Bitcoin Forum
March 28, 2024, 07:46:43 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Using Armory anonymously?  (Read 11612 times)
omegaflare
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
May 18, 2014, 11:21:49 PM
 #21

How do I verify that Armory is running via TOR?

Thanks!

TOR use port 9150 not 9050, FYI.

The forum was founded in 2009 by Satoshi and Sirius. It replaced a SourceForge forum.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711655203
Hero Member
*
Offline Offline

Posts: 1711655203

View Profile Personal Message (Offline)

Ignore
1711655203
Reply with quote  #2

1711655203
Report to moderator
omegaflare
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
May 19, 2014, 12:02:09 AM
 #22

Do I have to disable uPNP first and then enable 127.0.0.1 via 9150 with SOCKS4 or 5? LMK!

Thanks!

Rampion
Legendary
*
Offline Offline

Activity: 1148
Merit: 1017


View Profile
May 19, 2014, 09:31:12 AM
 #23

How do I verify that Armory is running via TOR?

Thanks!

TOR use port 9150 not 9050, FYI.

Tor Browser Bundle uses port 9150, Tor daemon uses port 9050.

You need to verify that Bitcoin Core is running via Tor - you can do that easily by using Wireshark. If Bitcoin Core is running via Tor, then you are OK (Armory connects via Bitcoin Core only).


biolizard89
Member
**
Offline Offline

Activity: 77
Merit: 52


View Profile
May 25, 2014, 03:42:52 AM
 #24

That's an interesting point. You should try bind=127.0.0.1 instead of listen=1

Also, I would personally use Tails rather than just Tor, to guaranty all traffic goes through Tor.

Thanks for the advice, will try and report.

Tails is indeed the best solution, but IMO its not really conceived as a fully persistent distro. It needs to be run from USB which makes it very impractical to run a full node as I do.

Right now I use this solution when I want "full system going through tor": I route all my OS X traffic through tor using the Proxy settings on System Preferences/Advanced/Proxies. I've found it pretty good, meaning that everything really goes through Tor - to avoid any third party software "phoning home" without going through Tor I use Little Snitch, with which I block all connections that are not routed through Tor.

Summing up: Tor proxy in advanced network settings  + Little Snitch works very well on OS X.

For future reference, Whonix has a pretty good reputation.  It runs in a VM, and (in theory) nothing inside the VM can break out of Tor, even if root privileges inside the VM are totally compromised.  Whonix has a dedicated SOCKS port for Bitcoin-Qt use (192.168.0.10, port 9111), so your Bitcoin transactions won't be linked to your other applications via circuit sharing.  I would guess that Whonix is quite a bit safer than relying on Bitcoin-Qt and Armory to perfectly respect proxy settings.

More info:

https://www.whonix.org/
https://www.whonix.org/wiki/Money
https://www.whonix.org/wiki/Stream_Isolation
xe99
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
May 31, 2014, 02:54:52 AM
 #25

would connecting through a vpn add the same level of anonymity without having to add to or change any files/settings?
biolizard89
Member
**
Offline Offline

Activity: 77
Merit: 52


View Profile
May 31, 2014, 03:06:36 AM
 #26

would connecting through a vpn add the same level of anonymity without having to add to or change any files/settings?

If you trust that your VPN operator isn't evil, and that they won't be compromised by cyberattack, and that they won't be compelled by legal (or extralegal) means to screw you, then a VPN is probably fine.  These are conditions that are not true for many people.  Tor isn't vulnerable to any of these points (although it's not perfect).  So, short answer, no, a VPN is not comparable to Tor in terms of anonymity.
Raize
Donator
Legendary
*
Offline Offline

Activity: 1419
Merit: 1015


View Profile
June 09, 2014, 02:34:41 AM
 #27

My current line looks something like this:
bitcoin-qt.exe -proxy=127.0.0.1:9050 -externalip=j2l9w93j3jj32ss.onion -listen

I have not linked it to Armory yet, but presumably it should work. I've heard some people say if you use -onion=127.0.0.1:9050 your client will never leave TOR, which might be best for anonymity purposes. If you do this, however, I am not sure if the server will be accessible. Just whatever you do, don't forward port 8333 on your firewall or the anonymity goes away. Check out the "tor.md" file under Bitcoin\doc.

Someone more knowledgeable might be able to correct any mistakes I've made here.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
June 09, 2014, 03:28:35 AM
 #28

I've heard some people say if you use -onion=127.0.0.1:9050 your client will never leave TOR, which might be best for anonymity purposes.
I'm pretty sure that's the opposite of true.

As far as I understand it, -proxy sends all connections through the proxy. -onion only send connections to Tor hidden services over the proxy, and connections to regular ipv4 peers bypass the proxy.

If you do this, however, I am not sure if the server will be accessible
Having your node accessible as a hidden service (something.onion) is just a matter of configuring your Tor nodes to publish the hidden service and redirect incoming connections to your node, and then using -externalip so that your node can tell its peers how to reach it.
Raize
Donator
Legendary
*
Offline Offline

Activity: 1419
Merit: 1015


View Profile
June 09, 2014, 06:33:44 AM
 #29

As far as I understand it, -proxy sends all connections through the proxy. -onion only send connections to Tor hidden services over the proxy, and connections to regular ipv4 peers bypass the proxy.

Okay, then that bring up a question for me. Is there a way to *only* try to route to other TOR hidden services? For example, if I didn't even want to leave via an exit node to the rest of the network?

I have evidence of it failing to connect to an external IP using "-proxy:" from an error message here: (modified for anonymity of exit node)
Code:
Jun 06 13:34:11.449 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $ECC33AB15915C6E167A0EAEF9D4BD1A005B12F56~GoodBoy23 at 201.151.231.31. Retrying on a new circuit.

I'm not sure this is needed for most people, but I think it'd be interesting to run a within-TOR-only node. Obviously this could be done by using the wiki for TOR services and only adding TOR IPs, but is there a way within the client to do only TOR-based IPs and avoid even exit nodes?
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
June 09, 2014, 08:02:01 AM
 #30

Okay, then that bring up a question for me. Is there a way to *only* try to route to other TOR hidden services? For example, if I didn't even want to leave via an exit node to the rest of the network?
-onlynet=tor

I have evidence of it failing to connect to an external IP using "-proxy:" from an error message here: (modified for anonymity of exit node)
Code:
Jun 06 13:34:11.449 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $ECC33AB15915C6E167A0EAEF9D4BD1A005B12F56~GoodBoy23 at 201.151.231.31. Retrying on a new circuit.
Right with -proxy, all connections are sent through it. If you used -onion you'd never see that message since you'd only be attempting to connect to hidden services.

I'm not sure this is needed for most people, but I think it'd be interesting to run a within-TOR-only node. Obviously this could be done by using the wiki for TOR services and only adding TOR IPs, but is there a way within the client to do only TOR-based IPs and avoid even exit nodes?
-onlynet=tor combined with -onion should do everything you need, except I'm not sure if there's a way to automatically bootstrap a Tor-only node. I always bootstrapped manually from known Tor nodes.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!