Hi Applications Team!
I would like to propose the following addendum to the SOCKS username section of the Tor-Friendly Applications Best Practices:
"If your application needs to open a small number of connections (e.g. 10 long-lived connections) to a P2P network, and you want to prevent Sybil attacks, you should seriously consider using a unique SOCKS5 username per connection (e.g. by including a new randomly generated string in the username each time a connection is opened), which will minimize the chance of a malicious exit relay interfering with your view of the P2P network. For example, Bitcoin Core does this. On the other hand, if your application intends to open a very large number of connections, you should probably not do this, as it will put too much load on the Tor network. For example, Bitcoin DNS seeders should not do this while spidering P2P nodes."
I think this is probably uncontroversial advice within the Tor community (I think the Tor devs are aware of Bitcoin Core's behavior and haven't asked the Bitcoin Core team to change it), but it is not necessarily obvious to application developers who may be unfamiliar with Tor, so I think it's worth documenting. Please let me know if this text is okay to add (or if there's anything that can be improved); I don't want to step on toes by adding this without consulting anyone.
Cheers,