Outgoing connections to clearnet peers over Tor are less secure?

[regenbogen]

Hey,

I'm running a Ƀ full node on Umbrel and I'm a little confused about this one option:

Make All Outgoing Connections to Clearnet Peers Over Tor
(proxy)
Connect to peers available on the clearnet via Tor to preserve your anonymity at the cost of slightly less security.

Why are outgoing connections through Tor less secure?

[ABCbits]

It's probably due to one of those reasons,
1. You need to trust the exit node.
2. Unless you and other node use encryption (this is recent addition based on BIP 324), the connection isn't encrypted.
3. Theoretically anyone could run exit node, including government and analysis company.

[nc50lc]

Why are outgoing connections through Tor less secure?

Hmm, they use "slightly" there.
Maybe it has something to do with "Sybil Attack" where the Tor exit node might able to isolate your node to the rest of the network by connecting you to his 'bad Bitcoin nodes'.
But since it's extremely hard to pull-off since all of your peers has to be the attacker's nodes, it's a "slightly less security" issue.
Your node will still connect/listen to Bitcoin nodes on Tor with the setting ticked.

But for more accurate answers, it's best to ask the ones who wrote the note themselves.
You may ask the actual Umbrel developers with their contact info here: https://github.com/orgs/getumbrel/people

[BlackHatCoiner]

I believe it wanted to mean "privacy" there. Theoretically, it's easier to break Tor->clearnet than Tor->hidden service. It'd be better to configure your node connect only with hidden services:

Code:

onlynet=onion

2. Unless you and other node use encryption (this is recent addition based on BIP 324), the connection isn't encrypted.

From the other person's Bitcoin node to your exit node? Yes, but from your node to the exit node the connection is encrypted.

[LoyceV]

3. Theoretically anyone could run exit node, including government and analysis company.

Just like anyone could run a full node, so if you don't run over Tor it's even easier for them to "spy" on you.

[ABCbits]

Why are outgoing connections through Tor less secure?

Hmm, they use "slightly" there.
Maybe it has something to do with "Sybil Attack" where the Tor exit node might able to isolate your node to the rest of the network by connecting you to his 'bad Bitcoin nodes'.
But since it's extremely hard to pull-off since all of your peers has to be the attacker's nodes, it's a "slightly less security" issue.
Your node will still connect/listen to Bitcoin nodes on Tor with the setting ticked.

On top of that, Bitcoin Core already fix many of known sybil/eclipse attack vector as stated on http://web.archive.org/web/20220412122303/http://cs-people.bu.edu/heilman/eclipse/.

2. Unless you and other node use encryption (this is recent addition based on BIP 324), the connection isn't encrypted.

From the other person's Bitcoin node to your exit node? Yes, but from your node to the exit node the connection is encrypted.

That's right, which is more reason to use newer Bitcoin Core which use encryption when connecting to other new nodes.