Are outgoing connections to clearnet peers via Tor really less secure?

5 replies 290 views
GigaFoxMember
Posts: 6 · Reputation: 148
#1Jun 21, 2022, 01:45 PM
Hey everyone, I’ve got a Ƀ full node running on Umbrel and I’m kinda puzzled by this one setting: Make All Outgoing Connections to Clearnet Peers Over Tor (proxy) Connect to clearnet peers through Tor for anonymity, but it says it might be a bit less secure. So, why exactly are outgoing connections through Tor considered less secure?
4 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#2Jun 21, 2022, 02:42 PM
It's probably due to one of those reasons, 1. You need to trust the exit node. 2. Unless you and other node use encryption (this is recent addition based on BIP 324), the connection isn't encrypted. 3. Theoretically anyone could run exit node, including government and analysis company.
4 Reply Quote Share
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#3Jun 21, 2022, 06:09 PM
Hmm, they use "slightly" there. Maybe it has something to do with "Sybil Attack" where the Tor exit node might able to isolate your node to the rest of the network by connecting you to his 'bad Bitcoin nodes'. But since it's extremely hard to pull-off since all of your peers has to be the attacker's nodes, it's a "slightly less security" issue. Your node will still connect/listen to Bitcoin nodes on Tor with the setting ticked. But for more accurate answers, it's best to ask the ones who wrote the note themselves. You may ask the actual Umbrel developers with their contact info here: https://github.com/orgs/getumbrel/people
4 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#4Jun 21, 2022, 08:50 PM
I believe it wanted to mean "privacy" there. Theoretically, it's easier to break Tor->clearnet than Tor->hidden service. It'd be better to configure your node connect only with hidden services: From the other person's Bitcoin node to your exit node? Yes, but from your node to the exit node the connection is encrypted.
0 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#5Jun 21, 2022, 10:43 PM
Just like anyone could run a full node, so if you don't run over Tor it's even easier for them to "spy" on you.
0 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#6Jun 21, 2022, 11:14 PM
On top of that, Bitcoin Core already fix many of known sybil/eclipse attack vector as stated on http://web.archive.org/web/20220412122303/http://cs-people.bu.edu/heilman/eclipse/. That's right, which is more reason to use newer Bitcoin Core which use encryption when connecting to other new nodes.
2 Reply Quote Share

Related topics