Pages:
Author

Topic: Full Node VPN+Tor (Read 500 times)

brand new
Activity: 0
Merit: 0
October 02, 2024, 05:33:32 AM
#26
I ended up running it over Tor for extra privacy, but I’ve seen people run it on the clearnet without issues. Using a VPN adds another layer of security if you're worried about your IP being exposed, but it’s not always necessary depending on your setup. One thing I found handy was using a proxy server alongside Tor to manage the connection better. I used mobile proxies, and it gave me a little more control without slowing things down. It’s worth trying if you want that extra bit of anonymity.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
August 22, 2023, 12:55:53 PM
#25
I wanted to use the node privately via LAN.
VPN router
Tor

My fear is that my IP appears somewhere, I would like to remain as anonymous as possible.
If you just want to connect to your node / machine in your local network privately, do feel free to use Tor.
Light wallets typically utilize the "Electrum server" (popularized by the wallet with the same name) protocol to accomplish that. My full node guide actually shows how to configure the Electrum server software (in my case electrs) to run through Tor, such that you don't have to VPN into your local network or open any ports on your router.

why shouldn't you also use VPN as an additional option?
You can absolutely set up a VPN server on your router and use that to log into your local network and access software that runs only locally. In fact, that may be more secure than opening up your Electrum server to the whole of the onion network.
However, for most users this is too complicated and their networking hardware often does not have such features.

I want to do everything right, these are not silly questions for me, I'd rather ask than make any mistakes later Smiley
you are not forced to answer, you can just ignore my posts if it annoys you Smiley
I think you asked some very valid questions in this thread.



Do note that the guide I linked above, runs Bitcoin Core in clearnet mode. You will need to change only that though, everything else is already Tor-only.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 20, 2023, 10:49:31 AM
#24
But I think if you want to keep your privacy protected, you shouldn't let them know that you are protecting your privacy.
Ideally, you never reveal that you're safeguarding your privacy. Achieving this demands an astonishing amount of resources, involving the scrutiny of internet activities for the majority of the population within a surveillance state, just to create an appearance of privacy protection. If you fail to take such measures, you'll be forced to relinquish your privacy and accept constant surveillance.

Gotcha, we know you are not an ordinary user, we will keep an eye on you, in case something bad happens.
That's good, relatively to the example of being Tor-censored (and that's basically what the rest of the countries do). Okay, you want to be anonymous, you're put in a suspect list (if there's any such thing anyway). That is orders of magnitude different than prohibiting the access on Tor by default, because you're living under a "guilty until proven innocent" state; essentially, being guilty for not being monitored.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
August 20, 2023, 10:10:07 AM
#23
If you're afraid of being Tor-censored, you better leave the place altogether. I know that might sound nuts, but if you think about it, you're living under a very authoritarian regime. Censoring people who use Tor is the practice of "everyone guilty until proven innocent". I'd absolutely not want to live and make a family in such country.

You can also download Tor Browser by email message
You should use a private email server, before that becomes censored. Also, you could perhaps use the free wifi of cafeterias to get into torproject.org?
I am not saying that someone will arrest you for using Tor or you will ever experience any trouble by using Tor. But I think if you want to keep your privacy protected, you shouldn't let them know that you are protecting your privacy. Sounds confusing? The best way to keep a prisoner from escaping is to make sure he never knows he's in prison. In other words, if you publicly use Tor, they know you are either doing something wrong or are trying to protect your privacy. Gotcha, we know you are not an ordinary user, we will keep an eye on you, in case something bad happens.
These are my thoughts, that's why I think absolutely everyone should try to keep it secret from their ISP that they use Tor.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 17, 2023, 12:09:43 PM
#22
You have to keep in mind that your ISP may has a list of Tor Bridges and if you connect one of them, they'l ltag you. In order to hide your Tor usage, you have to use unknown and/or very secret bridge. This Bridge shouldn't be used only by you but it should be used by some other people too but it should be in a group secretly, not an easy task but possible. One can set up an obfs4 bridge on VPS and share it with some friends who won't make it publicly available on Reddit and social networks.
Btw there is a short normal (okayish) WIKI if anyone is interested: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
I'm not really sure what is the emphasis on being tagged. Traffic analysis is possible even if you wrap it within a VPN connection, and if your government is willing to tag a Tor connection, then you should assume that they don't care about the false positives as well. You should assume that you are being watched regardless.

Bridges should only be used to evade but not hide your connections. That is futile against governments with tons of resources to track you down. In that case, then running a private bridge wouldn't be the most cost effective idea.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 17, 2023, 07:34:31 AM
#21
If you're afraid of being Tor-censored, you better leave the place altogether. I know that might sound nuts, but if you think about it, you're living under a very authoritarian regime. Censoring people who use Tor is the practice of "everyone guilty until proven innocent". I'd absolutely not want to live and make a family in such country.

You can also download Tor Browser by email message
You should use a private email server, before that becomes censored. Also, you could perhaps use the free wifi of cafeterias to get into torproject.org?
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
August 17, 2023, 06:22:08 AM
#20
But if I use just Tor, then my ISP knows that I'm using Tor
Not necessarily, because you can use bridges. These are Tor relays that aren't publicly known, as with most Tor nodes, so they help you circumvent censorship. Although, completely hiding that information from your ISP is not really possible, because you have to install somehow Tor (by visiting the clearnet), and even if you do this anonymously, nobody can guarantee you bridges aren't honeypots.
You have to keep in mind that your ISP may has a list of Tor Bridges and if you connect one of them, they'l ltag you. In order to hide your Tor usage, you have to use unknown and/or very secret bridge. This Bridge shouldn't be used only by you but it should be used by some other people too but it should be in a group secretly, not an easy task but possible. One can set up an obfs4 bridge on VPS and share it with some friends who won't make it publicly available on Reddit and social networks.
Btw there is a short normal (okayish) WIKI if anyone is interested: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
legendary
Activity: 3430
Merit: 3080
August 17, 2023, 05:24:08 AM
#19
But if I use just Tor, then my ISP knows that I'm using Tor
Not necessarily, because you can use bridges. These are Tor relays that aren't publicly known

I find this (Tor bridge nodes) a little unconvincing

the only way to keep the IP of the bridge node private is to never tell anyone about it (and so noone will ever use it). it only serves to perpetuate a cat-and-mouse game, where those with malign reasons to discover the IP of bridge nodes are chasing the newest nodes in order to censor them

supposedly there are pluggable transports for Tor that shape the traffic/packets to resemble generic HTTPS website traffic (which is apparently planned for BIP324 connections in Bitcoin, but the details are not yet available). If the relay then runs out of an IP range belonging to a commercial CDN, then connection fingerprinting is no longer possible (i.e. if the Tor relay/exit is on a CDN range, an eavesdropper sees just HTTPS traffic, which **could** be from any of the regular websites that also operate using the same IP range)

but this is "research level" Tor, the standard Tor client won't behave like that without modifying the config
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
August 17, 2023, 12:54:35 AM
#18
But if I use just Tor, then my ISP knows that I'm using Tor
Not necessarily, because you can use bridges. These are Tor relays that aren't publicly known, as with most Tor nodes, so they help you circumvent censorship. Although, completely hiding that information from your ISP is not really possible, because you have to install somehow Tor (by visiting the clearnet), and even if you do this anonymously, nobody can guarantee you bridges aren't honeypots.

You can also download Tor Browser by email message:

Send an email to [email protected]. In the body of the mail, write the name of your operating system (such as Windows, macOS, or Linux). GetTor will respond with an email containing links from which you can download Tor Browser, the cryptographic signature (needed for verifying the download), the fingerprint of the key used to make the signature, and the package’s checksum. You may be offered a choice of "32-bit" or "64-bit" software: this depends on the model of the computer you are using; consult documentation about your computer to find out more.

But I guess if you're living in a place where email is heavily censored as well, the next best solution is to try to find a download link for it on IPFS.

Maybe, if some bloke is clever enough to store the download on a blockchain somewhere (probably they already have in one form or another).
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 15, 2023, 09:32:09 AM
#17
But if I use just Tor, then my ISP knows that I'm using Tor, which can be a much more problematic case, depends on where you live. If I use VPN + Tor, then the information of me using a Tor is forwarded from ISP to VPN, i.e. now VPN knows it instead of ISP.
I don't say that Tor alone is not safe, no, actually, You + Tor is the safest option but what I'm saying is that I'm afraid the fact that you use Tor, for the government, automatically means that you are doing something wrong and are already in their watchlist. That's why I would move towards VPN + Tor combo, definitely if everything is done correctly. But still it's a trust business.
Innocent until proven guilty. Are you doing something illegal? If you are, then there is no point hiding anything so long as you can protect your privacy properly using Tor. They cannot legally prosecute you without sufficient information, and if done correctly, landing on their watchlist does nothing to you.

On the contrary, there are many ways that you can land on their watchlist and using Tor is probably an insignificant part of it. If they want to monitor you, they would pounce at every chance that they can get. Using a VPN in this case provides you with a false sense of security.

If you are confident that you can ensure that your VPN isn't already a honeypot, and you can effectively prevent any leakage of information, then go ahead. It would still be possible to conduct traffic analysis to come to the conclusion that you're still running Tor.

At the end of the day, you can certainly do so with marginal improvement on your privacy. That is assuming you know how to prevent any VPN leakage and configure Tor to work properly before considering the even slower synchronization.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 15, 2023, 09:02:45 AM
#16
But if I use just Tor, then my ISP knows that I'm using Tor
Not necessarily, because you can use bridges. These are Tor relays that aren't publicly known, as with most Tor nodes, so they help you circumvent censorship. Although, completely hiding that information from your ISP is not really possible, because you have to install somehow Tor (by visiting the clearnet), and even if you do this anonymously, nobody can guarantee you bridges aren't honeypots.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
August 15, 2023, 08:12:06 AM
#15
What's wrong with VPN + Tor combination?
There are two scenarios. You either route everything from Tor, and send the final message to the VPN, or you use your VPN as first-end proxy, and send the message to Tor afterwards. In the former scenario, your VPN knows the final message, and can de-anonymize you to some extent, and in the latter, everything you're supposed to hide from your Internet provider is firstly sent to your VPN provider. So in both cases, you have less anonymity than just using Tor.
But if I use just Tor, then my ISP knows that I'm using Tor, which can be a much more problematic case, depends on where you live. If I use VPN + Tor, then the information of me using a Tor is forwarded from ISP to VPN, i.e. now VPN knows it instead of ISP.
I don't say that Tor alone is not safe, no, actually, You + Tor is the safest option but what I'm saying is that I'm afraid the fact that you use Tor, for the government, automatically means that you are doing something wrong and are already in their watchlist. That's why I would move towards VPN + Tor combo, definitely if everything is done correctly. But still it's a trust business.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 14, 2023, 02:07:49 PM
#14
What's wrong with VPN + Tor combination? Why do you think that it's better idea to run Tor alone? Overall, people rarely use Tor and the overall wide experience and widespread information is that Tor is used to access darkweb. I know not everyone uses it for that purpose but that's not what government thinks and expects from an average user, everyone thinks about darkwebs. So, if you use Tor, then your ISP knows that you are using Tor and you are probably in their list, you look suspicious for them. But VPN is used by a lot of people, some use it to unlock PlayStore apps, some use it for watching Netflix/AmzPrime/Hulu/Disney+, some use it for gaming and so on. I mean, the number of VPN users is very high, a lot of average person and especially kids use VPN, so, they definitely won't track everyone who uses VPN. That's why I think it's better to connect to VPN, configure it, then connect to Tor. When it comes to trust, I think I would trust some VPN providers over my internet service provider.
That's an excessive generalization. There is a reason why most people who are truly concerned about their privacy don't use VPNs. There are tons of ways for people to compromise their privacy when they're using VPN. It really doesn't matter what your government thinks about your habits, you have the rights to maintain and protect your own privacy and they shouldn't have any problems with that. So long as your Tor connection is secure enough such that nothing is leaked.

VPNs on the contrary, doesn't provide sufficient privacy. Your VPN client can leak information if not configured properly, the addition of an additional eavedropper in your connection, the possibility of the data being analyzed, so on and so forth. ISPs will absolutely track and collect your metadata no matter what you do, like what NSA has always been doing.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 14, 2023, 08:21:59 AM
#13
It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home.
Not necessarily. As I have said previously, if you want to accept incoming connections, then port forward is inevitable if you don't use Tor, which isn't always trivial to do from my experience.

What's wrong with VPN + Tor combination?
There are two scenarios. You either route everything from Tor, and send the final message to the VPN, or you use your VPN as first-end proxy, and send the message to Tor afterwards. In the former scenario, your VPN knows the final message, and can de-anonymize you to some extent, and in the latter, everything you're supposed to hide from your Internet provider is firstly sent to your VPN provider. So in both cases, you have less anonymity than just using Tor.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
August 14, 2023, 03:03:11 AM
#12
Do you think it would be better to run the full node over VPN + Tor?
You should never run VPN together with Tor for anything, including for Bitcoin node.
Running BTC node with Tor sergice is used a lot and it works perfectly fine for purpose of hiding your real IP address.

Or can you run the node over the clearnet without fear?
Running Tor, VPN or Bitcoin node can be interpreted as suspicious behavior in some countries, so don't ask other people if you should fear something.

PS
You are asking so many silly questions that I seriously doubt you will ever run full node, make multisig setup, etc...  Roll Eyes
What's wrong with VPN + Tor combination? Why do you think that it's better idea to run Tor alone? Overall, people rarely use Tor and the overall wide experience and widespread information is that Tor is used to access darkweb. I know not everyone uses it for that purpose but that's not what government thinks and expects from an average user, everyone thinks about darkwebs. So, if you use Tor, then your ISP knows that you are using Tor and you are probably in their list, you look suspicious for them. But VPN is used by a lot of people, some use it to unlock PlayStore apps, some use it for watching Netflix/AmzPrime/Hulu/Disney+, some use it for gaming and so on. I mean, the number of VPN users is very high, a lot of average person and especially kids use VPN, so, they definitely won't track everyone who uses VPN. That's why I think it's better to connect to VPN, configure it, then connect to Tor. When it comes to trust, I think I would trust some VPN providers over my internet service provider.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 13, 2023, 09:35:16 AM
#11
This is important.

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home. A rented VPS (no matter how privately it was acquired) might be more flexible on how important it is though it's not a big sacrifice to achieve privacy.

A VPN + Tor is just a good way to add an additional layer to the system as a whole, though I don't believe this will make a lot of difference in regards to your node. It may require further configuration to prevent connectivity issues.
Don't run VPS. People are really bad at keeping their VPS safe and secure and are bound to make mistakes that opens up the attack surface. Other than the possibilities of misconfiguration, it gets worse by the fact that only one entity is likely to route their traffic to it. Hypervisors also provide little to no privacy to that.

VPN and Tor is pretty doable, Nord has it built in where certain servers are optimized for Tor. It just provides a false sense of security however, and adds little to privacy if any. Try not to use both at the same time.
legendary
Activity: 1666
Merit: 1037
August 13, 2023, 02:26:48 AM
#10
Your Internet provider can figure out you do easily as messages aren't encrypted. In that case, you should just run via Tor.

This is important.

It's 'easier' and 'more convenient' to run without Tor, however it is best to do so especially if you are hosting from home. A rented VPS (no matter how privately it was acquired) might be more flexible on how important it is though it's not a big sacrifice to achieve privacy.

A VPN + Tor is just a good way to add an additional layer to the system as a whole, though I don't believe this will make a lot of difference in regards to your node. It may require further configuration to prevent connectivity issues.
legendary
Activity: 3430
Merit: 3080
August 10, 2023, 03:15:24 PM
#9
small heads up:

BIP324 is proceeding apace. looks like we could see it as early as bitcoin core version 27.0, if not 28.0 (so ~ next summer or later).

that means bitcoin nodes can encrypt the data sent over (but not authenticate) their network connections with one another, for anyone wanting the tl;dr. This is a step toward one day obviating the need for VPN or Tor with Bitcoin clients, but is not sufficient on its own. It still improves privacy whether using VPN/Tor or not.
legendary
Activity: 3430
Merit: 3080
April 01, 2023, 05:17:55 PM
#8
with amount of open PR/total line changes i don't expect it'll ready anytime soon.

[1] https://bip324.com/sections/code-review/

it looks to me as if there are 2 key pull requests that all the remaining ones depend on. although one of those is in the secp256k library, and it constitutes the hot new-ish cryptography that provides some of the cool properties that will make these encrypted connections so difficult to fingerprint. i'd expect anything like that might take many months to get merged (it's ~6 months old as of now).

however, I'm pretty confident it's viable, the secp256k devs probably aren't wasting any time on that kind of work if it's not a serious spec/upgrade
legendary
Activity: 3430
Merit: 3080
March 14, 2023, 09:48:46 AM
#7
Or can you run the node over the clearnet without fear?

once BIP324 is merged into the main version of Bitcoin, then clearnet usage will be much harder to detect (BIP324 encrypts node traffic, and does some clever stuff to prevent the handshake/establishment part of the protocol being identifiable as the bitcoin protocol)

you can run it now with the test nodes, but it's probably not such a great idea. the spec is still evolving, and there's only a handful of public nodes running it.


i would hope that other protocols might adopt similar obfuscation (maybe SSH?) as a security measure. it's apparently possible to even send the data in chunks of encrypted packets that resemble other protocols (namely, HTTPS). that would be really good for the resilience of the bitcoin network (which is one downside of using VPN or Tor: the bitcoin network is arguably slightly weakened by every node that connects through such proxies).

there's no timetable for BIP324 being merged that I'm aware of, but it's development has been in the works several (5?) years now.
Pages:
Jump to: