matrix.org> Remote nodes are http isn’t it ?

<n​ikg83:matrix.org> Most remote nodes are http isn’t it ?

they should use SSL by default

--rpc-ssl is enabled by default on both node and wallet

P2P doesn't have any encryption, RPC does

<n​ikg83:matrix.org> Idk I can’t connect using ssl to cake nodes atleast

not sure about cake's node specifically, maybe they turned it off

years ago this was a recommendation due to buggy SSL code

but that is fixed

<n​ikg83:matrix.org> Http should be depreciated then ?

<n​ikg83:matrix.org> Even browsers warn about http 😅

<n​ikg83:matrix.org> I can’t connect to any of the nodes listed in nodes.monero.com with ssl, alteast in cake wallet ; only node that worked for new is monero.stackwallet.com:18081

<n​ikg83:matrix.org> Don’t have a pc to test gui with ssl

<n​ikg83:matrix.org> Don’t have a pc rn to test gui with ssl

<n​ikg83:matrix.org> I can’t connect to any of the nodes listed in nodes.monero.com with ssl, alteast in cake wallet ; only node that worked for now is monero.stackwallet.com:18081

I think I would tend to agree that we should just people make the choice to run their own node, or leave them to find their own remote node, or *maybe* direct them to some directory of nodes. I recall decentralization was the reason for the current system over having a curated nodes in the past, and I tend to agree that the official wallet shouldn't promote particular nodes over others

if people know they're making a choice, they'll at least (hopefully) think to try another one if the one they use doesn't work. as it stands, people being connected to bad nodes in simple mode is one of the most common support topics I see, and the advice (at least from me) is always, don't use simple mode