How to TOR

[xkcd]

This guide will explain how to run a full node (qt-wallet) over TOR and in the later part how to host a TOR hidden service with your dashd.
​

We assume you are running a full node (qt-wallet) on windows, but Mac will be very similar. First head on over to clearnet URL https://www.torproject.org/ and fetch the TOR Bundle. Unzip and run the TOR Browser, or install and run the TOR Browser, you should see a web browser window open up after about 30 seconds, you are now connected to TOR.

There are two ways to configure your dash qt-wallet to use the TOR network to increase your anonimity.

1. Configure the proxy in the UI.
2. Configure the proxy in the dash.conf.

Advantage of option 1 over two is it is easier, advantage of option 2 over 1 is you are able to configure individual instances of the qt wallet assuming you run more than one at the same time like I do.

If the proxy is configured in the dash.conf it will override the setting in the UI.

1. Configure the proxy in the UI.
   In the QT wallet goto Settings -> Options and choose Network. Enable the checkbox for SOCKS5 Proxy and enter 127.0.0.1 for the IP and 9150 for the port.
   
   
   
   Press OK and close the wallet and restart it, it will now connect to TOR and use that to sync the blockchain and send/recieve your transactions. You will need to remember to start the TOR Browser first each time or else the wallet will not sync.
   
   
2. Configure the proxy in the dash.conf.
   Open the Run Dialog box with Win + R key combo and paste in the blob %APPDATA%\DashCore and press Enter. The folder containing dash.conf is opened, edit it with a text editor and add the line
   proxy=127.0.0.1:9150
   Save the file and restart your QT wallet.

To host a TOR hidden service for your dashd you need Linux, Fedora or Ubuntu and the dashd daemon. Start with installing TOR, sudo apt install tor and the extra lines to the torrc file with below command.

sudo bash -c "echo -e 'ControlPort 9051\nCookieAuthentication 1\nCookieAuthFileGroupReadable 1' >> /etc/tor/torrc"

(Re)start TOR with

sudo systemctl stop tor
sudo systemctl start tor

Determine the group your TOR is running under, this differs from system to system, for example on Fedora it is toranon and on RaspPi it is debian-tor use the command tail /etc/group and refer to the last line for the group name. Next check the group name your your dashd runs under and create the command below for your environment such that you are adding the dashd group to the tor group.

sudo usermod -a -G toranon dash

Shutdown your dashd with dash-cli stop and edit the dash.conf file and add the below two lines.

proxy=127.0.0.1:9050
torcontrol=127.0.0.1:9051​

Restart your dashd and monitor the debug.log for onion word, eg

grep -i onion ~/.dashcore/debug.log

It should print your onion address similar to below and that means you are connected and running a TOR hidden service.

2020-06-26 14:00:51 tor: Got service ID rjj3r2qp4r5h4tfk, advertising service rjj3r2qp4r5h4tfk.onion:30000
2020-06-26 14:00:51 AddLocal(rjj3r2qp4r5h4tfk.onion:30000,4)​

You can further verify it is connecting with sudo netstat -nap|grep dashd and note in the list that the dashd only connects to the localhost on port 9050 and those connections are ESTABLISHED.

Reference -> https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service

 

[xkcd]

Why even bother with this?​

Currently the network protocol is not encrypted, so when you open a wallet to sync it and send transactions your ISP or a snoopy government agency can tap your internet connection and see that you are running a dash node, and mixing if you do it and that you are sending transactions from the wallet, this is not ideal if privacy is important to you. Running the wallet over TOR helps with your privacy because those snoopy agencies can no longer see the traffic on your network, they don't even know if you are operating a dash wallet or not. You should also be using a VPN, and VPN does much the same thing as TOR is doing for you, but costs you money, don't use a free service they don't protect you.

 

[xkcd]

Additional tip for this guide. You can force the QT wallet (client) to connect ONLY to TOR Hidden Service nodes. Simply add the following line to your dash.conf file.

onlynet=onion

I will be updating the DASH Masternode Zeus to automatically configure masternodes as a tor hidden service which should ensure there are plenty of nodes online for you to connect to. When you enable this option and restart, you should see it only connecting to onion nodes, similar to the below. You may have to delete your peers.dat file before restarting. If you do, you may have to add the first onion node manually from the console using addnode <hostname>.onion:9999 add to get it started.