Full Node VPN+Tor
<< < (2/5) > >>
Welsh:
It really depends how much you value your privacy. If you don't want anyone knowing you run a Bitcoin node, it's probably not best to run one. However, if you are set on running one, then the next best option would be via Tor, and only risking your information being retrieved via the exit node.

However, for the majority of people running via clear net is probably okay. As long as your ISP can be trusted, which there's an argument that no third party or ISP can be trusted. It highly depends on your threat model, and who you trust. If you trust your ISP, then there's no real concerns. If you don't trust your security or your ISP security, then if any of those were compromised an attack could potentially find out you run the Bitcoin node, and therefore highly likely to use Bitcoin yourself, which could mean you become a target, theoretically.

Quote from: Bitcoiner2023 on March 13, 2023, 07:37:58 PM

why shouldn't you also use VPN as an additional option?

You're basically involving another third party, when you don't necessarily need too. The only way someone knows you're running a Bitcoin node via Tor, would be the exit node itself. Unless, the entity you're trying to hide your Bitcoin node activity from owns that exit node, there's no way of them deciphering what you are doing. If you involve a VPN service, then that VPN service could potentially know you're running a Bitcoin node, as well as the exit node of that Tor circuit.

Your ISP would know you're running Tor, but there's nothing wrong with running Tor, and it doesn't tell the ISP what Tor is being used for. If your ISP thinks it's an issue you're running Tor, change ISP. However, if all depends on who you don't want to know you run a Bitcoin node or own Bitcoin. If it's the government, they will know it's generally considered even the most private persons on the internet can't avoid the government, plus if you live in a country which requires taxation you should be declaring your taxes on Bitcoin to them. If it's your ISP; fair enough, but just use Tor.
Carlton Banks:
Quote from: Bitcoiner2023 on March 13, 2023, 03:22:29 PM

Or can you run the node over the clearnet without fear?


once BIP324 is merged into the main version of Bitcoin, then clearnet usage will be much harder to detect (BIP324 encrypts node traffic, and does some clever stuff to prevent the handshake/establishment part of the protocol being identifiable as the bitcoin protocol)

you can run it now with the test nodes, but it's probably not such a great idea. the spec is still evolving, and there's only a handful of public nodes running it.


i would hope that other protocols might adopt similar obfuscation (maybe SSH?) as a security measure. it's apparently possible to even send the data in chunks of encrypted packets that resemble other protocols (namely, HTTPS). that would be really good for the resilience of the bitcoin network (which is one downside of using VPN or Tor: the bitcoin network is arguably slightly weakened by every node that connects through such proxies).

there's no timetable for BIP324 being merged that I'm aware of, but it's development has been in the works several (5?) years now.
Carlton Banks:
Quote from: ETFbitcoin on March 15, 2023, 12:45:59 PM

with amount of open PR/total line changes i don't expect it'll ready anytime soon.

[1] https://bip324.com/sections/code-review/


it looks to me as if there are 2 key pull requests that all the remaining ones depend on. although one of those is in the secp256k library, and it constitutes the hot new-ish cryptography that provides some of the cool properties that will make these encrypted connections so difficult to fingerprint. i'd expect anything like that might take many months to get merged (it's ~6 months old as of now).

however, I'm pretty confident it's viable, the secp256k devs probably aren't wasting any time on that kind of work if it's not a serious spec/upgrade
Carlton Banks:
small heads up:

BIP324 is proceeding apace. looks like we could see it as early as bitcoin core version 27.0, if not 28.0 (so ~ next summer or later).

that means bitcoin nodes can encrypt the data sent over (but not authenticate) their network connections with one another, for anyone wanting the tl;dr. This is a step toward one day obviating the need for VPN or Tor with Bitcoin clients, but is not sufficient on its own. It still improves privacy whether using VPN/Tor or not.
BenCodie:
Quote from: BlackHatCoiner on March 13, 2023, 03:39:27 PM

Your Internet provider can figure out you do easily as messages aren't encrypted. In that case, you should just run via Tor.


This is important.

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home. A rented VPS (no matter how privately it was acquired) might be more flexible on how important it is though it's not a big sacrifice to achieve privacy.

A VPN + Tor is just a good way to add an additional layer to the system as a whole, though I don't believe this will make a lot of difference in regards to your node. It may require further configuration to prevent connectivity issues.
Navigation
Message Index
Next page
Previous page