Silk Road forums

Discussion => Security => Topic started by: raynardine on January 29, 2013, 11:03 pm

Title: Bitcoin Node Over Tor
Post by: raynardine on January 29, 2013, 11:03 pm
It is entirely possible to run a Bitcoin node purely over Tor, now.

See this manual entry!

https://github.com/bitcoin/bitcoin/blob/master/doc/Tor.txt#L45

Is that convenient or what?
Title: Re: Bitcoin Node Over Tor
Post by: astor on January 30, 2013, 02:25 am
Yep, there are a bunch of bitcoin nodes running as hidden services that you can (try to) connect to.

https://en.bitcoin.it/wiki/Fallback_Nodes#Tor_nodes

I've found it to be difficult, though, with frequent dropped connections.
Title: Re: Bitcoin Node Over Tor
Post by: SelfSovereignty on January 30, 2013, 02:52 am
I don't understand.  What's the advantage to this, other than flooding the Tor network with even more packets...?  Just tunnel bitcoind through your Tor program and let it operate as usual: I'm not aware of anything an exit node can do that would harm you even when you're going through one to get to the next bitcoin node?

And by definition, you can't keep the traffic encrypted from everybody else or your transactions won't be propagated through the network...?

Bitcoin nodes only maintain 8 active connections.  I don't see how it's helpful to have other nodes trying to make incoming connections, when you can just make your 8 as outgoing and would start blocking the incoming ones regardless...?
Title: Re: Bitcoin Node Over Tor
Post by: astor on January 30, 2013, 06:07 am
I don't understand.  What's the advantage to this, other than flooding the Tor network with even more packets...?

The network is only carrying about 60% of its advertised capacity:

https://metrics.torproject.org/bandwidth.png

Encrypting the data seems to be the rate-limiting step.

That being said, the more users there are, the more diverse they are, and the more diverse the traffic, the safer and more anonymous everyone is. Bitcoin clients only download and upload about 100 MB a day (although that depends on how many connections they maintain), so this isn't like bittorrent traffic.

Just tunnel bitcoind through your Tor program and let it operate as usual: I'm not aware of anything an exit node can do that would harm you even when you're going through one to get to the next bitcoin node?

That's true, there's really no advantage to connecting to a hidden service as opposed to a regular bitcoin node over Tor, and the connections tend to be much spottier.

Bitcoin nodes only maintain 8 active connections.  I don't see how it's helpful to have other nodes trying to make incoming connections, when you can just make your 8 as outgoing and would start blocking the incoming ones regardless...?

You can specify however many connections you want in bitcoin.conf:

maxconnections=N

You can even specify the nodes you want to connect to (that's how connecting to onion addresses works, actually, you have to tell Tor to map private IP addresses to onion domains using the mapaddress feature and then tell bitcoin-qt to connect to those IP addresses).

Anyway, I don't think there's a distinction between incoming and outgoing connections.
Title: Re: Bitcoin Node Over Tor
Post by: astor on January 30, 2013, 06:14 am
BTW, if you run bitcoin-qt over Tor, I recommend decreasing maxconnections to 3 or 4. It takes a while to build all the connections because (apparently) a lot of bitcoin nodes don't accept them. I don't think bitcoin-qt can be configured to block specific IP addresses, but there may be firewalls or ISPs interfering with connections from exit nodes.

The other concern is that you may not want to run bitcoiin-qt as a hidden service since there are known attacks to deanonymize hidden services.
Title: Re: Bitcoin Node Over Tor
Post by: SelfSovereignty on January 30, 2013, 02:31 pm
I don't understand.  What's the advantage to this, other than flooding the Tor network with even more packets...?

The network is only carrying about 60% of its advertised capacity:

https://metrics.torproject.org/bandwidth.png

Encrypting the data seems to be the rate-limiting step.

That being said, the more users there are, the more diverse they are, and the more diverse the traffic, the safer and more anonymous everyone is. Bitcoin clients only download and upload about 100 MB a day (although that depends on how many connections they maintain), so this isn't like bittorrent traffic.

You're absolutely right; this slipped my mind last night.  Thanks.

Just tunnel bitcoind through your Tor program and let it operate as usual: I'm not aware of anything an exit node can do that would harm you even when you're going through one to get to the next bitcoin node?

That's true, there's really no advantage to connecting to a hidden service as opposed to a regular bitcoin node over Tor, and the connections tend to be much spottier.

Bitcoin nodes only maintain 8 active connections.  I don't see how it's helpful to have other nodes trying to make incoming connections, when you can just make your 8 as outgoing and would start blocking the incoming ones regardless...?

You can specify however many connections you want in bitcoin.conf:

maxconnections=N

You can even specify the nodes you want to connect to (that's how connecting to onion addresses works, actually, you have to tell Tor to map private IP addresses to onion domains using the mapaddress feature and then tell bitcoin-qt to connect to those IP addresses).

Anyway, I don't think there's a distinction between incoming and outgoing connections.

Try it and see what happens.  With the reference client (bitcoind, not sure about bitcoin-qt), it didn't work in 0.69, and that's the perspective I'm coming from.  They have some bizarre definition for that value that I honestly didn't bother looking into much.  Basically it doesn't mean what I assumed it meant, and when I saw that it's not a bug I just let it go.  But the client won't ever maintain more than 8 connections.  Given how unintuitive that is, personally I think it's a poor decision not to at least change the names of the options or something, but whatever.  Not my project.