1.6 Privacy
We configure Tor and I2P to run your node anonymously.
Running your own Bitcoin and Lightning node at home makes you a direct, sovereign peer on the Bitcoin network. However, if not configured without privacy in mind, it also tells the world that there is someone with Bitcoin at that address.
We'll also make it easy to connect to your node from outside your home network as an added benefit.
True, it's only your IP address that is revealed, but using services like iplocation.net, your physical address can be determined quite accurately. Especially with Lightning, your IP address would be widely used. We need to make sure that you keep your privacy.
Tor Project
We use Tor, a free software built by the Tor Project. It allows you to anonymize internet traffic by routing it through a network of nodes, hiding your location and usage profile.
It is called "Tor" for "The Onion Router": information is routed through many hops and encrypted multiple times. Each node decrypts only the layer of information addressed to it, learning only the previous and the next hop of the whole route. The data package is peeled like an onion until it reaches the final destination.
Tor installation
With user
admin
, update and upgrade the packages to keep up to date with the OS
Install dependency
Create a new file called
tor.list
Add the following entries. Save and exit
Up to
"root"
user temporarily
Add the GPG key used to sign the packages by running the following command at your command prompt
Return to
admin
usingexit
command
Update the apt repository, and install Tor and Tor Debian keyring. Press "y" and "enter"
Check Tor has been correctly installed
Example of expected output:
Please note that the before version number might change in your case, this is just an example of when the guide was made.
Tor configuration
Bitcoin Core will communicate directly with the Tor daemon to route all traffic through the Tor network. We need to enable Tor to accept instructions through its control port, with the proper authentication.
Edit the Tor configuration
Uncomment line 56 to enable the control port by deleting
#
at the beginning of the line. Save and exit
Reload the Tor configuration to activate the modifications
Ensure that the Tor service is working and listening at the default ports
9050
and9051
on the localhost (127.0.0.1)
(Optional) Check the systemd journal to see Tor in real time updates output logs. Ctrl + C to exit
Not all network traffic is routed over the Tor network, by default some services don't include a proxy socks5 configuration to use. Anyway, we now have the base to configure sensitive applications to use it
(Optional) -> If you want, you can disable the autoboot option for Tor using:
Expected output:
I2P Project
I2P is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses. I2P allows people from all around the world to communicate and share information without restrictions.
I2P client is software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers).
We are to use i2pd (I2P Daemon), a full-featured C++ implementation of the I2P client, as a Tor network complement.
I2P installation
Ensure that you are logged in with the user
admin
and add the i2pd repository
Expected output:
Update the apt repository and install i2pd as any other software package. Press "y" and "enter"
Check that i2pd has been correctly installed
Example of expected output:
Ensure that the i2pd service is working and listening at the default ports
See “i2p” in action by monitoring its log file. Exit with Ctrl-C
(Optional) -> If you want, you can disable the autoboot option for I2P using:
Expected output:
Extras (optional)
SSH remote access through Tor
If you want to log into your MiniBolt with SSH when you're away, you can easily do so by adding a Tor hidden service. This makes "calling home" very easy, without the need to configure anything on your internet router.
SSH server
Ensure that you are logged in with the user
admin
, edit thetorrc
file
Add the following lines in the "location hidden services" section, below "
## This section is just for location-hidden services ##
" in the torrc file. Save and exit
Reload the Tor configuration to apply the configuration
Get the SSH Onion address
Example of expected output:
Save the Tor address in a secure location, e.g. your password manager
SSH client
You also need to have Tor installed on your regular computer where you start the SSH connection. Usage of SSH over Tor differs by client and operating system.
Windows:
To enable Tor in the background follow the same instructions for the preparations section of the Desktop Wallet guide.
PuTTy:
Follow the same instructions of the remote access section for Putty, but this time type the
.onion
address on the hostname.Go to the "Connection" tab -> Proxy, select "Socks5" as proxy type, on Proxy hostname, type "localhost", port "9050".
Press the button OPEN, when a "PuTTy security alert" banner appears, and press on the "Accept" button, if the prompt asks you user/password, leave it empty and press ENTER directly, and finally type your
password [A]
.
MobaXterm:
Follow the same instructions of the remote access section for MobaXterm, but this time type the
.onion
address on the hostname.Go to the "Network settings" tab, select Proxy type "Socks5" on the host, type "localhost", for login, left empty, port "9050".
Press the button OK, when a "Connexion to..." banner appears press the "Accept" button, if the prompt asks you user/password, leave it empty and press ENTER directly, and finally type your
password [A]
.
📝 If you are using PuTTy and fail to connect to your PC by setting port 9050 in the PuTTy proxy settings, try setting port 9150 instead. When Tor runs as an installed application instead of a background process it uses port 9150.
Linux:
Use
torify
ortorsocks
, both work similarly; just use whatever you have available
When the prompt asks you "Are you sure you want to continue connecting?" type "yes" and press ENTER
macOS: Using
torify
ortorsocks
may not work due to Apple's System Integrity Protection (SIP) which will deny access to/usr/bin/ssh
.
To work around this, first, make sure Tor is installed and running on your Mac:
You can SSH to your PC "out of the box" with the following proxy command:
For a more permanent solution, add these six lines below to your local SSH config file. Choose any HOSTNICKNAME you want, save, and exit
Restart Tor
You should now be able to SSH to your PC with
Use the Tor proxy from another device
It's possible to use the Tor proxy of the node from another device in the same local network (e.g your regular computer)
With
admin
user, edit the Tor file
Replace the existing line 18 to this
Reload the Tor configuration to apply changes
Configure the firewall to allow incoming Tor connections from anywhere
Ensure that the Tor service is working and listening at the default ports
9050
on the0.0.0.0
Expected output:
You can use this connection from another device in the same local network for example to navigate using a standard browser, without using the Tor browser
Example from Firefox:
Go to Settings > General > Network Settings > Push to the "Settings" button
Edit the screen to match with this, replacing SOCKS Host, with your node local IP address:
Click on the OK button, and try to navigate to some clearnet domain like https://minibolt.info, if it resolves, you are OK.
You can also go to this website and see "Congratulations. This browser is configured to use Tor."
Also, you can use the Tor proxy connection to reach clearnet or third-party address connection on Sparrow wallet. Check out the Desktop wallet: Sparrow wallet guide to get instructions.
Upgrade Tor and I2P
The latest release can be found on the official Tor web page or the unofficial GitHub page and for I2P on the PPA page. To upgrade type this command:
Uninstall
Uninstall Tor
With user
admin
, enter the next command, and "y
" when the prompt asks you if you want to continue
Expected output:
Uninstall I2P
With user
admin
, enter the next command, and "y
" when the prompt asks you if you want to continue
Expected output:
Troubleshooting
Tor troubleshooting
Tor network issues
If you have problems with the Tor connection (LN channels offline, excessive delay to the hidden services access, etc...), it is possible that the set of entry guards is overloaded, delete the file called "state" in your Tor directory, and you will be forcing Tor to select an entirely new set of entry guards next time it starts.
Stop Tor
Delete the file called "
state
" in your Tor directory
Start Tor again
-> If your new set of entry guards still produces the stream error, try connecting to the internet using a cable if you're using Wireless. If that doesn't help, I'd suggest downloading Wireshark and seeing if you're getting drowned in TCP transmission errors for non-Tor traffic. If yes, your ISP is who you need to talk to
-> If not, try using obfs bridges and see if that helps. Your ISP, the company's network, your country, etc, could be censoring completely your Tor access, use of obfs bridges could help to avoid this censorship
Example of Tor censorship output:
Tor signature verification error
If you obtain this error after updating the repositories using the apt package manager:
This means Tor has renovated the signature due probably that is soon to expiry or expired, follow the next steps to fix that ⬇️
With user
admin
, up to"root"
user temporarily
Add the GPG key used to sign the packages by running the following command at your command prompt
Return to
admin
usingexit
command
Try to do sudo apt update
again and see the error doesn't appear
I2P troubleshooting
If you see these output logs on Bitcoin Core, normally, it could be that I2P is failing:
If this happens, usually this fix only with restarting the i2pd service
With user
admin
, restart the service
Check again the Bitcoin Core logs to ensure that the errors don't appear anymore
Port reference
Last updated