pull down to refresh

Why bitcoiners are so "in love" using Tor for their BTC LN nodes?
4279 sats \ 10k boost \ 25 comments \ @DarthCoin 16 Apr bitcoin_beginners
If you do not want to read all the rest here is my TLDR answer: because most of them are just noobs (without good knowledge of networking), followers of influencers promoting Tor only nodes and believe that Tor is the magic wand that fix everything. IT IS NOT. Tor is a false illusion of "privacy" for BTC LN nodes and is useless.
Ok now let's get into this question. With this post I want to make more noobs to think about and take the right decisions.

Why most of bitcoiners run a Tor only BTC LN node ?

Because most of them are using bundle nodes boxes (Umbrel, Start9, Raspiblitz, MyNode etc) that mainly are by default Tor connected to the rest of the internet. Why they use Tor? Because is damn easier plug'n'play for a noob that doesn't know what is LAN, WAN, ports, IP, domain, FQDN, HTTP(S), packets, encryption etc you name it... Tor is making their life easier, without having to configure routers, ports, IPs etc. And the influencers are "selling" the idea that "run Tor nodes for your privacy" but not explaining what really is privacy.
Let's say it clearly: INTERNET IS A PUBLIC PLACE ! So if you do not want to expose your private activity, then DON'T DO IT ON INTERNET. Anything you do on internet became PUBLIC.
People nowadays cannot make the difference between PRIVATE and PUBLIC but they still demand privacy in a public place LOL. Is like walking naked on the street and you demand to people not to look at you because is private.

Is it Tor such an ultimate "privacy tool" ?

The fundamental question becomes: How can conscientious individuals maintain their privacy online? If absolute privacy—complete evasion of government data collection—is the goal, then the internet is simply not suitable. While it may be possible to protect information from hackers and corporations, completely avoiding surveillance by large governments is essentially impossible.
Source - Tor and the Illusion of Anonymity - by John Little
As I said before: if you do not want to reveal private parts of your activity, don't do it online! Or at least do it under a pseudonym, another false identity, hide into the crowd that cannot identify or link the REAL you.
Despite its benefits, Tor is not a foolproof solution for online privacy. Here are some reasons why:
  1. Exit Node Vulnerability The data leaving the Tor network through the exit node is decrypted. If the exit node is malicious or monitored, your traffic can be intercepted and analyzed. While your IP address remains hidden, sensitive information like login credentials or personal data could be exposed if the website you’re visiting doesn’t use HTTPS.
  2. End-to-End Tracking While Tor hides your IP address, it doesn’t encrypt the data you send to or receive from websites. If you log into a personal account or share identifiable information, your anonymity could be compromised.
  3. Browser Fingerprinting Tor Browser’s settings are designed to minimize browser fingerprinting, a technique used to identify users based on their browser and device configurations. However, if you modify Tor’s default settings or install additional plugins, you increase your risk of being identified.
  4. Correlation Attacks Advanced attackers, such as nation-states, can use timing correlation attacks to de-anonymize Tor users. By monitoring entry and exit nodes, they can potentially link your activities to your IP address.
  5. Malware and Phishing Tor doesn’t protect you from malware, phishing, or malicious websites. Clicking on harmful links or downloading infected files can still compromise your privacy and security.
  6. Adding more time to response Speed is crucial for BTC LN nodes. Maybe for a BTC only node (not LN) it is OK to sync every 10 min a block, is not a big deal. But for a PUBLIC ROUTING LN node it is crucial to have fastest response. And Tor network is adding huge delays ! That makes your LN node UNRELIABLE FOR ROUTING.
NOTE: we are talking about PUBLIC LN nodes here, not PRIVATE (those that are not doing public routing and are not 24/7 online).
So using a public routing node only behind Tor is totally useless and against the most important thing: routing. You are literally doing more harm than good to the entire Lightning Network because your node will be a bottleneck for all those trying to pass through your shity node a payment. If you are already a public node, is already known information, so is useless to think you are hiding behind a Tor onion address...
If you really want to not reveal your IP from where your LN ndoe is operating, use a VPN IP, with a Wireguard tunnel towards your LN node machine. That will add a faster route to your node and also full control of the traffic.
You rent a VPS, that is a simple virtual machine in a datacenter. You install your own software OS and Wireguard tunnel. So chances that somebody else is watching your traffic are almost null. On the other side, using Tor, ask yourself: are you really in full control of the exit nodes? Do you really know who is on the other side of the Tor network that will have to decrypt your traffic in order to forward it to the destination?
Another aspect I do not understand from many users: OK they run a Tor only n ode because they run a bundle node software that do not offer a clearnet connection and they are not technically capable to build their own infrastructure with independent software. The question is: why then use for example to connect over Tor with your own LN node? ARE YOU NOT TRUSTING YOURSELF? Why do you not use a Tailscale connection, that is a private VPN tunnel, over a private IP (not public IPs). I've explained in more details in this guide what is a Tailscale network.. It's damn easy to setup and use, even for not so knowledgeable users and offer enough security and privacy when is about to connect remotely to your Tor boxes. Or even https://holesail.io/
If you really want to run a public routing node, then start by learning a lot about networking, security, servers, VPS, VPN, traffic routing etc.
I wrote more guides about these aspects and I invite you all to read them and think more about when is time to run a LN node over Tor:
And here are some very good step-by-step guides about how to run a LN node behind a VPS tunnel, @Hakuna wrote these excellent guides:
There are even more guides out there about how to configure a wireguard tunnel. Read them all and adapt to your needs. But remember: Tor is not a reliable solution for your LN node !
write
preview
related posts
192 sats \ 2 replies \ @scuffed 16 Apr
Apparently the next release of Start9 is supposed to be more clearnet friendly. I doubt they'll do away with Tor entirely, but they're at least going to make it easier for non-noobs to access their apps through reverse proxy, port forward, etc.
reply
0 sats \ 1 reply \ @BlokchainB 16 Apr
I can’t wait for this
reply
128 sats \ 0 replies \ @konstantin21 22 Apr
its been a few years already so you may just have to o_0
reply
59 sats \ 0 replies \ @SwapMarket 16 Apr
Because Umbrel, Start9 etc have Tor-only mode by default, and because ISPs don't forward ports. Hybrid nodes are the best: they can connect to anyone and have a fallback.
reply
21 sats \ 4 replies \ @Dkryptoenth 16 Apr
On the contrary, some node operators opt out of running their BTC nodes exclusively over Tor for a handful of practical reasons:
  1. Higher Latency & Lower Throughput Tor routes every packet through at least three relays, adding round‑trip delays and reducing bandwidth. Lightning itself already uses onion‑routing for payments, so layering Tor on top triples the indirection overhead. In practice this means slower channel opens, slower payment forwarding, and longer reconnection times after outages .
  2. Reduced Reliability & Availability Tor circuits can drop unexpectedly, and hidden services sometimes go offline when their introduction points time out. A clearnet node will generally stay connected to peers far more consistently, avoiding intermittent disconnects that can force channels to go “offline” until you manually or automatically reconnect .
  3. Liquidity & Network‑Partitioning Concerns Pure‑Tor nodes form a sort of “closed subnet” within Lightning: they can only peer with other Tor‑enabled nodes. While Tor‑only nodes are numerous, most of the network’s liquidity lives in clearnet‑reachable nodes. That means Tor‑only operators often find it harder to route through or attract inbound channels, limiting their node’s earning potential .
  4. Operational Complexity Running a Tor hidden service for both Bitcoin Core and your LN daemon requires extra configuration (e.g. torrc, bitcoin.conf, lnd.conf tweaks), careful firewall rules, and ongoing maintenance when Tor upgrades or your onion address changes. Some operators prefer the simpler “open port 9735 + UPnP” approach of clearnet nodes.
  5. Attack Surface & DDoS While Tor can help hide your IP, it’s not immune to denial‑of‑service. Hidden services can be targeted by circuit‑tearing attacks, introduction‑point exhaustion, or malicious HSDir operators. Some exit‑node or directory‑authority compromises can also expose metadata, meaning Tor isn’t a silver bullet for privacy or security .
  6. Alternative Privacy Tools For those worried about IP linkage, VPNs or SSH tunnels can offer comparable obfuscation without Tor’s performance penalty. Others rely on VPS‑hosted nodes (where the IP isn’t their home address) and encrypt RPC channels back to a local wallet, sidestepping Tor entirely.
In summary, while Tor brings strong anonymity benefits, many BTC and Lightning operators find the trade‑offs in speed, reliability, and liquidity too steep—especially if they aim to be high‑volume routing nodes or simply want “set‑and‑forget” uptime.
reply
0 sats \ 3 replies \ @anon 16 Apr
Pure‑Tor nodes form a sort of “closed subnet” within Lightning: they can only peer with other Tor‑enabled nodes.
Nope. Pure-Tor nodes can connect to clearnet nodes. It's only pure-clearnet nodes that can't connect to Tor nodes.
reply
0 sats \ 2 replies \ @carter 16 Apr
would that mean that a tor node that is also on has a public ip could route more?
reply
59 sats \ 0 replies \ @DarthCoin OP 16 Apr
more reliability = more routing Is not that you are on a public IP or not. Using Tor will be perfectly fine if the Tor network will be faster. But it doesn't. Tor for LN is a bottleneck.
reply
0 sats \ 0 replies \ @Lazy_AMA 16 Apr
More research on that
reply
42 sats \ 4 replies \ @SpaceHodler 16 Apr
I don't use a bundle, but my own setup using Ubuntu and Bitcoin Core.
Initially I enabled clearnet connections, but when I looked at the map of nodes and saw my house on it I decided to go tor-only.
Yes, Tor can be deanonymized, but that takes resources and I'm more worried about wrench attacks than the government going after me for running a node. It's a Bitcoin node, not a dark web marketplace.
A VPN costs money, I don't want to add liabilities, would rather stack more sats.
Connecting to the node from Sparrow takes a bit longer when it's over Tor, but I do it infrequently enough that it doesn't matter.
reply
100 sats \ 0 replies \ @carter 16 Apr
this is what i thought the reasoning was
reply
0 sats \ 2 replies \ @DarthCoin OP 16 Apr
Then just run a PRIVATE node. Why do you need to go public if you do not want to be public? Is not necessary that everybody in LN should be a public node. Private nodes are perfectly fine.
reply
0 sats \ 1 reply \ @SpaceHodler 16 Apr
I only run Bitcoin Core. No LN node.
reply
0 sats \ 0 replies \ @DarthCoin OP 16 Apr
Then is OK.
reply
42 sats \ 2 replies \ @carter 16 Apr
i thought it was so you cant associate the ip with some wallet. like it was for tax reasons or people show up and take the physical node or perform hammer attack i live in texas and own my house its pretty easy to find where i live
reply
100 sats \ 1 reply \ @DarthCoin OP 16 Apr
Wrong approach. You do not run a BTC LN node to "evade taxes".... You run a node to FUCK THE GOV.
"evading" means you recognize them as lawful. That means you recognize and agree to be robbed. That means you agree to be a slave. Rebutting them at all is totally another thing.
And now you will come with the old phrase "but if I do not pay taxes I go to jail...". You go to jail because you weren't capable to rebut their authority over you the living man, and you acted like a shitizen, aka you are bonded to a contract and you violate that contract.
YOU CANNOT BE SOVEREIGN AND SHITIZEN! Is one or another.
reply
0 sats \ 0 replies \ @carter 16 Apr
but from the like privacy standpoint is there anything to worry about? I know chain analytics are a thing could you be watching what transactions were added to the mempool and associate ips with them? The same way people run tor nodes to get more visibility into the network I assume companies and governments are running nodes to watch the peers. Especially with a lightning node that is always on is it an added layer of safety. People at the bitcoin meetup i went to recently seemed to care about non-kyc vs kyc bitcoin. Does it matter?
reply
0 sats \ 0 replies \ @Emi 22 Apr freebie
Yes your right
0 sats \ 1 reply \ @Hakuna 17 Apr
+1 @DarthCoin for calling what it is.
And here are some very good step-by-step guides about how to run a LN node behind a VPS tunnel, @Hakuna wrote these excellent guides: https://github.com/TrezorHannes/Dual-LND-Wireguard-VPS https://github.com/TrezorHannes/Dual-LND-Hybrid-VPS
For what it's worth, those guides run not only on a $6/month VPS as I've outlined in the guides, but I heard (not verified) that it even runs on the freebie tier Oracle and MSFT Cloud offers. It doesn't consume any of the expensive infra stuff: CPU / storage / memory, it's mostly commodotized traffic.
But yes, you probably need to KYC, or at least give some credit card input. However, if you shy away from costs, $0 and you'll have public obfuscation of your IP, reliability and speed - the key pillars of the Lightning Node Runner. 🏃
reply
0 sats \ 0 replies \ @DarthCoin OP 18 Apr
yeah and you can also with that vps you can configure it to have your own vpn for the rest of your devices. you are in control of all traffic and no need to buy a separate vpn service.
and there are many vps providers where you can pay with sats and no kyc.
reply
0 sats \ 4 replies \ @siggy47 16 Apr
What is your opinion of the Umbrel hybrid mode?
reply
136 sats \ 2 replies \ @Hakuna 17 Apr
Umbrel hybrid setting is just exposing your home IP + Tor.
It's better than Tor only for the aforementioned reasons, but be aware it's allowing aproximate geolocation, and you better be on top or beef up your home network security.
reply
0 sats \ 1 reply \ @siggy47 17 Apr
Would running tailscale make a difference?
reply
46 sats \ 0 replies \ @DarthCoin OP 18 Apr
tailscale is only to connect remotely to your node (aka with zeus to manage it). tailscale is not used by the node to connect to the LN, is a private IP that is not accesiIble from internet. I've explained more here https://darth-coin.github.io/nodes/tailscale-vpn-your-node-en.html
reply
36 sats \ 0 replies \ @DarthCoin OP 16 Apr
Wrong question. Is not about being Tor, clearnet or hybrid, but about what kind of services you will run with it. Public or private nodes?
To answer your specific question. In the past I've run all kind of bundle nodes. Are ok for total noobs to learn. But not more than that. Once you learn, you must go up in level.
Also bundle nodes are not a good choice for a BTC LN node. if you run only BTC and a LN node + few too,ls for managing, maybe is OK, but when users start installing all kind of crap additional apps, the situation became complicated and they have n o idea in what they entered.
COMPARTMENTALIZE is the key word. Example: never run a BTC core and/or LN node with other non-bitcoin apps.
reply