15:32:10 <Lyza> hey uh, we know that GUI simple mode is basically broken for new users, right?
17:16:56 <m-relay> <o​frnxmr:monero.social> Yes
17:24:46 <m-relay> <o​frnxmr:monero.social> i'd disable it altogether, personally. Its not really even safe. Bootstrap mode is the same issue. 
17:24:47 <m-relay> <o​frnxmr:monero.social> my assumptions: the pool of honest nodes making use of --public-node flag is small because it is opt in. It also doesn't make sense to change it to be opt out. 
17:24:47 <m-relay> <o​frnxmr:monero.social> UX is the reasoning for simple mode, but when often not functional or connected to malicious nodes, i think the risk outweighs the benefit.
17:24:47 <m-relay> <o​frnxmr:monero.social> Solution? Im not sure there is one. Perhaps use a "monerod-proxy" to randomly choose from a centralize/commercial list of nodes that are both trusted and community funded for "bootstrap" and "simple" mode.
19:04:36 <m-relay> <n​ikg83:matrix.org> Or just have a list taken from monero.fail and simple mode user can connect to a random node
19:05:45 <m-relay> <n​ikg83:matrix.org> How does btc electrum wallet get a list ?
21:05:14 <selsta> everyone can add their node to monero.fail
21:05:32 <selsta> it's equally unsafe
21:23:35 <m-relay> <n​ikg83:matrix.org> Don’t they moderate it ? Can’t we build some system that checks or puts a score for these nodes
21:30:44 <selsta> moderate how?
21:30:58 <selsta> nodes can be legit and suddenly switch to malicious
21:31:07 <selsta> nodes can appear legit while spying on you
21:31:10 <selsta> etc.
21:31:45 <selsta> the only solution would be setup nodes by "trusted members", or "community funded nodes" or whatever, even if it's centralized
21:33:05 <m-relay> <n​ikg83:matrix.org> Every node can be spied with mitm, most nodes don’t even have https
21:34:26 <selsta> nodes use ssl by default
21:34:33 <m-relay> <n​ikg83:matrix.org> Nor can clients verify those ssl certs
21:34:44 <m-relay> <n​ikg83:matrix.org> Remote nodes are http isn’t it ?
21:35:22 <m-relay> <n​ikg83:matrix.org> Most remote nodes are http isn’t it ?
21:35:32 <selsta> they should use SSL by default
21:36:19 <selsta> --rpc-ssl is enabled by default on both node and wallet
21:36:37 <selsta> P2P doesn't have any encryption, RPC does
21:36:40 <m-relay> <n​ikg83:matrix.org> Idk I can’t connect using ssl to cake nodes atleast
21:37:04 <selsta> not sure about cake's node specifically, maybe they turned it off
21:37:27 <selsta> years ago this was a recommendation due to buggy SSL code
21:37:32 <selsta> but that is fixed
21:38:05 <m-relay> <n​ikg83:matrix.org> Http should be depreciated then ?
21:38:24 <m-relay> <n​ikg83:matrix.org> Even browsers warn about http 😅
21:47:58 <m-relay> <n​ikg83:matrix.org> I can’t connect to any of the nodes listed in nodes.monero.com with ssl, alteast in cake wallet ; only node that worked for new is monero.stackwallet.com:18081
21:48:16 <m-relay> <n​ikg83:matrix.org> Don’t have a pc to test gui with ssl
21:48:26 <m-relay> <n​ikg83:matrix.org> Don’t have a pc rn to test gui with ssl
22:15:18 <m-relay> <n​ikg83:matrix.org> I can’t connect to any of the nodes listed in nodes.monero.com with ssl, alteast in cake wallet ; only node that worked for now is monero.stackwallet.com:18081
23:20:31 <Lyza> I think I would tend to agree that we should just people make the choice to run their own node, or leave them to find their own remote node, or *maybe* direct them to some directory of nodes. I recall decentralization was the reason for the current system over having a curated nodes in the past, and I tend to agree that the official wallet shouldn't promote particular nodes over others
23:25:49 <Lyza> if people know they're making a choice, they'll at least (hopefully) think to try another one if the one they use doesn't work. as it stands, people being connected to bad nodes in simple mode is one of the most common support topics I see, and the advice (at least from me) is always, don't use simple mode