Hello,
Sorry if that has been asked, I am about to buy a Server One, however I am concerned about privacy and my ISP watching that I am running Bitcoin Core. I believe it is possible to sync Bitcoin Core via Tor. How easy is this? Also how do I ensure that whilst running my Start9 my ISP cannot see that I am running a Start9 server. This might be impossible. I support the most important thing is to sync the blockchain not on clearnet.
Thanks!
Napa
One thing to do is to set a VPN that runs constantly on your router. So the VPN is not installed on your clients but on the router itself. You can also go into configure on Bitcoin Core (before starting it) and select Disable Clearnet (Config > Advanced > Peers > Disable Clearnet) Disabling clearnet will make things slower but will ensure that you are only using TOR for BTC. Just using a good VPN and router might be all you need, but you can disable clearnet to be extra cautious if you choose
Thanks for the quick response! So by disabling clearnet does it automatically run over TOR or you have to do additional steps? I am just trying to get a feeling for how I set it up. Also I have a VPN which I purchase for my laptop however how do I transfer that over to my router? Sorry for the NOOB questions.
Thanks again,
Disabling clearnet will have Bitcoin sync over TOR only.
Configuring your router to use the VPN that you purchased for your laptop may or may not be possible depending on the VPN you purchased and the router you are using.
Configuring VPNs for routers is outside the scope of Start9 normal support, but if you post your details what VPN / router you are using someone may be able to assist.
Hi Jesse,
Thanks for confirming, so disabling cleaner will have Bitcoin run over Tor, I am using MullVad VPN for my laptop, however unsure how to duplicate that onto my routerâŚ
I havenât used Mullvad, but I did find the following article on their help pages:
If you donât have an Asus router, perhaps they have a similar page that does match your routerâŚ
ok so is there a way to run my whole Start9OS over TOR/VPN from get go or I would need to connect my ISP route to say a Asus router which would be connected to my VPN?
The easiest (and OOTB out of the box) approach is to access your StartOS server via TOR when you are not on your local LAN.
Go to System- â About â Web Addresses and see the TOR link posted there. You can access your server when not on LAN via that link from any TOR supporting browser. I use the TOR browser from The TOR Project.
Each service you install will also have a TOR address available.
Does this even work when you first initiate Start9 or you have to use your local network when you first initiate it?
I suggest you start with our getting started documentation. This has an âunboxing videoâ that will show you the initial steps to get started including downloading a bitcoin node. The video does not go into TOR, but that is setup on the server by default. Of course, there is documentation on how to access your server over TOR.
Thank you so much, will go through the steps and come back if I get stuck!
Hi,
So I installed my StartOS yesterday and ran Tor on Home-brew using the following instructions: Start9 | Running Tor on Mac . However I only ran Tor over home-brew and did not enable Tor system wide. Would this be sufficient along with disabling clearnet to sync the blockchain over Tor?
Thanks!
If you disable clearnet in the Bitcoin config, it will only connect to Tor nodes. So the blockchain will be downloaded over Tor.
Hello, I wanted to connect remotely via Tor before syncing in Bitcoin Core. When I entered my onion address (http) on Tor, there was a window on the screen on Tor saying there is an https version, Tor runs faster on https and my Root CA was not entrusted. When I clicked on that link (it was a yellow box), it gave me a warning that it is not secure connection. So, I did the following before trying to click back there. On Tor:
about:config in the URL bar.security.enterprise_roots.enabled, and set it to true.Having done the above, I was able to use the https version of my onion address without any warning signs. However, I am now wondering if I did something that could have compromised my security or if something malicious could have happened. Should I be worried ,and when connecting remotely to my server, should I just stick to the https onion address provided? Thanks in advance!
Are you using Tor Browser?
Yes, all of the described happened on the Tor browser.
Hi SMK!
This is perfectly fine. The Tor Browser configuration option security.enterprise_roots.enabled controls whether the browser trusts root certificates from the operating systemâs certificate store. When this is set to true and your server (StartrOS) certificate is already trusted by the system, the browser will trust it as well. This allows you to add an additional layer of TLS encryption to your communication.
However, itâs important to note that this extra TLS encryption is not strictly required, as all traffic through the Tor network is already encrypted by default. Tor encrypts your data at multiple layers as it passes through different nodes, ensuring end-to-end encryption and anonymity. The additional TLS encryption can be useful in some cases, but it doesnât increase security significantly since Tor already provides robust encryption.
Let me know if you need further clarification!
Hi h0mer, thank you for your response! Going forward for remote access to my server via Tor, is it ok to just continue using the http onion link that was generated?
I actually set back again the Tor configuration to âfalseâ ⌠as I was not sure whether I had done the ârightâ thing of changing the settings in the first place when that security warning popped up for the https onion link (that was all before the current exchanges in this forum).
Hi again
Yes, itâs fine. Nothing to worry about. You can use http://, and your connection will still be safe. Just remember not to share your unique Tor addresses publicly online. These addresses are only known to you and are practically impossible for anyone to guess.
Thanks a lot, h0mer!