Full Node VPN+Tor

[Bitcoiner2023]

Hello dear bitcoin community.

Do you think it would be better to run the full node over VPN + Tor?

Or can you run the node over the clearnet without fear?


Best regards

[1695967472]

1695967472

[1695967472]

1695967472

[BlackHatCoiner]

Depends on which country you live. If it's somewhere where using bitcoin is illegal, then running a node in clearnet is plain dumb. Your Internet provider can figure out you do easily as messages aren't encrypted. In that case, you should just run via Tor.

There aren't lots of disadvantages with Tor. Only speed. If you sync for the first time, it might take a few days to finish syncing. Consider adding onlynet=onion to go full Tor.

[seoincorporation]

Do you think it would be better to run the full node over VPN + Tor?

Better for what?

It depends on the application that you will give to that node, if you want to use it as your personal node and you will always use it from LAN then I don't think you will need VPN + TOR. But if you will use it as a public node with the idea to access from other networks, then user VPN + TOR could be a wise move.

Or can you run the node over the clearnet without fear?

What's your fear my friend? until now no one has ended up in Jail for running a Node. And If your fear is about cyber-security, then isn't about Node by its serf, the problem is how you manage your network.

[dkbit98]

Do you think it would be better to run the full node over VPN + Tor?

You should never run VPN together with Tor for anything, including for Bitcoin node.
Running BTC node with Tor sergice is used a lot and it works perfectly fine for purpose of hiding your real IP address.

Or can you run the node over the clearnet without fear?

Running Tor, VPN or Bitcoin node can be interpreted as suspicious behavior in some countries, so don't ask other people if you should fear something.

PS
You are asking so many silly questions that I seriously doubt you will ever run full node, make multisig setup, etc...  

[Bitcoiner2023]

Do you think it would be better to run the full node over VPN + Tor?

Better for what?

It depends on the application that you will give to that node, if you want to use it as your personal node and you will always use it from LAN then I don't think you will need VPN + TOR. But if you will use it as a public node with the idea to access from other networks, then user VPN + TOR could be a wise move.

Or can you run the node over the clearnet without fear?

What's your fear my friend? until now no one has ended up in Jail for running a Node. And If your fear is about cyber-security, then isn't about Node by its serf, the problem is how you manage your network.

I wanted to use the node privately via LAN.
VPN router
Tor

My fear is that my IP appears somewhere, I would like to remain as anonymous as possible.

Do you think it would be better to run the full node over VPN + Tor?

You should never run VPN together with Tor for anything, including for Bitcoin node.
Running BTC node with Tor sergice is used a lot and it works perfectly fine for purpose of hiding your real IP address.

Or can you run the node over the clearnet without fear?

Running Tor, VPN or Bitcoin node can be interpreted as suspicious behavior in some countries, so don't ask other people if you should fear something.

PS
You are asking so many silly questions that I seriously doubt you will ever run full node, make multisig setup, etc... 

why shouldn't you also use VPN as an additional option?

I want to do everything right, these are not silly questions for me, I'd rather ask than make any mistakes later
you are not forced to answer, you can just ignore my posts if it annoys you

[Welsh]

It really depends how much you value your privacy. If you don't want anyone knowing you run a Bitcoin node, it's probably not best to run one. However, if you are set on running one, then the next best option would be via Tor, and only risking your information being retrieved via the exit node.

However, for the majority of people running via clear net is probably okay. As long as your ISP can be trusted, which there's an argument that no third party or ISP can be trusted. It highly depends on your threat model, and who you trust. If you trust your ISP, then there's no real concerns. If you don't trust your security or your ISP security, then if any of those were compromised an attack could potentially find out you run the Bitcoin node, and therefore highly likely to use Bitcoin yourself, which could mean you become a target, theoretically.

why shouldn't you also use VPN as an additional option?

You're basically involving another third party, when you don't necessarily need too. The only way someone knows you're running a Bitcoin node via Tor, would be the exit node itself. Unless, the entity you're trying to hide your Bitcoin node activity from owns that exit node, there's no way of them deciphering what you are doing. If you involve a VPN service, then that VPN service could potentially know you're running a Bitcoin node, as well as the exit node of that Tor circuit.

Your ISP would know you're running Tor, but there's nothing wrong with running Tor, and it doesn't tell the ISP what Tor is being used for. If your ISP thinks it's an issue you're running Tor, change ISP. However, if all depends on who you don't want to know you run a Bitcoin node or own Bitcoin. If it's the government, they will know it's generally considered even the most private persons on the internet can't avoid the government, plus if you live in a country which requires taxation you should be declaring your taxes on Bitcoin to them. If it's your ISP; fair enough, but just use Tor.

[ETFbitcoin]

Do you think it would be better to run the full node over VPN + Tor?

At least for initial sync, i would discourage people to use Tor since it'll take long time and potentially clogging Tor network. VPN with good privacy policy/history should be sufficient for many people.

Or can you run the node over the clearnet without fear?

Running Tor, VPN or Bitcoin node can be interpreted as suspicious behavior in some countries, so don't ask other people if you should fear something.

But take note using VPN usually is considered least suspicious among 3 of those.

why shouldn't you also use VPN as an additional option?

Tor Project write detailed article about combining Tor and VPN at https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN. In short, it could weaken your privacy if it's done poorly.

[Carlton Banks]

Or can you run the node over the clearnet without fear?

once BIP324 is merged into the main version of Bitcoin, then clearnet usage will be much harder to detect (BIP324 encrypts node traffic, and does some clever stuff to prevent the handshake/establishment part of the protocol being identifiable as the bitcoin protocol)

you can run it now with the test nodes, but it's probably not such a great idea. the spec is still evolving, and there's only a handful of public nodes running it.


i would hope that other protocols might adopt similar obfuscation (maybe SSH?) as a security measure. it's apparently possible to even send the data in chunks of encrypted packets that resemble other protocols (namely, HTTPS). that would be really good for the resilience of the bitcoin network (which is one downside of using VPN or Tor: the bitcoin network is arguably slightly weakened by every node that connects through such proxies).

there's no timetable for BIP324 being merged that I'm aware of, but it's development has been in the works several (5?) years now.

[ETFbitcoin]

there's no timetable for BIP324 being merged that I'm aware of, but it's development has been in the works several (5?) years now.

BIP324 was created only 4 years ago, but it seems some function for it has been created since 5 years ago[1]. In any case, with amount of open PR/total line changes i don't expect it'll ready anytime soon.

[1] https://bip324.com/sections/code-review/

[Carlton Banks]

with amount of open PR/total line changes i don't expect it'll ready anytime soon.

[1] https://bip324.com/sections/code-review/

it looks to me as if there are 2 key pull requests that all the remaining ones depend on. although one of those is in the secp256k library, and it constitutes the hot new-ish cryptography that provides some of the cool properties that will make these encrypted connections so difficult to fingerprint. i'd expect anything like that might take many months to get merged (it's ~6 months old as of now).

however, I'm pretty confident it's viable, the secp256k devs probably aren't wasting any time on that kind of work if it's not a serious spec/upgrade

[Carlton Banks]

small heads up:

BIP324 is proceeding apace. looks like we could see it as early as bitcoin core version 27.0, if not 28.0 (so ~ next summer or later).

that means bitcoin nodes can encrypt the data sent over (but not authenticate) their network connections with one another, for anyone wanting the tl;dr. This is a step toward one day obviating the need for VPN or Tor with Bitcoin clients, but is not sufficient on its own. It still improves privacy whether using VPN/Tor or not.

[BenCodie]

Your Internet provider can figure out you do easily as messages aren't encrypted. In that case, you should just run via Tor.

This is important.

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home. A rented VPS (no matter how privately it was acquired) might be more flexible on how important it is though it's not a big sacrifice to achieve privacy.

A VPN + Tor is just a good way to add an additional layer to the system as a whole, though I don't believe this will make a lot of difference in regards to your node. It may require further configuration to prevent connectivity issues.

[ETFbitcoin]

small heads up:

BIP324 is proceeding apace. looks like we could see it as early as bitcoin core version 27.0, if not 28.0 (so ~ next summer or later).

that means bitcoin nodes can encrypt the data sent over (but not authenticate) their network connections with one another, for anyone wanting the tl;dr. This is a step toward one day obviating the need for VPN or Tor with Bitcoin clients, but is not sufficient on its own. It still improves privacy whether using VPN/Tor or not.

Indeed i see some PR (which mention "324" or mentioned on https://bip324.com/sections/code-review/) got merged in last few months). Although on other hand, i don't see other full node software have plan to add BIP 324 soon.

Your Internet provider can figure out you do easily as messages aren't encrypted. In that case, you should just run via Tor.

This is important.

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home. A rented VPS (no matter how privately it was acquired) might be more flexible on how important it is though it's not a big sacrifice to achieve privacy.

But VPS (with big storage space) from popular/reputable VPS prodier isn't cheap though, unless you're willing to use VPS with HDD or run pruned node.

[ranochigo]

This is important.

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home. A rented VPS (no matter how privately it was acquired) might be more flexible on how important it is though it's not a big sacrifice to achieve privacy.

A VPN + Tor is just a good way to add an additional layer to the system as a whole, though I don't believe this will make a lot of difference in regards to your node. It may require further configuration to prevent connectivity issues.

Don't run VPS. People are really bad at keeping their VPS safe and secure and are bound to make mistakes that opens up the attack surface. Other than the possibilities of misconfiguration, it gets worse by the fact that only one entity is likely to route their traffic to it. Hypervisors also provide little to no privacy to that.

VPN and Tor is pretty doable, Nord has it built in where certain servers are optimized for Tor. It just provides a false sense of security however, and adds little to privacy if any. Try not to use both at the same time.

[Synchronice]

Do you think it would be better to run the full node over VPN + Tor?

You should never run VPN together with Tor for anything, including for Bitcoin node.
Running BTC node with Tor sergice is used a lot and it works perfectly fine for purpose of hiding your real IP address.

Or can you run the node over the clearnet without fear?

Running Tor, VPN or Bitcoin node can be interpreted as suspicious behavior in some countries, so don't ask other people if you should fear something.

PS
You are asking so many silly questions that I seriously doubt you will ever run full node, make multisig setup, etc...  

What's wrong with VPN + Tor combination? Why do you think that it's better idea to run Tor alone? Overall, people rarely use Tor and the overall wide experience and widespread information is that Tor is used to access darkweb. I know not everyone uses it for that purpose but that's not what government thinks and expects from an average user, everyone thinks about darkwebs. So, if you use Tor, then your ISP knows that you are using Tor and you are probably in their list, you look suspicious for them. But VPN is used by a lot of people, some use it to unlock PlayStore apps, some use it for watching Netflix/AmzPrime/Hulu/Disney+, some use it for gaming and so on. I mean, the number of VPN users is very high, a lot of average person and especially kids use VPN, so, they definitely won't track everyone who uses VPN. That's why I think it's better to connect to VPN, configure it, then connect to Tor. When it comes to trust, I think I would trust some VPN providers over my internet service provider.

[BlackHatCoiner]

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home.

Not necessarily. As I have said previously, if you want to accept incoming connections, then port forward is inevitable if you don't use Tor, which isn't always trivial to do from my experience.

What's wrong with VPN + Tor combination?

There are two scenarios. You either route everything from Tor, and send the final message to the VPN, or you use your VPN as first-end proxy, and send the message to Tor afterwards. In the former scenario, your VPN knows the final message, and can de-anonymize you to some extent, and in the latter, everything you're supposed to hide from your Internet provider is firstly sent to your VPN provider. So in both cases, you have less anonymity than just using Tor.

[ranochigo]

What's wrong with VPN + Tor combination? Why do you think that it's better idea to run Tor alone? Overall, people rarely use Tor and the overall wide experience and widespread information is that Tor is used to access darkweb. I know not everyone uses it for that purpose but that's not what government thinks and expects from an average user, everyone thinks about darkwebs. So, if you use Tor, then your ISP knows that you are using Tor and you are probably in their list, you look suspicious for them. But VPN is used by a lot of people, some use it to unlock PlayStore apps, some use it for watching Netflix/AmzPrime/Hulu/Disney+, some use it for gaming and so on. I mean, the number of VPN users is very high, a lot of average person and especially kids use VPN, so, they definitely won't track everyone who uses VPN. That's why I think it's better to connect to VPN, configure it, then connect to Tor. When it comes to trust, I think I would trust some VPN providers over my internet service provider.

That's an excessive generalization. There is a reason why most people who are truly concerned about their privacy don't use VPNs. There are tons of ways for people to compromise their privacy when they're using VPN. It really doesn't matter what your government thinks about your habits, you have the rights to maintain and protect your own privacy and they shouldn't have any problems with that. So long as your Tor connection is secure enough such that nothing is leaked.

VPNs on the contrary, doesn't provide sufficient privacy. Your VPN client can leak information if not configured properly, the addition of an additional eavedropper in your connection, the possibility of the data being analyzed, so on and so forth. ISPs will absolutely track and collect your metadata no matter what you do, like what NSA has always been doing.

[Synchronice]

What's wrong with VPN + Tor combination?

There are two scenarios. You either route everything from Tor, and send the final message to the VPN, or you use your VPN as first-end proxy, and send the message to Tor afterwards. In the former scenario, your VPN knows the final message, and can de-anonymize you to some extent, and in the latter, everything you're supposed to hide from your Internet provider is firstly sent to your VPN provider. So in both cases, you have less anonymity than just using Tor.

But if I use just Tor, then my ISP knows that I'm using Tor, which can be a much more problematic case, depends on where you live. If I use VPN + Tor, then the information of me using a Tor is forwarded from ISP to VPN, i.e. now VPN knows it instead of ISP.
I don't say that Tor alone is not safe, no, actually, You + Tor is the safest option but what I'm saying is that I'm afraid the fact that you use Tor, for the government, automatically means that you are doing something wrong and are already in their watchlist. That's why I would move towards VPN + Tor combo, definitely if everything is done correctly. But still it's a trust business.

[BlackHatCoiner]

But if I use just Tor, then my ISP knows that I'm using Tor

Not necessarily, because you can use bridges. These are Tor relays that aren't publicly known, as with most Tor nodes, so they help you circumvent censorship. Although, completely hiding that information from your ISP is not really possible, because you have to install somehow Tor (by visiting the clearnet), and even if you do this anonymously, nobody can guarantee you bridges aren't honeypots.

[ranochigo]

But if I use just Tor, then my ISP knows that I'm using Tor, which can be a much more problematic case, depends on where you live. If I use VPN + Tor, then the information of me using a Tor is forwarded from ISP to VPN, i.e. now VPN knows it instead of ISP.
I don't say that Tor alone is not safe, no, actually, You + Tor is the safest option but what I'm saying is that I'm afraid the fact that you use Tor, for the government, automatically means that you are doing something wrong and are already in their watchlist. That's why I would move towards VPN + Tor combo, definitely if everything is done correctly. But still it's a trust business.

Innocent until proven guilty. Are you doing something illegal? If you are, then there is no point hiding anything so long as you can protect your privacy properly using Tor. They cannot legally prosecute you without sufficient information, and if done correctly, landing on their watchlist does nothing to you.

On the contrary, there are many ways that you can land on their watchlist and using Tor is probably an insignificant part of it. If they want to monitor you, they would pounce at every chance that they can get. Using a VPN in this case provides you with a false sense of security.

If you are confident that you can ensure that your VPN isn't already a honeypot, and you can effectively prevent any leakage of information, then go ahead. It would still be possible to conduct traffic analysis to come to the conclusion that you're still running Tor.

At the end of the day, you can certainly do so with marginal improvement on your privacy. That is assuming you know how to prevent any VPN leakage and configure Tor to work properly before considering the even slower synchronization.