I recently set up my Start9 DIY nonfree.iso, but I have some questions (I’m a bit confused and might be lacking some knowledge).
I have installed Bitcoin Core and then disabled clearnet, but how exactly does it work? Is my entire server running completely on Tor, or is it just Bitcoin Core and the related applications?
I setup electrum via start9 and have it talking to Bitcoin core via RPC. When I use my wallet configured with my electrum server (.onion URL) and i want to do a transaction, can my ISP know something about what I’m doing?
Via a different machine under the same ISP/network, I run sparrow and I submit via the electrum server .Tor address a transaction that I immagine gets comunicate with the Blockchain (how?) and validated via RPC on my Bitcoin core node…Would it be better to use a VPN on my router to hide the IP of my Start9 server? What if anything can my ISP see that could correlate the transaction to me ?
Is there a trustless way to verify that my server/node is actually running on a Tor network (for example, by checking bitcoind.conf) in StartOS?
Thank you so much for your amazing work and have a nice day !
The option in Bitcoin Core limits connections to only known peers over Tor. It does not change anything else about your server. Your server, and other running services may reach out over clearnet, based on their settings, and purposes.
& 3. Your ISP will see that you have both incoming and outgoing traffic over Tor unless you configure your router to tunnel everything through a VPN. In that case, your ISP will only see VPN traffic. Keep in mind that deep analysis of traffic patterns might allow an attacker, with a non-zero probability, to glean some insight into the nature of the traffic, even though the actual data cannot be seen. In the scenario you outlined, when you transact, your node shares the transaction you are broadcasting with its peers. They, in turn, share the transaction with their peers, and so on, propagating your transaction through the mempool. Your transaction is added to the blockchain by a miner if you have incentivized them to do so by attaching a sufficient mining fee. If your Bitcoin Core node is set to Tor only(disable clearnet) your transaction propagates from a seemingly random location on the network, depending on where the peers you are connected to are located. It is very difficult to trace where that transaction originated, in isolation.
4- In short, other than the setting you mentioned, there is not an easy way to verify that it is not leaking. You could set up packet sniffing at the WAN interface and analyze the traffic to and from your server. Configuring a VPN on your router and verifying that all other traffic is blocked would be the best/easiest way to ensure that nothing goes over the clearnet.