This is a doubt that has been tearing me apart for some time.
I'll try to explain the background.
long, long time ago, I can still remember ..... of having helped a friend to prepare a full node on a micro computer installed in his home.
Some time later, on my advice, he preferred to mask the full-node traffic, so we prepared a Raspberry-PI (I think it was a 3B) with a midle-relay tor.
All under a dedicated VLAN. All reachable from the outside with an ipsec VPN on his router.
Now, for reasons that I am not here to explain, he has to make everything disappear from his house. We discussed it a bit and this is what came out.
My proposalMy proposal
Let's prepare a new micro computer, perhaps with an N150 as a base and transfer both the tor node and the full-node to it. I still don't know whether to put everything on the rail, or separate the two instances with two different containers. This new computer would be installed at the home of the mother who currently has no internet.
On an economic level, therefore, there would be to buy:
_ Computer
_ Additional Memory
_ Router
_ New internet access (I think a wifi solution)
His proposalHis proposal
He decided to rent a VPS and put his full-node there. At this point, I think, he would also like to avoid the middle-relay tor (I'm not sure it's a good choice).
My thoughtsMy thoughts
Thinking of putting my funds on a VPS that I don't have physical control over scares me to death. It is true that the funds are his, but I would not want him to have problems with all this.
Do you have any experience in this regard? Would you trust putting your knot on a VPS? (I already know some of the answers you will give me, but based on those I will explain what does not convince me) On the skin, considering that the costs would be quite similar after about 3 years, what would you do in his situation?
I thank in advance anyone who wants to speak in this debate
First, remove Tor out of the equation, it's completely retarded. If you want to mask traffic, or expose an external service to the internet, you can do that over SSH tunnel or Wireguard via a cheapo VPS that does not hold the Bitcoin keys. A cheap few dollar a year one off LowEndBox or similar.
You're right that VPS providers, by having physical access to the hardware, technically have access to the Bitcoin keys if they dig. It doesn't matter if you encrypt it a-la Voltage or Greenlight state management blah blah, as long as they are used in memory for any purpose, then they are ultimately accessible.
It's still reasonable to use a VPS for many situations though, its like any other type of hot-wallet risk, and much safer than your average mobile phone wallet or exchanges prone to social engineering.
A large provider with 10's or more millions of dollars in reputation at stake has more valuable stuff than your buddies Bitcoin, and likely good accountability processes for their employees as a result.
There's also the obscurity factor... someone competent would have to know that your particular VPS has enough coin to be worth going through the hassle of smuggling it out without being caught, so don't name the VPS "Bitcoin node with 1000 BTC on it" or other stupid thing. You can also use multiple VPS's from disparate providers in a multi-sig setup or to obfuscate the configuration.
There's more basic question to be answered that would inform the ideal setup, like WTF does he have an online node and not a cold one if paranoid? What is the threat assessment on the traffic that warrants any of this? Is there an internet facing service?
Architecting a solution is fairly simple if you know what you're trying to achieve exactly, consulting is 90% interrogation.
Thank you for the precise answer.
Let's start with the Tor knot.
If you have a full-node, your Internet Provider, you will see that every 10 minutes you will have a peak out towards Tor.
This clearly identifies possession of a full-node.
Therefore having a tower node in the equation, it serves precisely to mask these peaks on a regular basis.
A VPN on a remote VPS, it would be important if I wanted to mask my Internet Provider the fact that I am using Tor, but this is currently not our purpose.
I fully agree, in fact the alternatives were just a new computer at the mother's house, or a VPS. We have never talked about using custodial services.
Here too you are right, but we focus on a VSP that can be rented anonymously and paid for in Sats.
This would be very nice, but it would move the cost needle a lot towards VPS and a small N150 with router and company becomes much cheaper.
These questions are not easy to answer, also because the paranoid in this case is me and not my friend.
Here I don't understand if you are referring to the Tor node or something else.
Here I don't understand if you are referring to the Tor node or something else.
If I am aware, my work also often brands on the design and to get to a proposal, I often have to question my customers.
I thought I had given enough information about my doubt, but now I realize that I have not been quite exhaustive.
Tor does nothing in this context but draw extra attention from your ISP and the intel agencies that use Tor as a honeypot.
The ISP's ability to observe Bitcoin gossip traffic doesn't imply anything about the location of keys or anything else, most nodes are read only. Again, if it was the real concern or there's a need for ingress (Lightning example) its only a few dollar a year problem via a LowEndBox VPS and SSH.
There's absolutely 0 reason to use Tor under any circumstance. Shillfluencers are larp morons that do people a great disservice by recommending it.
This is what really doesn't make sense in the context of all this, why a full online node instead of cold storage? What's the point of the N150 at all vs a HWW?
(That's not to say I like HWW's either, just trying to understand the objective for the N150)
These would be ideal for an SSH tunnel, if necessary. I agree with not storing a single sig key on them for any material amount.
Is he running an online store, swap service, Lightning, or other such thing that requires the node to be online and connected to the internet? If not, then this is all pointless. Even if so, those roles should be separated between hot and cold wallets such that the valuable node is not online.
Maybe he's regularly spending from a good stash so the cold wallet is defacto warm? That would be one reason to have an N150 online, but that's even more reason to use the SSH tunnel instead of Tor, to auth and firewall off everything except the jump host and 1-3 gossip peers.
Thanks for your reply,
I've read yesterday but from phone.
Also now I'm away from my computer and I hate write from phone.
I'll replay tobyiu later cause I've some question about your reply.
Actually, I have had a TOR node at home and one in the office for years. They are middle-relays, not exit-nodes. I have many friends in the East and I believe that helping those who have difficulty accessing information is a social duty. That's why I had several people activate tor nodes.
As for an ISP knowing that I have a known BTC connected, it's not because of the keys, it's just because I don't want my IP to be associated with a BTC node that is full or empty. This is why I disguise myself (and make those I know mask) with the TOR traffic of a node.
The same goes for the TOR node. To help the BTC community, it is right to have as many decentralized nodes as possible, so the correct question is: why not have a BTC node?
I am very happy that at least on this we agree
Now I understand. As I explained to you, no, it does not have a BTCpayserver or even an LN node, simply a BTC node with its funds. You're right that he shouldn't keep the funds there and an HWW would be better, but his head tells him otherwise and I can try to convince him, but in the end I comply with his will.
As I said, no, the funds are very rarely touched. The idea of a simple SSH tunnel on a cheap VPS is a good idea that I hadn't thought of. Today I talked to him about it, but he didn't like the idea right away. We will talk about it in more depth in the next few days, for now I am thinking about how to make it, maybe I will make a test and or I play with this one a bit and then in case I give it to him.
Thank you for your answers, you have given me several points to reflect on.
You're not helping people by supporting Tor though, Tor is a liability.
The optics are worse for Tor users are considerably worse than BTC users.
Residential nodes don't help the network, they're a net drain on gossip data. For a node to help the network it would be configured specifically as a seed or a miner.
The only reason to run a residential node is validating Bitcoin you receive or otherwise powering an application that uses the chain and gossip data.
I personally like nodes that are treated like SCADA systems vs. HWW's, so good on him that he wants to do that, I was just trying to understand... That said, all the more reason to use SSH instead of Tor though. Tor should be nowhere near a system like that.
You're welcome, I try to use my sperg powers for good 🫡
Not sure, more TOR node are available, more Tor is functional and scalable.
I know, in fact I often discuss this with policeman friends. And that's why, at my friend's, the TOR node runs on a RaspberryPI and the BTC node on a Mini PC
I do not agree with this. If everyone had a BTC node, decentralization would be total and censorship absolutely impossible.
The initial idea was to start an LN node at a later time, but for a thousand reasons we gave up.
I wouldn't know how to insert the node into a SCADA system. I will try to document myself. The SSH tunnel is intriguing me, I'm already doing and testing with my own server, but already having an ipsec VPN creates routing conflicts for me. Tomorrow I'll stick to the neighbor's wifi to do high tests.
I thank you for this, I have always been very open to comparisons. The exchange of conflicting ideas is always constructive for everyone.
As it should.
electrsto have your own private electrum endpoint for your hot wallet to have a proper "economic node".Whatever you do... don't put keys on VPSs. @justin_shocknet said it clinically precise:
This is my very late answer.
As I told you, my friend has a private knot that he has to make disappear from the house. He has his wallet on his note, so I proposed to him to move it to his mother's house.
An empty node, without a wallet, can also be kept at home, it only has to transfer the funds, so we thought of moving the node to the mother's house.
These are funds that he hardly touches, so they are almost never used.
A cold wallet? I've to told with him about this solution.
On mobile phone he had few sats in a custodial wallet cause we don't have a LN node.
I agree not to put his own keys on VPS.
Alright, so if this is something for right now, only have an hour:
Move the node but please follow @justin_shocknet's advice and remove tor, or at the very, very least change the service keys after disconnecting. You do NOT want to be correlation-mapped through service keys moving to mom's IP.
Alternatively if you have more time than an hour: back up the wallet, store the backup on 2 encrypted usb sticks which you put in a safe(ty deposit box), make sure it's there and wipe the box. Can restore everything when you retain the wallet, all you need is sync.
Ok, all right.
But really can't understand the problem to had a tor node.
I think that is a simple way to help the tor community.
If your goal is to help "the community" while with high probability doxxing your IP-to-tor-key mapping across family members, then there is no problem I guess? It's cheap to change though? So why risk it?
Changing keys is absolutely not a problem, in fact it was absolutely planned.
Thanks also to you.
Same here, I've read yesterday but from phone.
Also now I'm away from my computer and I hate write from phone.
I'll replay tobyiu later cause I've some question about your reply.
image from: #967344
Thanks for sharing
This card was perfect for my topic.
About your BTC card game, have you think to translate them in other language?
We haven't had that many requests for other languages yet...and printing them is very expensive, especially in lower quantities. But if someone wanted to pay for an order in full to distribute to their country in their own language, I could have them translated and printed. It'd have to be at least 100 decks though to make things work logistically. If anyone is interested in this, feel free to discuss with me via email at info.603btc@gmail.com