|
crypto_curious (OP)
|
 |
July 08, 2020, 06:56:24 PM |
|
Hi,
I have a server in my local network at home, with Bitcoin Core (configured to be accessible via Tor) and Electrumx (using that Bitcoin Core node only). Server has domain name, Bitcoin Core and ElectrumX services are public (ports open) and people are connecting to them.
I use ElectrumX server option, so my wallet connects only to my node and nothing else, if my server is offline, my wallet is offline
Which of the following options should I use:
1. Connect to my local ElectrumX using LAN, directly to 192.168.x.x, simple and efficient
2. Connect to my ElectrumX using Tor: both server and PC with wallet have Tor enabled so I could configure Electrum to connect only to server mydomainname.com, so I am just-another-Tor-customer (from ElectrumX point of view)
Which option is more secure and/or offers more potential privacy? Any pros and cons of both?
TIA.
|
|
|
|
|
jackg
Copper Member
Legendary
 Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 08, 2020, 07:54:02 PM |
|
If you're not connecting to the server outside of your network or opening it up for external connections you can just used the local 192 route...
If you're wanting others or yourself to connect from elsewhere and offer something to the network you could allow connections over tor. I think a lot of people who allow clearnet use a separate network to connect their server through but there might not be many more security problems associated with linking your dns through your home network (these will just be general security concerns and practices - like changing default passwords for hard to guess ones on everything)...
|
|
|
|
|
|
crypto_curious (OP)
|
|
July 08, 2020, 07:59:12 PM |
|
If you're not connecting to the server outside of your network or opening it up for external connections you can just used the local 192 route...
If you're wanting others or yourself to connect from elsewhere and offer something to the network you could allow connections over tor. I think a lot of people who allow clearnet use a separate network to connect their server through but there might not be many more security problems associated with linking your dns through your home network (these will just be general security concerns and practices - like changing default passwords for hard to guess ones on everything)...
I host a website from my home so I am already exposed. Everything is behind a NAT though, with specific ports only opened. It's no different from normal home use, specific traffic goes to hardened server, and everything else is filtered. And I had been running Bitcoin Core and ElectrumX open ports already, before I added http server. To answer my own question, natural way would be to talk to ElectrumX via 192 route as you said, but I am keen to hear your opinions how Tor route adds or maybe substracts privacy in this setup? |
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 08, 2020, 08:32:35 PM |
|
To answer my own question, natural way would be to talk to ElectrumX via 192 route as you said, but I am keen to hear your opinions how Tor route adds or maybe substracts privacy in this setup?
If you use a NAT then your 192 address will return your server connection so the connection won't leave your network... Tor would be a good option if you don't want people to know you're hosting an electrumx server, but I don't know if there'd be a reason for you doing that. It might also help strengthen your firewall as you need to open fewer ports for multiple tor servers to connect through afaik. I don't think any anonymity is lost by using tor although if you don't use a bridge, your isp may log it (you might want to check your terms if youre curious) there is a form or attack of deanonymisation where the first and last node if owned by the same person know where your connection is going - but this is going to be useless in your scenario too. I think routes to dot onion servers now only take 3 hops too as apposed to the old way where it was 6... |
|
|
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 08, 2020, 09:57:29 PM |
|
Actually looking at it, connecting to a server might take you 7 hops (I just did a quick Google search there's a lot of info on the stackexchsnge) .
There are problems with the 3 hop solution though in that it could be bruteforced repeatedly to giveaway who you're connecting to and I'd rather they switched to more hops but it would compromise a lot of speed especially since you're circuit doesnt change for anonymity reasons.
|
|
|
|
|
|
crypto_curious (OP)
|
|
July 08, 2020, 09:59:05 PM
Last edit: July 08, 2020, 10:12:50 PM by crypto_curious |
|
I don't think any anonymity is lost by using tor although if you don't use a bridge, your isp may log it (you might want to check your terms if youre curious) I've been running non-exit Tor node for many months. Bitcoin Core and other services are using it actively, so my ISP sees a constant flow of Tor traffic on my address anyway. So I think I will add to that traffic by configuring my Electrum wallet to access my ElectrumX server by Tor. I don't see downside to that. |
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 08, 2020, 10:12:39 PM |
|
Yeah it won't ad more to the network then if you're already running other stuff through it. I made the mistake of assuming you were tying to use the server for personal use, if you're using it publicly then yes I'd route both through tor.. But if you use the lan connection too it'll be faster.
|
|
|
|
|
|
crypto_curious (OP)
|
|
July 08, 2020, 10:16:54 PM |
|
Thanks for your insights. Yeah, Electrum is always instant anyway, I don't mind to wait to send my transaction. Most of the time is consumed by data-entry, HW wallet manipulation and all these pesky passwords.   Speed of sending a transaction, be it on LAN, WAN or Tor, is irrelevant. So I will apply this setting for now: Electrum PC -> Tor -> WAN -> Tor -> ElectrumX PC. |
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
July 08, 2020, 10:51:18 PM |
|
That all seems a bit "wasteful" and/or convoluted... I'm not sure why you would want to send your data outside of your local network (even with TOR)?  Why not just keep it all internal? Or are you concerned that your ElectrumX server could get hacked and then the hackers could read the logs from that to determine which connections (and therefore which transactions/addresses etc) are your personal ones? |
|
|
|
|
crypto_curious (OP)
|
|
July 08, 2020, 11:54:17 PM |
|
That all seems a bit "wasteful" and/or convoluted... I'm not sure why you would want to send your data outside of your local network (even with TOR)? Why not just keep it all internal? Or are you concerned that your ElectrumX server could get hacked and then the hackers could read the logs from that to determine which connections (and therefore which transactions/addresses etc) are your personal ones? Yes, this is one reason why would I do that. And secondly, because it works. I have entered mydomainname:50002 into Electrum and this domain is pinned to local IP in /etc/hosts file. So flipping Tor on/off in Electrum it's a matter of going to Proxy tab and clicking "Use Tor proxy at port 9050", that's all. When it's on, it skips my hosts file and goes out straight to Tor. When it's off, hosts redirects it to LAN computer. At no point my Electrum is using server not controlled by me. I wish other ElectrumX clients like Coinomi for Android would be that easy to configure like Electrum for desktop is. |
|
|
|
|
|
crypto_curious (OP)
|
|
July 10, 2020, 11:52:28 AM |
|
Update:
I have enforced tor-only connections in Bitcoin Core. When I tested that long time ago, I could not get any incoming peers. Now things have improved a bit, maybe there is more onion peers? I have decent 10 outbound peers all the time with low ping and few incoming connections from other onion peers. Fantastic.
|
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
July 10, 2020, 09:17:06 PM |
|
So I think I will add to that traffic by configuring my Electrum wallet to access my ElectrumX server by Tor. I don't see downside to that.
Bandwith and traffic. There is literally not a single good reason to connect your electrum server and electrum client via Tor if both of them share the same local network. You not only decrease the security and potentially the privacy, but also increase your bandwith and overall traffic. Do you see an advantage doing this instead of keeping it all inside of your local network? If so, which is it? |
|
|
|
|
crypto_curious (OP)
|
|
July 10, 2020, 10:57:55 PM |
|
So I think I will add to that traffic by configuring my Electrum wallet to access my ElectrumX server by Tor. I don't see downside to that.
Bandwith and traffic. There is literally not a single good reason to connect your electrum server and electrum client via Tor if both of them share the same local network. You not only decrease the security and potentially the privacy, but also increase your bandwith and overall traffic. Do you see an advantage doing this instead of keeping it all inside of your local network? If so, which is it? Thank you. I came to same conclusion recently. I disabled all services in ElectrumX except for SSL connection with certificate. All peers now are connecting using my Let's Encrypt cert, including my LAN wallets. LAN wallets are connecting directly, on Ethernet, via SSL connection. Everything works perfectly fine and I will leave it at that. I may revisit the problem later, as I am trying to make ElectrumX tor-only, but I have trouble connecting my wallets when I use self-signed certificate (which is required in Tor-only mode). Only Let's Encrypt certificate works now. I will keep digging. Thanks for all your insights folks! |
|
|
|
|
|
