My Server One node has been on the network for about 10 days now and I love it!. It all works without any issue whatsoever. Great job Start9!
I’m interested in learning how far I can go enabling privacy without losing communications on the Bitcoin network. I’m trying to get a handle on what is happening on TOR and what is happening on the Clearnet.
If other nodes are able to connect to me via TOR (and that’s good), who/what is connecting to me on the clearnet using port 8333?
If I were to disable clearnet, would my node still be useful to myself and the BTC network?
If I were to disable clearnet, would I need to keep port 8333 open any longer?
If I can service the BTC network while not using Clearnet and closing 8333, it seems that would be the best way to go for privacy. If I have it wron, please set me straight. I’d feel better if an ISP tech with my address didn’t know I am a node runner. There’s a family in my house . . .
As of StartOS 0.3.5, port 8333 is not exposed, so no one can connect to you on it anyway.
StartOS does not, in any way prevent out bound clearnet connections.
Yes. This is how I run all of mine. I don’t want other nodes on the Internet to see my home IP address. I only connect to tor lightning nodes for the same reason.
Since port 8333 is not accessible on the StartOS implementation of Bitcoin anyway the port forwarding makes no difference. All incoming connections to your node, are connecting to you as a tor hidden service.
By disabling clearnet in the Bitcoin service, it prevents your IP address from being spread across the network as a known node. It does make it less obvious to your ISP, as they will see only connections to tor. However, using data traffic pattern analysis, your ISP can hypothesize with a non zero probability that you are running a Bitcoin node. So just be aware.
Thanks for the prompt reply @Rexter.
So what I get from your answer is:
My outbound connections (looking for other nodes, I assume) will be on the Clearnet and there is no way to change that.
At my rev (0.3.5.1), Port 8333 doesn’t matter. If I close the port at the router there will be no impact to Start9.
Disabling Clearnet will stop my node from advertising itself on the Internet, for mostly non-mission (cosmetic) reasons and only TOR traffic can be seen (by anyone).
Turning off Clearnet will not impact my node’s service to the BTC network. Any “data traffic pattern analysis” would probably be done with an ISP ticket and under some kind of review (I hope). I’m not afraid of the ISP. I’m afraid of a crooked tech , , ,
@Rexter, one last thing: What is the cadence for making changes to a Start9 service? Stop the service - make the change - start the servce?
I’m grateful for your expertise and your help.
Thanks
We need to draw a distinction between the OS and the services. StartOS makes clearnet outbound connections for tasks such as accessing the Marketplace for new software, etc. StartOS does not prevent services from making outbound clearnet connections. If a service, such as Bitcoin, chooses to make an outbound clearnet connection, StartOS does not interfere in any way. Inbound connections are not deliberately prevented, but service containers are only accessible via Tor and mDNS, which generally cannot not traverse network boundaries—in effect, mDNS is LAN-only. Services on StartOS 0.3.5 cannot be accessed via IP:port#. This is a fundamental change that is coming in the next release of StartOS. Being able to access services via IP:port# will open a whole host of networking capabilities.
You are correct. In StartOS 0.3.5~1, port forwarding is not needed and provides no benefit. Your Bitcoin node is accessible for inbound connections over Tor only. If you would prefer to have your Bitcoin service make only outbound connections over Tor, the “Disable clearnet” setting will do exactly that. It’s a function of the service, not the OS. If you want to prevent ANY/ALL external servers/nodes from receiving a connection from your IP address, the best way to do that would be to configure a VPN in your router so that all outbound traffic from your server is tunneled through the VPN. Then you could have both Tor and non-Tor outbound connections without exposing your home IP address.
Tor can be slow and unreliable at times, so disabling clearnet could make your node less reliable. However, this has not been the case in my personal experience. I’ve had zero noticeable downtime on my Tor-only nodes in the last year, but your mileage may vary.
I may be old-fashioned in this regard, but I generally stop dependencies and the service before I make changes to the settings. That’s probably not necessary, generally speaking. With Bitcoin Core running, for example, if you go into the config and make changes, the service is restarted the moment you click save. Any dependent services will go into an error state until the service comes back online, and everything generally resumes as normal.