Topic: The practical aspects of running a Bitcoin node over public WiFi. (Read 406 times)

A pleasant discussion over here, you give me such a good read folks.

The only thing you're talking about that I personally knew was VPN and mitm
I use someones VPN before to have a free internet connection over my ISP, and the next thing I know was the password of my dummy gmail had been changed.

Mitm
This one is very familiar to me as I've searched something similar before, and God forgive those who installed a coinhive script at public wifi in my country.
This is very serious stuff only a technical literate person could have only installed that in my country, this is a new news in my country, might as well tried it once to have an experience I perhaps will be interested for the long run.

I've installed a core node on an HP netbook under Ubuntu. Tethering is not really an option, the daily cost of synchronising the Blockchain makes it uneconomic.

I decided the Tinkerboard was a better option than the Pi for a comms centre in the van. I'd use that too retrieve videos to play on a TV as well as website maintenance and service of a 3rd Bitcoin node. It all needs to be 12 volt of course.

I've downloaded Wireshark, and I've got an eBook on it, and I hope that this will let me understand the problems of WiFi communications.

- Linux or FreeBSD no questions
- LUKS / GELI encrypted partition
- For Internet connection still better use tethering or CradlePoint
- Dont use RPi as your "center", I used hundreds of them for different projects and reliability and performance is a disaster. Only for narrow-tasked embedded applications. Build cheap, but real PC with Linux. Hell, even Atom-based tiny box will offer 100x time more flexibility then Pi with just a little higher power requirements. If you still set at Pi, consider TinkerBoard or BeagleBone as alternative.

I spend a lot of time in a larg(ish) van, and I'm converting it into a camper. There are a variety of reasons for this, such as travelling around the country ( I'm retired ) staying in nature parks. going to various locations for metal detecting, and photography, and sometimes just to ignore the world. I keep changing my ideas as I learn more about a whole variety of things - the poisons being added to food for example.

I'm probably going to install a Raspberry pi in the van as a communications centre, but that will be in the spring, and it may be a Tinkerbox rather than a raspberry pi. I can use the HDMI to connect to a 12 volt TV, and pick up WiFi at long range with a marine booster. I want to have a look at lightening, but first I thought I would claim my Bitcoin Cash and Bitcoin Gold.

I'm getting a lot of hits to my free images site - JazzPics.com, and I want to expand that, and I may add a Bitcoin donations link.

You might like to look at the thread I started in serious discussion. It covers my current project of starting a second node on a Linux machine, and using that to pick up my alt coins. I wouldn't use the external hard drive though, as it seems to be a bit slow. I used an SSD in the last one I started, and that seemed to be a lot faster. I haven't tried an SD card.

I've found this thread because Raspberry Pi was mentioned in (and I'm about to build a Raspberry Pi node, and I'm searching for information)
I read thru the thread and I think I understand your problem.
If I'm right, you receive smaller payments for domain names in bitcoin, and you want to protect yourself from being scammed and lose the domain and the bitcoin payment too. You have to use free wifi sometimes, this makes the whole thing even more risky. Also you usually do this meeting the buyer personally somewhere.
As I'm about to install a small Lightning network node on the Raspberry Pi (and this is why I'm searching on the forum for information) the LN came into my mind as a possible solution for you. You don't need a Raspberry for this, just an LN wallet on a laptop.
I think you contact the buyer before the personal meeting via email, so you can tell the buyer to set up an LN wallet and send the funds to his LN wallet (like ZAP https://zap.jackmallers.com or similar, I've found ZAP as the first one in the google search). This is not risky for the buyer because he can use his own LN wallet, if something goes wrong then he can easily send it back to his original address. You can also have your LN wallet to collect these payments at personal meetings.
So when you meet, all the buyer has to do is sending the payment via LN. It confirms instantly so you don't need to wait for a few confirmations (20-30 minutes). This also shortens the time available for hackers put their equipment together to mislead you about the payment (and this can be the key in your case).
After you can check the LN transaction on your laptop LN wallet (over the public WIFI), and also that time you can check the LN transaction on your smartphone, on a LN blockchain explorer, and if the two devices show that the transaction was done without a problem, you can hand over the domain name to the buyer.
If the buyer comes with a loaded LN wallet, this whole thing won't last as lons as you can drink a coffee or cappuccino.
I know that this is under testing now and we need to wait for some time to get it working without bugs and hassle, but I would think about it if I were you. If you sell those domains for years now over public WIFI, I would consider not to invest in tinkering boxes (just if you really interested in), because in a few months time you can have a chance to do the payment via the LN. Maybe those few months would be needed for your to set up your new equipment with the VPN, HTTPS, SSH and so on, to test it hard to be reliable, but if you can use LN, this all will not be necessary. (this is only my opinion, but others will surely correct me if I'm wrong).
Also, later on, you can set up a small website where you can accept LN payments for your domains, you can do that also when you meet the buyer personally (access the website from the buyer's laptop or mobile and sendig the payment also from there). In that case, when the buyer needs to initiate the payment over the public WIFI, the security will be his problem, not yours. In order to check if the payment was really successfull, you will have an easier situation,  because of the really short confirmation of the LN transaction, hackers won't have the time to scam you.
Please let me know your thoughts, I was just wondering if LN can help you.

You've prompted me to add a link to blockchain on my mobile. I should have done that ages ago.

The main reason for my running a full node is to explore the variety of payment conditions that can be associated with a payment. One that interested me was a form of escrow where one could use a trusted party as a third signature for a 2 out of 3 release. Another is a time lock with possible reclaim to prove the availability of funds.

Unfortunately I haven't had the chance to research these, but hopefully I will be able to do so  in the near future.

You're going too deep.
If this is because you want to be able to make a cash purchase one day, why not simply make a hot light wallet with the funds intented for that purchase?
Or even simpler, just make a paper wallet, deposit funds and give it away.
If you're the one receiving the funds, you don't even need anything, just your addy and Wi-Fi to check blockchain.info

There area lot of local differences and restrictions, Some won't allow FTP, and some will with limitations.  The Bitcoin port 8333 is often blocked for inbound and outbound, but sometimes outbound connections are allowed. not all SSL certificates are supported, and there is often censorship by domain name.I hope to put together a review and report site.

I think running a VPN might be useful for education purposes. I've also started to read about IPFS, and this may be something we will have to use in the future.

Might be worth noting that in some of these examples you could face different environments with different firewalls/filters, I've seen some locations (hospitals/schools/etc) that had VPN as well as SSH blocked. Oddly enough, in some of those scenarios the only way I could access what I had to access at that time was RDP, which was not blocked . Maybe having multiple secure ways to access the node using commonly open ports (instead of standard SSH/VPN ports) could be a solution but a good filter/firewall is going to inspect traffic regardless of the port, and may not want the vpn/ssh traffic, for whatever reason. Some sort of HTTPS connection might be the most universal way if you are facing many different environments, albeit maybe not the most secure.

I've got a bit of a psychological block about entrusting my wallet to a third party. It's probably paranoia setting in in my old age. Core doesn't seem to give me any problems, and, if I learnt how to use it properly, I gather it gives me some great facilities.

I wondered about running the connection through a remote server, and that could get over the problem of some WiFi providers blocking port 8333. The suggestions by Theymos seem to be worth exploring, especially if I can set up a Raspberry Pi, or an Asus tinkerbord to run a VPN. This could also give me the chance to run something like Wireshark to monitor the traffic.

I think wallet software such as electrum is very far from anything resembling a bank. I would even argue that a light wallet might even be safer than a full node over public WiFi unless you are being specifically targeted because your attacker would need to impersonate a more specific service that all his victims may not use.

Another solution would be to run bitcore on a trusted computer/connection that is also running insight. You could then connect to your node via an HTTPS connection while having a user experience very close to a block explorer except having the trust of a full node.

Thanks for the reply, and for further clarification of the risks. I have an inherent dislike of using "banking" services related to Bitcoin, so I would like to stay with a core wallet if I can.

I like the idea of using a VPN, and I think I'll buy an Asus tinkerbox to see if I can filter the WiFi traffic. I've got an associated problem in that I manage a portfolio of over 600 .com domain names, and I do this over public WiFi. Hopefully a VPN would improve my security there as well. I haven't ever set up a VPN, so maybe I should blog the stages, and post that for Bitcoin Talk members.

This is going to be risky. It is generally trivial to impersonate a public WiFi hotspot, which would result in an attacker controlling your internet connection, and in turn controlling all of the connections of your node (for example, an attacker could pretend to be multiple different nodes connected to your node).

If you are receiving payments, an attacker could cause your node to think the most recent block is behind the actual most recent block, broadcast a high fee transaction that would be valid as of that block, however is invalid on the blockchain the rest of the network is using, causing you to believe said transaction will confirm in the next block, and tricking you into releasing valuable property to the attacker. If the trade is large enough, an attacker could also make it appear the fraudulent transaction has a confirmation when in fact said transaction is invalid. If you are using a public WiFi to connect to a VPN, this specific attack would not be possible, however you would need to trust the VPN to not perform a similar attack.

If you are using public WiFi to only spend your bitcoin, you will be much more safe. All an attacker would reasonably be able to do is prevent your transaction from broadcasting to the rest of the network, and know which transactions you are specifically broadcasting. This would be a nuisance at best, and an attacker would already know which transaction is yours if you are trading with him.

I would suggest using electrum if you are wanting to use a public WiFi connection to use bitcoin. Doing so would better hide the fact you are using Bitcoin, preventing "$5 wrench" attacks against you.

For those of you who are interested. Here are some graphs of the synchronisation of my node  ( Bitcoin Core version v0.15.1 (64-bit) ) at a McDonalds restaurant in the UK.

Channel analysis using Acrylic
http://roamerwifi.com/stats-images/wifi-at-mcdonalds.jpg

Network traffic during initial synchronisation
http://roamerwifi.com/stats-images/bitcoin-node-synchronisation.jpg

The peer list at the time
http://roamerwifi.com/stats-images/bitcoin-peer-list.jpg

OK - I did a bit ofreading, and I like the idea of using an Asus tinkerboard for the VPN, and some other useful things.
It looks as if that could be a useful project.

That takes me back a bit - I remember in my days of programming IBM 360 mainframes. Some guys would write programs to play music. You put a radio on top of the cpu, and ran the program. The interference on the radio created the music.

I'm really only using core to synchronise my blockchain, and to receive payments. So far I haven't spent a single Satoshi. I guess I'm the ultimate HODLer

I've got a great relationship with a hosting company. It sounds as if I should set up my own VPN. Time to do some reading I think - thanks for the reply and suggestions.

Some things that come to mind:

 - There's been some academic success in getting the encryption keys from a computer via sound analysis. Computers can make different sounds depending on the data they're operating upon.
 - AFAIK both public wifi (ie. wifi where the attacker has the wifi password) and mobile-data protocols are completely broken security-wise. Wifi via arp spoofing and such, and mobile-data due to various attacks against inherently insecure protocols. So you should probably assume that the attacker controls your Internet connection completely.
 - If an attacker controls your Internet connection completely, then they can do things like preventing legit blocks from reaching you, preventing you from seeing conflicting transactions, giving you only their blocks, etc. If you get a few confirmations, you'll know that someone put a lot of effort into mining them, but you won't be able to confirm that they're the longest chain, since the attacker may be blocking the longest chain.
 - I wouldn't rely 100% on HTTPS, but it's not exactly trivial to defeat. Properly-configured ssh or OpenVPN are even better.

I think I'd do something like keeping all Bitcoin keys off of the laptop, and instead use ssh to connect to my real Bitcoin node. And then if you're really paranoid, change your laptop's ssh key right afterward.

And/or you could use an OpenVPN VPN, either purchased (in which case you're trusting the VPN service not to MITM you) or by setting up your own OpenVPN server somewhere. Then evil wifi can only block you, not interfere or monitor. But you have to make sure that it's configured correctly, since most VPN setups will by default switch to your native connection whenever it can't connect to the VPN. There are iptables rules that will prevent this.

I considered posting this on the tech board, but the tech aspects are just one small part of the issue. One may need to use public WiFi for a number of reasons. One could be a business traveller. Internet may not be available in some rural locations. One could have a nomadic lifestyle, or be involved in a project in an undeveloped area. I've been running a full node over public WiFi for a couple of years now, and I haven't had any real problems. However, I feel that may be luck, and I haven't managed to arrange a cash purchase yet.

Considering cash purchases - I'm concerned that the confirmation time for a purchase of £x,xxx may make this a high risk venture. Waiting an hour in a cafe with a stranger could be a mixed blessing, and at what time do you give him the cash?

Assuming one has all the normal ant-virus and other protection, what extra precautions should I take?

Downloading a new blockchain is not practical, and I would suggest copying this from a known native copy of the true blockchain.

Many have suggested that it is better to tether a mobile to synchronise the blockchain. I feel that this may not be any more secure, and can run away with bandwidth quotas.

There is a risk of the theft of your computer. Obviously one should not leave core running on an unattended computer, and wallets etc should be backed up onto a removable medium. Also I keep a copy of the blockchain on an external SSD.

Using an online wallet provider is not an option for me. It seems to be the same as leaving your money in the bank.

What extra precautions would you take if you had to take your notebook away for a two week vacation?