Hey everyone,
I’ve got a Ƀ full node running on Umbrel and I’m kinda puzzled by this one setting:
Make All Outgoing Connections to Clearnet Peers Over Tor
(proxy)
Connect to clearnet peers through Tor for anonymity, but it says it might be a bit less secure.
So, why exactly are outgoing connections through Tor considered less secure?
Are outgoing connections to clearnet peers via Tor really less secure?
5 replies 290 views
It's probably due to one of those reasons,
1. You need to trust the exit node.
2. Unless you and other node use encryption (this is recent addition based on BIP 324), the connection isn't encrypted.
3. Theoretically anyone could run exit node, including government and analysis company.
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#3Jun 21, 2022, 06:09 PM
Hmm, they use "slightly" there.
Maybe it has something to do with "Sybil Attack" where the Tor exit node might able to isolate your node to the rest of the network by connecting you to his 'bad Bitcoin nodes'.
But since it's extremely hard to pull-off since all of your peers has to be the attacker's nodes, it's a "slightly less security" issue.
Your node will still connect/listen to Bitcoin nodes on Tor with the setting ticked.
But for more accurate answers, it's best to ask the ones who wrote the note themselves.
You may ask the actual Umbrel developers with their contact info here: https://github.com/orgs/getumbrel/people
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#4Jun 21, 2022, 08:50 PM
I believe it wanted to mean "privacy" there. Theoretically, it's easier to break Tor->clearnet than Tor->hidden service. It'd be better to configure your node connect only with hidden services:
From the other person's Bitcoin node to your exit node? Yes, but from your node to the exit node the connection is encrypted.
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#5Jun 21, 2022, 10:43 PM
Just like anyone could run a full node, so if you don't run over Tor it's even easier for them to "spy" on you.
On top of that, Bitcoin Core already fix many of known sybil/eclipse attack vector as stated on http://web.archive.org/web/20220412122303/http://cs-people.bu.edu/heilman/eclipse/.
That's right, which is more reason to use newer Bitcoin Core which use encryption when connecting to other new nodes.
Related topics
- Protecting a Bitcoin node from TOR / Eclipse attacks 13
- Are Light Wallets Really Private? 19
- Got a warning about Tor 7
- Best way to transfer coins privately using an old Bitcoin Core wallet on a secure laptop? 19
- Where to trade BTC and XMR for cash in person in the USA? 14
- Bitcoin and Monero Privacy in a Dystopian World 19