|
miguelmorales85 (OP)
|
 |
September 27, 2017, 09:19:02 PM |
|
I would like to ask your opinion about TOR enabled nodes.
Do you think it is worthy to enabled TOR in every one of our nodes?
I can see in bitnodes21.co the amount of TOR nodes in the network and it is not even then half. I'm considering my self to enable TOR network in mine.
Also, because I think it is better to enabled it to accept incoming connections rather than open the 8333 port on my router.
What are my odds of my privacy and security being compromised if I enable TOR network? I have read is not 100% fail safe.
If my ISP start sharing public my public IP with another clients I wont be able to open the 8333 port.
If anyone can send me links or publish here the pros and cons of enabling TOR network in my nodes you are welcome.
Thanks,
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
aleksej996
Sr. Member
 Offline
Activity: 490
Merit: 389
Do not trust the government
|
|
September 28, 2017, 05:54:31 AM |
|
Nothing is 100%, but Tor is the best way to anonymously run a node. The other benefit is, as you said, that you don't need to forward posts. Anonymity also brings a bit of security as well, since no one will know your IP.
The only real downside of using Tor is bandwith speeds, that are maybe a half or a third of the direct connection on average, but since Bitcoin really doesn't require much bandwith, unless it is doing an initial sync, then it isn't even noticeable.
I would suggest you enable Tor, you don't really lose anything and you gain more nodes.
|
|
|
|
|
BillyBobZorton
Legendary
Offline
Activity: 1204
Merit: 1028
|
|
September 28, 2017, 02:36:45 PM |
|
Nothing is 100%, but Tor is the best way to anonymously run a node. The other benefit is, as you said, that you don't need to forward posts. Anonymity also brings a bit of security as well, since no one will know your IP.
The only real downside of using Tor is bandwith speeds, that are maybe a half or a third of the direct connection on average, but since Bitcoin really doesn't require much bandwith, unless it is doing an initial sync, then it isn't even noticeable.
I would suggest you enable Tor, you don't really lose anything and you gain more nodes.
It's very noticeable when you run a node under Tor and try to sync the network, it becomes too slow to download sometimes, but it's not the end of world, it's still reasonable to download the entire chain with Tor. But if it's really a problem, I guess a solution is to download the entire chain under your normal connection at high speeds. Once you have your node synced, close it, then open the Tor Browser, then open your node again and now you can do transactions under Tor. I think that would do. |
|
|
|
|
|
miguelmorales85 (OP)
|
|
September 29, 2017, 01:00:04 PM |
|
Nothing is 100%, but Tor is the best way to anonymously run a node. The other benefit is, as you said, that you don't need to forward posts. Anonymity also brings a bit of security as well, since no one will know your IP.
The only real downside of using Tor is bandwith speeds, that are maybe a half or a third of the direct connection on average, but since Bitcoin really doesn't require much bandwith, unless it is doing an initial sync, then it isn't even noticeable.
I would suggest you enable Tor, you don't really lose anything and you gain more nodes.
It's very noticeable when you run a node under Tor and try to sync the network, it becomes too slow to download sometimes, but it's not the end of world, it's still reasonable to download the entire chain with Tor. But if it's really a problem, I guess a solution is to download the entire chain under your normal connection at high speeds. Once you have your node synced, close it, then open the Tor Browser, then open your node again and now you can do transactions under Tor. I think that would do. Hi Hilly, have you turn the node to TOR network after syncing from the regular network? I looking for people with some experience in this. I dont want to mess my node. It is a pruned rPi and at this moment has been behaving good so far. Would I need more processing power to run a TOR node or the issue is the amount of bandwidth/speed? peace |
|
|
|
|
aleksej996
Sr. Member
Offline
Activity: 490
Merit: 389
Do not trust the government
|
|
September 29, 2017, 10:14:10 PM |
|
Nothing is 100%, but Tor is the best way to anonymously run a node. The other benefit is, as you said, that you don't need to forward posts. Anonymity also brings a bit of security as well, since no one will know your IP.
The only real downside of using Tor is bandwith speeds, that are maybe a half or a third of the direct connection on average, but since Bitcoin really doesn't require much bandwith, unless it is doing an initial sync, then it isn't even noticeable.
I would suggest you enable Tor, you don't really lose anything and you gain more nodes.
It's very noticeable when you run a node under Tor and try to sync the network, it becomes too slow to download sometimes, but it's not the end of world, it's still reasonable to download the entire chain with Tor. But if it's really a problem, I guess a solution is to download the entire chain under your normal connection at high speeds. Once you have your node synced, close it, then open the Tor Browser, then open your node again and now you can do transactions under Tor. I think that would do. Hi Hilly, have you turn the node to TOR network after syncing from the regular network? I looking for people with some experience in this. I dont want to mess my node. It is a pruned rPi and at this moment has been behaving good so far. Would I need more processing power to run a TOR node or the issue is the amount of bandwidth/speed? peace I have been running a node over Tor for years now. It will not mess up your node, it is a recommend to use Tor and Tor configuration is very well integrated in to the Bitcoin Core wallet, it even has a command line argument to automatically create Tor hidden service for you. Tor uses a negligible amount of processing power and bandwith. I even agree with Billy that it is completely ok to even sync up using Tor, since most of the syncing process is limited in speed due to the processing power and not bandwith, and Tor takes almost no processing power, but does take some bandwith that is, as I mentioned, negligible for all purposes of the Bitcoin Core node. |
|
|
|
|
|
posternat
|
|
October 04, 2017, 05:21:32 PM |
|
Do you have reason to turn them on? There is no way that anyone is going to steal from you that way, but there is no reason to turn them on if not needed either. Just because the new car comes with a few toys does not mean you have to use them all in one day. There are aspects that you will never touch in there. And the only way that people get stolen from is out right wrong actions.
|
|
|
|
|
Andre_Goldman
Sr. Member
Offline
Activity: 322
Merit: 253
Property1of1OU
|
|
October 04, 2017, 07:55:42 PM |
|
|
Patent1number: ****-****
|
|
|
|
miguelmorales85 (OP)
|
|
October 04, 2017, 08:06:23 PM |
|
Do you have reason to turn them on? There is no way that anyone is going to steal from you that way, but there is no reason to turn them on if not needed either. Just because the new car comes with a few toys does not mean you have to use them all in one day. There are aspects that you will never touch in there. And the only way that people get stolen from is out right wrong actions.
Do you recommend to turn the TOR nodes on only if I'm going to need them? I think the only purpose of a node is not to self use but to contribute to the network and let others use them too, also another few things about the blockchain that have been previously discussed in other posts. I just want to help with TOR nodes, I dont fear police knocking on my door. I am not in north America (HELLO NSA) |
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1073
|
|
October 05, 2017, 03:36:43 PM |
|
Tor enabled nodes are not 100% fool proof. A lot of the Tor exit nodes are run by the NSA and snooping is done on all of them. I think 100% anonymity is a myth and even private VPN's can be honey traps. You have a better chance when you enable Tor, but you should never feel satisfied that your traffic are not being tracked by these agencies. If you do nothing illegal, they will most probably leave you alone. {running a Bitcoin node is not illegal in most countries}  |
|
|
|
aleksej996
Sr. Member
Offline
Activity: 490
Merit: 389
Do not trust the government
|
|
October 05, 2017, 08:35:59 PM |
|
Tor enabled nodes are not 100% fool proof. A lot of the Tor exit nodes are run by the NSA and snooping is done on all of them. I think 100% anonymity is a myth and even private VPN's can be honey traps. You have a better chance when you enable Tor, but you should never feel satisfied that your traffic are not being tracked by these agencies. If you do nothing illegal, they will most probably leave you alone. {running a Bitcoin node is not illegal in most countries} You are right about it not being 100% fool proof, but when you run a hidden service neither you nor the other party ever uses an exit node, Tor is very very good when the traffic doesn't leave the Tor network, it is just harder to make a connection to the clear net securely, since there are bigger costs in running an exit node, so most legit users don't run them. But this still doesn't mean that they monitor ALL the exit nodes, you have to remember that these are nodes all across the world, in Russia, Switzerland,...There is no clear evidence that they can really monitor these ones in the other countries. |
|
|
|
|
|
miguelmorales85 (OP)
|
|
October 05, 2017, 09:03:11 PM |
|
Tor enabled nodes are not 100% fool proof. A lot of the Tor exit nodes are run by the NSA and snooping is done on all of them. I think 100% anonymity is a myth and even private VPN's can be honey traps. You have a better chance when you enable Tor, but you should never feel satisfied that your traffic are not being tracked by these agencies. If you do nothing illegal, they will most probably leave you alone. {running a Bitcoin node is not illegal in most countries} You are right about it not being 100% fool proof, but when you run a hidden service neither you nor the other party ever uses an exit node, Tor is very very good when the traffic doesn't leave the Tor network, it is just harder to make a connection to the clear net securely, since there are bigger costs in running an exit node, so most legit users don't run them. But this still doesn't mean that they monitor ALL the exit nodes, you have to remember that these are nodes all across the world, in Russia, Switzerland,...There is no clear evidence that they can really monitor these ones in the other countries. Even if the NSA is monitoring ALL nodes in the United States, they can also monitor nodes in "ALLIED" contries, or in countries when they infiltrate the companies (ISP) to install their malware or modified hardware. I agree with you that there must be few countries that are not infected by that cancer.. what a shame in this modern times..  |
|
|
|
|
|
nelsledma
|
|
October 13, 2017, 05:56:45 AM |
|
Perhaps embedded into a client, but there is not that much benefit to it. The governments have dropped trying to do things like ban the cryptos, but that is not really giving up on their part. It appears that they give up and in reality they would rather watch the network and the chains.
A node is not something that needs to be hidden unless there is something that node is doing that differs from the common node. That would be something for a new coin and that is something that they will have to consider.
|
|
|
|
|
|
miguelmorales85 (OP)
|
|
October 13, 2017, 07:50:24 PM |
|
Hello all, thank for your comments. Just a quick update: I dont know if it is because I have a IPv6 or a TOR enabled service but my node just got 1 incoming connection. it gets stuck at 9 connections. I wonder If there is something I could do. If having a TOR node is the right path to have a incoming connection enabled node but only permit ONE connection then I think I would rather have a regular node. The log keeps showing this: 2017-10-13 19:38:59 connect() to 79.10.132.141:8333 failed after select(): Connection refused (111)
2017-10-13 19:41:16 connect() to 72.48.98.106:8333 failed after select(): Connection refused (111)
2017-10-13 19:41:58 connect() to 217.33.94.163:8333 failed after select(): Connection refused (111) |
|
|
|
|
aleksej996
Sr. Member
Offline
Activity: 490
Merit: 389
Do not trust the government
|
|
October 13, 2017, 08:41:10 PM |
|
Hello all, thank for your comments. Just a quick update: I dont know if it is because I have a IPv6 or a TOR enabled service but my node just got 1 incoming connection. it gets stuck at 9 connections. I wonder If there is something I could do. If having a TOR node is the right path to have a incoming connection enabled node but only permit ONE connection then I think I would rather have a regular node. The log keeps showing this: 2017-10-13 19:38:59 connect() to 79.10.132.141:8333 failed after select(): Connection refused (111)
2017-10-13 19:41:16 connect() to 72.48.98.106:8333 failed after select(): Connection refused (111)
2017-10-13 19:41:58 connect() to 217.33.94.163:8333 failed after select(): Connection refused (111) Don't worry, that is all normal. It is hard to get incoming connections, but eventually they do increase. If you got one, and it is not from some local app and is indeed from Tor, then you should get more then one as well, as time goes by. Look at that incoming connection and if it says "via <your onion address>.onion", and you didn't do it yourself, then there is no reason that others won't connect as well. Just make sure to setup "externalip <onionaddrees>.onion" in bitcoin.conf so you can advertise your onion to the network. Those failed connections in the log might be outgoing connections (to my understanding your node isn't reachable through IPv4 and only with the hidden service, so it must be, since it wouldn't report IP addresses otherwise). Some nodes just might not like Tor nodes or are more likely just failing due to Tor being a bit slower and less reliable then a direct connection, but you still offer bigger anonymity to the network and as you can see you still get 8 outgoing connections, so it is worth it. |
|
|
|
|
|
miguelmorales85 (OP)
|
|
October 13, 2017, 08:58:27 PM |
|
Hello all, thank for your comments. Just a quick update: I dont know if it is because I have a IPv6 or a TOR enabled service but my node just got 1 incoming connection. it gets stuck at 9 connections. I wonder If there is something I could do. If having a TOR node is the right path to have a incoming connection enabled node but only permit ONE connection then I think I would rather have a regular node. The log keeps showing this: 2017-10-13 19:38:59 connect() to 79.10.132.141:8333 failed after select(): Connection refused (111)
2017-10-13 19:41:16 connect() to 72.48.98.106:8333 failed after select(): Connection refused (111)
2017-10-13 19:41:58 connect() to 217.33.94.163:8333 failed after select(): Connection refused (111) Don't worry, that is all normal. It is hard to get incoming connections, but eventually they do increase. If you got one, and it is not from some local app and is indeed from Tor, then you should get more then one as well, as time goes by. Look at that incoming connection and if it says "via <your onion address>.onion", and you didn't do it yourself, then there is no reason that others won't connect as well. Just make sure to setup "externalip <onionaddrees>.onion" in bitcoin.conf so you can advertise your onion to the network. Those failed connections in the log might be outgoing connections (to my understanding your node isn't reachable through IPv4 and only with the hidden service, so it must be, since it wouldn't report IP addresses otherwise). Some nodes just might not like Tor nodes or are more likely just failing due to Tor being a bit slower and less reliable then a direct connection, but you still offer bigger anonymity to the network and as you can see you still get 8 outgoing connections, so it is worth it. I checked using getpeerinfo and the only incoming connection is though IPv6. I guess I will wait for more. Thank you for your comment. I wonder if the incoming connections would be more if I create a whitelist with the most stable nodes from bitcoin21.co Have anyone tried that? |
|
|
|
|
|
elliottflz65
|
|
October 13, 2017, 09:00:45 PM |
|
From what I understand about tor is that anyone who does this will be exposing their information to a tor exit node which can be hosted by anyone. so any sensitive information will be in clear text and be stolen by the person who is hosting the exit node.
|
|
|
|
|
aleksej996
Sr. Member
Offline
Activity: 490
Merit: 389
Do not trust the government
|
|
October 13, 2017, 09:08:19 PM |
|
I checked using getpeerinfo and the only incoming connection is though IPv6. I guess I will wait for more. Thank you for your comment.
I wonder if the incoming connections would be more if I create a whitelist with the most stable nodes from bitcoin21.co
Have anyone tried that?
That is a bad sign. You might not have something setup properly. There is a bit of a privacy risk to using your Bitcoin node with and without Tor at the same time, but not really very worrying, but still. I don't know how you setup your Tor node, but check bitcoin.conf in your data directory. I set it up by installing tor and creating a hidden service in the torrc file. Then I run Bitcoin Core with bitcoin.conf looking something like this: proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=examplehiddenservice.onion This makes routes all the traffic through Tor and the node is only accessible with the hidden service. You can alternatively bind it to a external ip and therefor allow IP connections, but as I said, might be a privacy concern. |
|
|
|
|
|
miguelmorales85 (OP)
|
|
October 14, 2017, 08:35:33 AM |
|
I checked using getpeerinfo and the only incoming connection is though IPv6. I guess I will wait for more. Thank you for your comment.
I wonder if the incoming connections would be more if I create a whitelist with the most stable nodes from bitcoin21.co
Have anyone tried that?
That is a bad sign. You might not have something setup properly. There is a bit of a privacy risk to using your Bitcoin node with and without Tor at the same time, but not really very worrying, but still. I don't know how you setup your Tor node, but check bitcoin.conf in your data directory. I set it up by installing tor and creating a hidden service in the torrc file. Then I run Bitcoin Core with bitcoin.conf looking something like this: proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=examplehiddenservice.onion This makes routes all the traffic through Tor and the node is only accessible with the hidden service. You can alternatively bind it to a external ip and therefor allow IP connections, but as I said, might be a privacy concern. Hi, thanks for your comment. I am testing the bitcoin.conf settings you mentioned. on externalip I have set my .onion hiddenservice Now I can see when I execute getnetworkinfo that my only local address is the .onion one The IPv6 address is not longer published. I will give it a few days to see how is it going and keep you all updated. peace |
|
|
|
|
|
miguelmorales85 (OP)
|
|
October 17, 2017, 06:06:56 AM |
|
All right, as promised I am here to update the result of the test. Finally today after a few days with just 9 connections (only 1 inbound) my TOR node stop receiving incoming connections. I could successfully connect to other .onion nodes using the addnode command but it seem my only incoming connection was MYSELF Why I say this? Because part of the result of getpeerinfo was this: "id": 9,
"addr": "127.0.0.1:59768",
"addrlocal": "zmuzcuoflsycriya.onion:8333",
zmuzcuoflsycriya.onion:8333 was my onion address On the debug I got a lot of these 2017-10-17 02:30:12 receive version message: /bitnodes.21.co:0.1/: version 70015, blocks=490235, us=
zmuzcuoflsycriya.onion:8333, peer=1848
2017-10-17 02:31:05 Socks5() connect to 46.146.20.179:8333 failed: connection refused
2017-10-17 02:32:05 UpdateTip: new best=000000000000000000769c19d1723e0f53569e154d63fd5c79cffabb8540
9914 height=490236 version=0x20000000 log2_work=87.295696 tx=262776454 date='2017-10-17 02:32:00' pr
ogress=1.000000 cache=72.0MiB(635737txo)
2017-10-17 02:34:03 receive version message: /bitnodes.21.co:0.1/: version 70015, blocks=490235, us=
zmuzcuoflsycriya.onion:8333, peer=1849
2017-10-17 02:35:55 Socks5() connect to 2a00:1298:8011:212::165:8333 failed: general failure
2017-10-17 02:37:17 Socks5() connect to 71.199.96.202:8333 failed: TTL expired
2017-10-17 02:39:53 receive version message: /bitnodes.21.co:0.1/: version 70015, blocks=490236, us=
zmuzcuoflsycriya.onion:8333, peer=1850
2017-10-17 02:41:38 Socks5() connect to 95.154.99.150:8333 failed: connection refused I got connected to bitnodes21.co and that was my only incoming connection. It seems the purpose was to keep my node status on their website. I have got a good netscore for the onion address but for me it is not a useful node if it doesnt have incoming connections  {
"version": 150001,
"subversion": "/Satoshi:0.15.0.1/",
"protocolversion": 70015,
"localservices": "000000000000000c",
"localrelay": true,
"timeoffset": -1,
"networkactive": true,
"connections": 16,
"networks": [
{
"name": "ipv4",
"limited": false,
"reachable": true,
"proxy": "127.0.0.1:9050",
"proxy_randomize_credentials": true
},
{
"name": "ipv6",
"limited": false,
"reachable": true,
"proxy": "127.0.0.1:9050",
"proxy_randomize_credentials": true
},
{
"name": "onion",
"limited": false,
"reachable": true,
"proxy": "127.0.0.1:9050",
"proxy_randomize_credentials": true
}
],
"relayfee": 0.00001000,
"incrementalfee": 0.00001000,
"localaddresses": [
{
"address": "zmuzcuoflsycriya.onion",
"port": 8333,
"score": 573
}
],
"warnings": ""
} |
|
|
|
|
JohnnyNnex
Member
Offline
Activity: 68
Merit: 10
|
|
October 17, 2017, 11:59:23 AM |
|
You can be sure that there is nothing in the world that lasts for ever or works at 100%. But Tor provides you with more security than any other browser potentially would. But that also means less speed  (which proves to be really irritating). I use TOR rarely, but when I do, I love the feeling of complete security |
|
|
|
|
|
