A Tor enabled mining pool?

Any experienced mining pool operators who would consider enabling Zcash mining over Tor for an existing or new Zcash pool ?

Given that this type of mining set-up is possibly the most anonymous / private way to get Zcash - the community really deserves this kind of opportunity !

EDIT: Solo mining is not quite the same thing - as the adage goes "you cannot really be anonymous by yourself!" :footprints:

I suppose you can connect thru tor to any ssl-enabled pool (to avoid mitm-proxying attack), for example to https://zcash.flypool.org/

Indeed. Your suggestion is a reasonable available alternative.

However, the mining pool must run as a Tor enabled hidden service (.onion site) to provide better anonymity. Hidden service traffic does not exit from the Tor network, whereas mining through Tor to a TLD address can be more easily observed.

Also, the pool should arguably use anonymous login accounts (instead of presenting mined to / public addresses) as this presents another vector to track or correlate user activity over time.

Furthermore, the mining pool should also have a TLD and therefore be 'dual stack', with an alternative .onion address available for both anonymous registration and mining through Tor. This helps to prevent the type of attack where a strong adversary can say "we don't know who you are, but we know that your in this list of 'subscribed' users and/or sub-set of minded to addresses!"

The hardest aspects of making any crypto-currency truly anonymous are always going to be obfuscating ones account balance (holding) and/or the means of acquisition (how the balance was acquired in the first place).

I have enabled network infrastructure to kick-start the 'core' of possibilities with using Zcash over Tor!

For the community to do this properly we also need mining software developers that can build and test software to ensure no dns leaks etc.,

The community needs clear and concise guides of how they can easily start mining more anonymously in this regard. It is really not that difficult and for a privacy and security focused crypto-currency like Zcash it should become an acceptable norm.

In fact, the more Zcash that is mined anonymously = more privacy and security for all Zcash users moving forward imho.

1 Like

I highly doubt that mining on TOR is doable due to routing latency. Even with a TOR service you'd get a lot of rejected shared because of this latency, which is lost money tbh. But if you don't mind losing money over it ...

Latency is less of an issue than you might imagine. Eligius Bitcoin pool had .onion mining for a good while, if I'm not mistaken.

The client and server can be configured to make networking as fast and as efficient as possible.

BTC block times are also 4 times longer than Zcash. In addition, the BTC network has nodes on every street corner :), while the Zcash network is just a tad thinner. Either way, you're ignoring the fact that everyone else mining (not on TOR) has fair less latency than you do on TOR, and you are competing with them. Just saying it will work OK isn't the full answer, IMO. ZenCash has the right approach, in my mind: SSL the whole network.

1 Like

Note that this doesn't actually affect routing latency for mining, because SSL in this case is between the mining pool's daemon and the rest of the network, whereas there's no way for the network to enforce the connection between mining pools and miners (what would be protected via .onion in this thread's proposal) to run over SSL, as that is entirely third-party controlled.

1 Like

Yes, but the two most capable ZEC/ZCL miners both support tls miner-pool connections, as do many of the ZEC/ZCL pools, so the miner has every opportunity to go end-to-end encrypted. I don't know if the wallet apps support tls/secure-RPC, but they clearly (to me, anyway) should.

1 Like

Agreed. My point was simply that the pool <--> network connection is distinct from the miner <--> pool connection, and enforcing one doesn't implicitly enforce the other.

2 Likes

Good discussion here.

Lets look at why this approach works for anonymity, privacy and security.

(1) In terms of the network effect, your ISP (or anyone else watching the connection) won't know that you are mining Zcash, as they will just see Tor traffic instead. Arguably, network encryption can only buy you time, whereas anonymous routing can provide more certain anonymity. A combination of both is better still ofc.

(2) The pool operator does not know your real IP address if you use Tor, which could be used to determine your identity. They would still know your payment address, although user registration details can also be 'obfuscated' (by the pool operator and/or by the pool user).

Again, with the ability to make private Zcash transactions on the blockchain, the easiest attack vector for identification becomes the point-of-entry to the network (in terms of your own Zcash acquisition).

Given that users are likely to obtain coins in any one of three ways; by receiving a transaction!, by buying coins from an exchange or by mining them - further obfuscating some aspects of the modes of acquisition will certainly help towards the anonymity, privacy and security of the entire system moving forward.

So, ...

I think VPN addresses most of these issues. I'm leery of TOR as a general approach to the anonymity problem, mainly due to my personal experience using TOR for browser access to a particular network. That experience was abysmal. I felt as though I had gone back in time and was on a 14.4k baud dialup modem, using an 8086-based PC. Absolutely TERRIBLE. Which raises questions about scaling the production traffic of an entire global, real-time blockchain network. Has anyone actually tired it? It doesn't seem to me that that type of traffic profile was even a consideration in the design of TOR. It was mostly created to obfuscate your Web traffic, which is, of course, interactive and user (human) driven. Users syncing blockchains over TOR? One real issue with TOR is that it's only as capable as it's weakest transit node. There's no QoS standards for operating a node, that I'm aware of. You may well be routed through a node that has a marginal network connection to start with, and the node owner is using it to play some heavy-duty video game with dozen of remote participants. It's very possible that my limited experience with TOR leaves me short of a full understanding of where TOR is, these days, in terms of technical capabilities, but given my experience using it, I remain doubtful of it being a general solution to the problem.

Miners operating exclusively over Tor are going to suffer from higher rates of orphaned blocks. I also vaguely remember some security issues with Bitcoin miners running on Tor, but I don't have time to look it up right now. At any rate, miners will probably need to operate with a dual presence on both networks.

That being said, it's absolutely essential for ZCash to have a robust native presence on Tor, as all of our IP address connections are being logged. Miners are full-nodes that are always connected to the network, having them act as Tor relays would be helpful for everyone. Encouraging mining pools to setup Tor clients is a great idea, but it would require work on the part of the mining pool and it's not easy to do.

If you want to see this happen, focus on making it push-button easy to run ZCash nodes behind Tor.

1 Like

Pool mining Zcash through a VPN of course offers some increased protections, however even a medium skilled adversary can easily just watch the end points and identify users. Tor is resistant against Traffic Analysis, also if your mining to a hidden_service pool, then your traffic will never leave the Tor network.

Downloading the Zcash blockchain over Tor is not really an issue, it's just slightly slower.

Using Tor is obviously not going to be as quick as a regular internet connection - privacy, anonymity and speed - pick any 2 options. :slight_smile:

Tor (via the torrc) can be configured for optimal speed, when the use case is known i.e. mining Zcash.

Important settings from the tor manual to reference in this regard include LongLivedPorts, where the Zcash / pool mining ports can be included.

See : https://www.torproject.org/docs/tor-manual.html.en

A mining pool server can also make use of the relatively new Tor HiddenServiceSingleHopMode .

If you are just looking to make regular Tor web browsing 'faster' then perhaps take a look at the torrc GeoIP options. Example ; https://tornull.org/geoip-torrc.php with the additional 'rocket' torrc available soon!

@dlehenky and everyone!

The aforementioned xeronet Rocket torrc is now available via tornull.org - do give it a try and experience for yourself just how fast Tor can be if ididedittheconfg :smile_cat:

For anyone looking to run Zcash on Tor the basic configuration instructions and addnode=.onion's can be found in my post linked above. I'm working on a more detailed set-up guide.

Also, a large block of 'trusted' US based Tor exit nodes were seemingly established after the Zcash ports were added to the Tor Reduced Exit Policy. They can all be located via the Tor Atlas as 'Quintex'. They would make good ExitNodes additions for anyone running Zcash on Tor. Although remember that torrc characters (per line) are limited to 4096 for ExitNodes etc., (hint: listing servers via IP address uses less characters) ...

I'm working towards setting up an optimized Tor enabled P2Pool for Zcash.

3 Likes