Make Bitcoin (BTC), Litecoin or Dash wallet private through Tor proxy
Intro
As of now, it should be common knowledge, that Bitcoin is the exact opposite of being a privacy coin, with your IP made available for anybody in the BTC network. Because of this, your transactions can be tracked directly to you.
This article describes how to hide these transactions from anybody who’s watching. We will achieve this by running the Bitcoin Core full node through the Tor Proxy, installed on any Linux / Mac box within your Local Area Network. If you use Linux / Mac as your desktop PC, then this PC will be able to start the Tor Proxy. Otherwise, I will instruct you how to install such Proxy on a Raspberry Pi or a similar Single Board Computer (SBC).
Although Bitcoin is the main actor here, this how-to is applicable to any Bitcoin forks, like Litecoin or Dash (however Dash doesn't support a separate wallet directory, but it does support a separate wallet file).
The Problem …
Running a full node is resource demanding until the node is fully synchronized. Syncing through Tor and through SBC on top of this would slow down the process significantly. Even assuming syncing has already been done, if you’d like to help the Bitcoin blockchain to replicate via your already synchronized full node, it won’t be easy to allow this via Tor without extra effort, which is out of scope of this article, as it assumes dealing with firewalls.
… and the solution
Therefore, in order for the full node to sync quickly, and make the blockchain available for other users expecting to sync, thanks to your node, we will be running two mutually exclusive instances of Bitcoin Core, albeit sharing the same data folder. Let’s call the first one “Public”, with an empty wallet, or simply a wallet, whose transparency is not a concern for you. The second one, called “Hidden” will be ran through the Tor Proxy, and will use its own wallet – the one you want to hide from sniffing. You will continuously be running the “Public” one, keeping it in sync and letting others sync, while whenever you need to make a transaction, you’d close the “Public” and start the “Hidden”, which will immediately pick up the latest synchronized data, while hiding the now incoming transactions, specific to this wallet.
Private browsing as a nice side effect
Once you setup the Tor Proxy on one of your Linux boxes, you will be able to allow private browsing for the whole family, without the need of using the Tor Browser specifically. It will be enough to point any browser to the Tor Proxy to enjoy private browsing. You could for instance have one browser for naked browsing, say Chrome, and other, say Firefox or Pale Moon for Tor private browsing only.
What you’ll need
- A Linux or Mac OSX box, or Raspberry Pi, or any other similar SBC, with a Debian-based Linux distribution
- Over 400 GB of free space for the Bitcoin blockchain database
- Optionally a small encrypted partition to hold the hidden wallet
Donations welcome
This site uses neither ads, nor cookies. If you find the article useful, you might want to consider making a small donation, to justify my time spent on writing it and to motivate me to write more. Below are my donation addresses. If you make a donation or have any questions or feedback, do e-mail me via this form.
83N3J8um9RbabuQtxk3NrGjYHVkgMHzaDGq7b61VqaijKFUNktpKd8rQ4MtMp2x9HP3LNwtcfU8sCVBPsjzqkVcFLMDtJ2i
Setting up and testing Tor Proxy
Raspberry Pi as Tor Proxy
- Buy a Raspberry Pi 3, or Raspberry Pi 4 from Amazon, along with a power supply, Ethernet cable (optional), and an HDMI cable for RPi3 or an HDMI - HDMI-micro cable for RPi4. RPi4 will also perform better with an aluminum case (for proper heat dissipation).
- Buy an SD card with preinstalled NOOBS.
- Insert the SD card into RPi, connect it to your screen with the HDMI cable, connect a mouse and a keyboard, as well as the Ethernet cable. Finally connect the AC power supply.
- Install Raspbian, as described here.
- Enable SSH, to be able to send commands remotely.
- Make sure, that your Rpi is connected to the network, either through WiFi, or if you prefer having it disabled via the top-right applet, through an Ethernet cable. Note down the IP address, as described in the SSH documentation above. Tip: write in terminal "hostname -I". Let’s assume it will be 192.168.1.100 (Note that WiFi IP and Cable IP will be different).
- Power off the RPi and switch back your screen to your desktop PC.
- Wait until the RPi’s LED stops flashing in green, then plug off and plug in the power supply.
- The Pi should be now accessible via SSH.
From Linux terminal write
ssh pi@192.168.1.100
From a Windows box you’ll have to use Putty. Enter the Pi’s IP, like in the example below, and click Save, which will allow you to reload the IP later on. Afterwards click Open.
Enter the default password, which is: raspberry
After a successful login, you could change it via:
passwd
Enter the following commands:
sudo apt-get update && sudo apt-get upgrade sudo apt-get install tor sudo cp /etc/tor/torrc /etc/tor/torrc.backup
Open the configuration file with:
sudo nano /etc/tor/torrc
Enter only the following configuration entries:
SocksPort 192.168.1.100:9050 SocksPolicy accept * RunAsDaemon 1 DataDirectory /var/lib/tor
Save the file with F2, and confirm with Y, followed by Enter.
Restart the Tor service:
sudo systemctl restart tor@default.service
Local Linux box as Tor Proxy
If you already use Linux and don't want to buy RPi, here's a variant for using a local Linux box as Tor Proxy but without the possibility of sharing the proxy over the LAN:
sudo nano /etc/tor/torrc
SOCKSPort 9050 # Instead of SocksPort 192.168.1.100:9050
Testing the Tor Proxy
Open Firefox and choose Preferences → Network Settings (at the bottom)
Select Manual Proxy, fill the IP field and make sure the port is 9050.
Close and then restart your browser. Now you are using your Tor Proxy in your browser, and so can other people in your LAN. You can verify it by browsing the URL https://check.torproject.org/. You should see the following picture:
You should now reboot the RPi, to ensure, that all the recently installed updates are in place, and that the Tor Proxy starts automatically, so write in the terminal:
sudo reboot
and after a minute try to access the Tor check site from Firefox again.
Routing the Bitcoin Core traffic through Tor
After having the Tor Proxy set up and confirming, that it's working, we will start by setting up an syncing a full node, using a Public Bitcoin Core variant.
Preparing startup scripts
Since the Public variant shares a lot of start up code with the Hidden variant, we'll prepare script for both in one go.
Download and install Bitcoin Core.
Next, we'll create 3 helper scripts:
- btc-common
- btc-public
- btc-hidden
Windows version:
Check out this site how to create batch files under Windows. Create one such and name it btc-common.bat . Paste there the following content and edit it according to your needs:
@echo off rem Variables for securing BTC wallet with TOR and rem Meant to be manually edited. rem Adjust to your unencrypted magnetic drive location set DATA_DIR="E:\magnetic\crypto\btc\btc-data" rem Adjust to your encrypted partition set WALLET_DIR="D:\encrypted\crypto\btc\wallet" rem Bitcoin installation dir set INSTALL_DIR="C:\Program Files\Bitcoin" rem Use all cores set NPROC=%NUMBER_OF_PROCESSORS% rem ... or reduce to the desired number of cores to be used (easier on your PC's temperature) set NPROC=3 rem Select the according Tor proxy set TOR_PROXY="192.168.1.100:9050" rem ###################################################
Create btc-public.bat with the following content:
call btc-common.bat rem Read common variables rem Runs the "Public" version of the BTC full node, rem which shares the data directory with the Tor - protected one, rem but assumes using an empty wallet, or a "Public" wallet cd %INSTALL_DIR% bitcoin-qt.exe ^ -par=%NPROC% ^ -datadir=%DATA_DIR% rem Delete this line, if you intend to use the default data directory rem ###################################################
Create btc-hidden.bat with the following content:
call btc-common.bat rem Read common variables rem Runs the "Public" version of the BTC full node, rem which shares the data directory with the Tor - protected one, rem but assumes using an empty wallet, or a "Public" wallet cd %INSTALL_DIR% bitcoin-qt.exe ^ -par=%NPROC% ^ -walletdir=%WALLET_DIR% ^ -proxy=%TOR_PROXY% -proxyrandomize ^ -datadir=%DATA_DIR% rem Delete this line, if you intend to use the default data directory rem ###################################################
Linux version:
After extracting the archive, go to the installation directory. For Linux it will be:
cd bitcoin-0.19.1/bin
nano btc-common.sh
#!/bin/bash -e
# Variables for securing BTC wallet with TOR and
# Meant to be manually edited.
DATA_DIR="/mnt/magnetic/crypto/btc/btc-data/" # Adjust to your unencrypted magnetic drive location
WALLET_DIR="/media/${USER}/encrypted/crypto/btc/" # Adjust to your encrypted partition
NPROC=$(nproc) # Use all cores, or...
NPROC=3 # reduce to the desired number of cores to be used (easier on your PC's temperature)
TOR_PROXY="localhost:9050" # Select the according Tor proxy
TOR_PROXY="192.168.1.100:9050" # Select the according Tor proxy
###################################################
nano btc-public.sh
#!/bin/bash -e
# Runs the "Public" version of the BTC full node,
# which shares the data directory with the Tor - protected one,
# but assumes using an empty wallet, or a "Public" wallet
source btc-common.sh
./bitcoin-qt \
-datadir=${DATA_DIR} \ # Delete this line, if you intend to use the default data directory
-par=${NPROC}
###################################################
nano btc-hidden.sh
#!/bin/bash -e
# Runs the Tor - protected version of the BTC full node,
# which shares the data directory with the "Public" node.
# The wallet is expected to reside in a separate directory, preferably on an encrypted partition
source btc-common.sh
./bitcoin-qt \
-datadir=${DATA_DIR} \ # Delete this line, if you intend to use the default data directory
-par=${NPROC} \
-walletdir=${WALLET_DIR} \
-proxy=${TOR_PROXY} -proxyrandomize
###################################################
As the last step, make the scripts executable with:
chmod +x btc-*.sh
Moving files where they belong
If you’ve already created the wallet file, that you’d prefer to keep hidden, now it’s time to move it into the directory, pointed by the WALLET_DIR variable, from the above scripts. By default, your “wallet.dat” resides in the Data Directory. The default Data Directory path can be learned from Bitcoin Wiki. Please move “wallet.dat” out of there into an encrypted partition, if you have one, or any other place, different than the Data Directory and reference the new location with the WALLET_DIR variable, by modifying the btc-common script.
The same goes for the blockchain data. It’s best to move it to a magnetic drive. Don’t forget to reference the new directory via the DATA_DIR variable. If you prefer keeping it in the default location, then remove the lines starting from "-datadir=" in your two btc scripts.
Usage
Syncing the Public full node
It's finally time to use our scripts. Let's start from syncing our full node, using the btc-public script. Take your time.
Long term goals
The absolute priority is to keep all your transactions private. If switching between the Public and Hidden variants is a hassle to you larger than the benefits of having a replicable BTC blockchain across the globe, you may simply run the Public node once to synchronize, and continuously leech the new blocks via the Hidden instance. It's your choice after all. However, if you're into computer networks, you could have the best of both worlds and open your router for the Tor traffic from outside. But this is out of scope of this article.
Further reading
- Securing your BTC wallet and funds against being stolen by malicious software.
- Testing if your computer allows outside BTC requests
- Allowing the Tor traffic from outside (TODO).
If you found this article useful, show some love and please donate my work.