The whole concept of centralized exit nodes is flawed. These days, you're only allowed to run one of you're working with law enforcement.
Anonymity networks aren't meant to bridge to clearweb. It defeats the purpose, funneling all your traffic through captured servers.
Use hidden services only. Use VPN or anonymous proxy for clearweb browsing.
Do Bitcoin and LN nodes running over tor both use tor hidden services only? I'm not sure about the specifics on the comms protocol layer, I just figured they used exit nodes.
reply
In Tor, urls ending in .onion are hidden services, no exit nodes are used when sending/receiving packets with .onions
LN nodes can advertise a .onion Tor V3 address for peers to connect.
reply
Follow-up question: which types of TOR nodes are involved in the end-to-end .onion traffic between, say, Tor browser and a server hosting the .onion service?
reply
The browser runs a local proxy. The proxy sends a request through 3 hops (relays) before reaching the server running a .onion hidden service. The server's response goes backwards through those same 3 relays back to your browser.
Look into I2P, it's currently the #2 anonymity network and growing fast thanks to Tor reliability issues. In I2P, you must operate a relay/router in order to access the network. So it's more robust against DDoS since thousands of users aren't sharing a single relay.
You configure any browser to use your I2P router as a proxy (I2P daemon hosted on a separate computer ideally, or could run locally).
Requests are routed through 3 other routers before reaching the server hosting the .I2P site (eepSite). Then the server's response is sent back using 3 DIFFERENT routers. So, theoretically it's twice as secure as Tor since double the routing nodes would need to be compromised to de-anonymize a session. In practice, I2P probably isn't as anonymous because it has far fewer users and thus a smaller anonymity set. But this is starting to change. I2P also doesn't even support exit nodes, everything is a hidden service by default. There are ways to browse clearweb over I2P but it's more complex to set up yourself.
reply
Thanks!
reply