Zcash on Tor : A Community Funded Proposal

See: https://forum.zcashcommunity.com/t/zcash-addnode-tor-hidden-service-onion/13007

I propose to set-up and maintain an additional 8 'Dual Stack' Zcash addnode Tor hidden service .onion nodes, with;

4 new nodes as Zcash hidden services.

2 new Relay nodes as Zcash hidden services.

2 new nodes as full Tor Exit Nodes, with website information about Zcash including how to connectivity.

To continue with this project for a minimum 12 month duration I require funding of $2,100 (US)

Any additional community funding above the 12 months requirement will go towards the ongoing administration costs, expenses, research and development, extending hosting and increasing the capacity of existing nodes, where necessary.

Funding donations are accepted in Zcash and Bitcoin via addresses published by myself in this thread below. If you would prefer to fund this independent project via a private address then please send me a PM.

Current funding target achieved : 15% (approx. considering any price fluctuations).

I am a long standing member of the Bitcoin community and this project proposal has been given the initial go ahead by @zooko, in so much as he would also very much like to see ongoing and stable Tor node support for the Zcash project.

These new Tor nodes - dedicated to Zcash connectivity over Tor will not be used for any nefarious activity whatsoever and I have partnered with tornull.org and our hosting providers to limit any potential Exit node 'abuse' issues.

10 Likes

Herewith, Zcash on Tor! : project funding addresses;

taddress : t1bmX8aWjLCUFprFnj1uptNzJazhQE615k2

zaddress (public) : zcGJjhSg4hwaKHcVG9FJedMRVgjS6HdeBtpXNvdmzpd19dBgkzKoKSRNVFkEh8ohBdaCbFqCN4oMpHuAwKUVBaq43vggtQZ

Bitcoin : 1DFXSogRnmXdsZ4zrjSXF7da989pmS1iCS

PM me for additional contact info. or to notify me of your funding contribution etc., Thank you.

I confirm that I have received an anonymous project funding contribution of 15% (approx. considering any price fluctuations), of the funding target.

I will commence with provisioning both of the new Exit node servers today, with set-up being completed in around 24 to 72 hours.

1 Like

Incidentally, I have just opened https://github.com/zcash/zcash/pull/2177 which pulls in ephemeral HS support from upstream, and should make setting up Tor-listening Zcash nodes much easier :slight_smile:

4 Likes

@str4d Jolly good! :slight_smile:

2 x Tor Relay nodes are now online!

ZcashTor0se - https://atlas.torproject.org/#details/381DB186136F95370B0A7C7575E40B5DE8C18BDB - http://185.86.149.75/ - Sweden

ZcashTor0lv - https://atlas.torproject.org/#details/53825DFB32426F4D02E2FAA43AF713DC185299F4 - http://94.140.120.44/ - Latvia

New Tor Relays always take a while to gain their full network status + bandwidth capabilities.

All 8 (new) addnode=.onion Zcash addresses will be published together when the project is at least 50% funded. These IP's are already running Full Zcash Nodes.

3 Likes

With the recent downward shift in the Bitcoin price I have deemed it appropriate to action set-up and provision of all nodes for this project with immediate effect. This will make best use of funding contributions already received in $ value with our hosting providers.

News events, particularly: https://bravenewcoin.com/news/eu-parliament-states-virtual-currencies-cannot-be-anonymous/ highlight the importance of this projects service provision in (independently) upholding the core Values of the Zcash Foundation - https://github.com/ZcashFoundation/ZcashFoundation/blob/master/VALUES.md - most namely Privacy as an important Human Right !

...

EU Parliament states; Virtual currencies cannot be anonymous ! ...

  • "Virtual currencies' means a digital representation of value that is neither issued by a central bank or a public authority, nor attached to a legally established currency, which does not possess the legal status of currency or money, but is accepted by natural or legal persons as a means of exchange or for other purposes, and can be transferred, stored or traded electronically. Virtual currencies cannot be anonymous." - EU member states must be compliant by June 26, 2017 - European Parliament.

However, ...

  • The United Nations has underlined the importance of encryption and anonymity in the digital age. Penned by a UN special rapporteur on freedom of expression, the document underlines the importance of private communications and calls on member states to protect their use under law.

  • http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc

  • β€œThe Special Rapporteur, recognizing that the value of encryption and anonymity tools depends on their widespread adoption, encourages States, civil society organizations and corporations to engage in a campaign to bring encryption by design and default to users around the world and, where necessary, to ensure that users at risk be provided the tools to exercise their right to freedom of opinion and expression securely,”

...

As a UK citizen, responsible for maintaining the inception of the "Zcash on Tor" independent project - I'm in the fairly unique position of being geographically located within Europe, whilst the UK is soon to be outside of the European Union project.

Noticeably, the two main Tor Exit nodes have been initially set-up in Latvia and Sweden and I will be contacting my hosting providers directly in regards to this situation.

Whatever the outcome, servers for this project being sponsored by the community will continue to be maintained and moving hosts is always an option to ensure that the project always operates from a fully legal standpoint.

1 Like

Having decided to set-up all of the nodes for this project with the initial funding contribution, herewith all new 8 addnode=.onion addresses;

addnode=zcashvkeki52iqpc.onion
addnode=zcasha3cmfrpy7b7.onion
addnode=zcashz7ed3nvbdxm.onion
addnode=zcash5adwfpxfuvf.onion
addnode=zcashixg5ol2ndo4.onion
addnode=zcashuzwa365oh3n.onion
addnode=zcashskbeoiwtym3.onion
addnode=zcashuyvk5e7qfzy.onion

All nodes will be added to the basic config. examples, which you can find here;

I welcome funding contributions from the community to keep this project maintained and up-and-running. I'm starting work on a more detailed 'how to' / set-up guide and other documentation, as I have to complete one for another project.

Thanks! :sunglasses:

3 Likes

2 x Tor Relay nodes are now online!

ZatoshiNakamoto - Japan - https://atlas.torproject.org/#details/9460CA3FE3E41451C984E031CB55ED1FBEEA4004

JohnDobbertin - Australia - https://atlas.torproject.org/#details/8EFD5DEA6E91D72F5E95DFA8DF0B8A7B4D27F76B

The total of 4 public nodes (2 x Exit Nodes and 2 x Relays) are advertising all of the projects 8 addnode=.onion hidden services, with the other 4 nodes being fully hidden services, on separate hosting. After the nodes were provisioned, each .onion address was randomly allocated to ensure the maximum confusion for any potential observers moving forward.

1 Like

I've completed upgrading Zcash to the latest release 1.0.8 on all Zcash on Tor nodes.

I'm also pleased to report that the initial project funding for these servers has enabled myself to complete some important research into running what we might term as 'clean feed' Tor Exit nodes.

Collaborating with https://tornull.org - we have an exit policy reject list in use which is very effective at limiting botnet abuse unfortunately being increasingly perpetrated via Tor Exit nodes.

The projects 2 main exit nodes are mostly only appearing in the DAN TOR / EXIT BL lists, which include all Tor Relay and Tor Exit servers by default.

Having run other Tor Exit nodes myself in the past - resolving 'abuse' issues with the tornull list in place is now almost a non-existent practice or has been massively reduced.

Whilst some might think that Tor Exit servers incorporating any kind of BL is 'censorship', the opposite actually remains true in the majority. A Tor Exit server that is listed in fewer BL's means that Tor users exiting from that server are actually more likely to get to the resource they requested, as the Exit Nodes IP address is not present in BL's which are often being used by websites (incorporated in commercial 'security' software) for 'protection' and/or to limit said 'abuse' issues.

- "The Net interprets censorship as damage and routes around it - John Gilmore.

Having more available Tor Exit nodes is of course better than having less and the reality for Exit Node operators and web hosts, when 'abuse' is perpetrated via the Exit node, is that the Exit is forcibly shut down or at best converted to only Relay Tor traffic instead.

Search for any other Tor Exit nodes from the Tor atlas in said BL's and you will notice that our Zcash on Tor Exit nodes currently have a much better reputation over the majority of other fast Tor Exits.

We trust it will remain this way and appreciate all community support!

3 Likes

ZcashTor0se and ZcashTor0lv are no longer running as Tor Exit nodes and have been converted to Tor Relays, at the request of the hosting provider.

I will continue to host these 2 Relays until around mid. June 2017, at which time 2 new Exit Relays will be put in place for the project, most likely being hosted in Russia and Canada.

All 8 addnode=.onion Zcash hidden service nodes remain online with increasing usage !

If anyone would be willing to sponsor some new nodes in the interim then that would be great as the initial project contribution budget is already rather limited.

The aim for this project should really be to establish several Tier 1 Tor Exit nodes, although we should walk before we can run of course.

1 Like

Have you thought about contacting Torservers.net or NoiseBridge and asking them how much it would cost to get existing nodes to run the ZCash daemon? That would be a lot cheaper and much more secure than running a bunch of nodes yourself. I would vastly prefer that you spend your efforts on improving the setup experience for Tor node operators.

I have some connections to the Tor community, we could even try to launch a fundraiser and get some good press for everyone.

Whilst torservers.net and noisebridge are long-standing Tor exit node operators, they are unlikely to want to run Zcash daemon's on existing nodes currently.

I have personally operated high-bandwidth Tor Exit nodes to the same standards as those organisations. So, having someone else set-up and/or run said project nodes is unlikely to be any cheaper or any more secure. I can recognized the fact that you may be seeking the security of having an 'organisation' running the majority of public nodes, instead of an 'unknown' individual, however.

8 Zcash Tor nodes are already being hosted by myself using the initial funding contribution of around only $300

I would gladly spend my efforts on producing a more detailed set-up guide etc., although without any additional funding the existing nodes are likely to go offline within a month or so anyhow.

Why not? I'll hit the Tor mailing list and see if anyone is interested.

Could you get this done first? A shell script would be ideal....

Right, at least with this effort if funding dries up some people may be willing to keep the servers acting as ZCash nodes since they are running on Tor anyway. They are all crypto anarchists and presumably big fans of a legit privacy preserving cryptocurrency.

2 Likes

@indolering - Thanks! Did you hit the Tor mailing list? Please PM me with a reference to the list digest if you did.

I do actually receive the Tor mailing list digest via one account, although I've been on a brief hiatus, now returning to work etc.,

I'm well on the way to completing a detailed set-up guide. Parts of the set-up can be automated with a shell script. Although, running Tor nodes well, does require a certain amount of base knowledge, so I'm often in two minds about fully automating said set-up procedures.

Obviously the more folks running Zcash (on) Tor the better!

I'll next look at setting up a UK based non-profit and website for Zcash on Tor, as I can fully appreciate that this should make funding more easily accessible.

Existing Zcash on Tor nodes are still running very well. Connectivity with nodes has increased more than 50% in the last month!

1 Like

Argh, I forgot! I will do it tomorrow : )

1 Like

Funding for the Zcash / Tor nodes will expire on 30th June 2017.

Several months worth of hosting has already been added from my own pocket.

Node offerings for the project are likely to be reduced (or terminated) - without any new options I'm forced to switch away from helping others with privacy.

2 Likes

Special thanks to whoever sent some contingency Zcash funding for the project. Much appreciated.

Hosting provision has been secured for at least another month or so and I understand that the Zcash Foundation is also working towards helping with the project.

I hope that we might eventually progress to hosting some T1 type Zcash / Tor .exit nodes for the project!

" Thank you for running a Zcash node!
You're helping to strengthen the network and contributing to a social good :slight_smile: "

:heart_eyes:

2 Likes

The 'Official' project domain name has been registered;

3 Likes

thank you xyZcash. you are awsome.
I am trying to follow your instructions to run a zcash client on a remote server i put up for the sake of making transactions with stealth addresses.
I would like to explain my use case, which I believe to be common enough for the zcash community to want to address and then perhaps create with your help a user friendly guide which is also anonymous in every step of the way.
it is recommended to use latest stable debian as the operating system and so i did. the guide could be just for that OS, at first, so it will not be too complicated.
start with downloading the zcash software. I saw that it is possible to download it via a tor-specific repository, which is great. however i had to google my way to understand how to really make it work through tor.
1. sudo apt-get update
a good idea before starting to download stuff.
1.1 sudo apt-get install tor
we need tor
2. sudo apt-get install apt-transport-tor
for the ability to use tor while downloading from repositories
3. add deb [arch=amd64] tor+http://zcaptnv5ljsxpnjt.onion/ jessie main to the file under /etc/apt/sources.list
adding our custom tor repository
4. sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
5. sed -i 's% http% tor+http%' /etc/apt/sources.list
using tor to download from repositories in general
6. sudo apt-get install torsocks
making sure we have torsocks for the next request
7. torsocks wget -qO - https://apt.z.cash/zcash.asc | sudo apt-key add -
adding a zcash repository (i am not sure this is the move we want to do, it seems the repository does not run through tor)
8. sudo apt-get update && sudo apt-get install zcash
9. zcash-fetch-params
this does NOT run through tor! what is there to be done about this?
10. mkdir .zcash
creating the zcash folder for the next stage
11. nano .zcash/zcash.conf
creating the conf file and pasting the following

rpcuser=someusername
rpcpassword=somepassword

listen=0
server=1
port=8233
rpcport=8232
rpcallowip=127.0.0.1
proxy=127.0.0.1:9050
maxconnections=8
addnode=mainnet.z.cash
addnode=network.zcha.in
addnode=zcashvkeki52iqpc.onion
addnode=zcasha3cmfrpy7b7.onion
addnode=zcashz7ed3nvbdxm.onion
addnode=zcash5adwfpxfuvf.onion
addnode=zcashixg5ol2ndo4.onion
addnode=zcashuzwa365oh3n.onion
addnode=zcashskbeoiwtym3.onion
addnode=zcashuyvk5e7qfzy.onion
addnode=fhsxfrwpyrtoxeal.onion
addnode=zcash2iihed2wdux.onion
addnode=w3dxku36wbp3lowx.onion

  1. nano /etc/tor/torrc
    editing tor configuration and pasting the following

    top part of /etc/tor/torrc:

    #HiddenServiceDir /var/lib/tor/zcash-service/
    #HiddenServicePort 8233 127.0.0.1:8233
    #HiddenServicePort 18233 127.0.0.1:18233
    ClientOnly 1
    SOCKSPort 9050
    SOCKSPolicy accept 127.0.0.1/8
    Log notice file /var/log/tor/notices.log
    ControlPort 9051
    HiddenServiceStatistics 0
    ORPort 9001
    LongLivedPorts 8233
    ExitPolicy reject :
    DisableDebuggerAttachment 0`

  2. /etc/init.d/tor restart
    restarting tor for the hidden service to be created.

  3. zcashd
    running zcashd, the daemon process of zcash. however this is not so daemony so I run it in a screen.
  4. zcash-cli getpeerinfo
    make sure you are getting connections and that they are all ".onion"
  5. zcash-cli getinfo
    make sure blocks are being added to your blockchain.

  6. ?????
    make sure you are actually anonymous and are not giving away your ip every time you make a zcash tx

so in total, 2 major issues-
1. how do I make this call zcash-fetch-params anonymous?
2. how do I make sure i did everything the right way and that I am only running through tor for incoming and outgoing connections?

help on this would be much appreciated and will promote the usability of zcash.

1 Like

@installer_of_zcash Thanks for your above post. Herewith, linked 'official' sources for the mentioned repos;

For 'monitoring' your running Tor instance on a debian / ubuntu server, Arm (CLI) is probably best.

With Arm running you are able to see the number of incoming hidden_service requests (anonymously of course, without affecting users anonymity etc.,) and your own outgoing SOCKS connectivity to Zcash configured .onion addresses.

Ordinarily installed as follows, although the packages can be pulled 'anonymously' of course;

sudo apt-get install tor-arm

It is a very good idea to ensure that you have tor-geoipdb , apparmor-utils and screen installed. Again, ordinarily I would do;

sudo apt-get install tor-geoipdb tor-arm apparmor-utils screen

For the Arm controller to function properly you must ensure that the following is present in your torrc;

DisableDebuggerAttachment 0

Now you can start a new screen session for Arm;

screen -S arm

sudo -u debian-tor arm

Arm should connect to Tor as a controller automatically. You can then navigate Arm with the arrow keys etc., Crtl + A + D to exit the screen session.

screen -r arm

to return to view arm.

...

1 . We do require an 'official' / permanent solution to call zcash-fetch-params 'anonymously'. There are a few ways to do this already, however a definitive method should really be provided by ZECC. I would willing host a (temporary?) .onion repo. though.

For a desktop set-up I'd currently advise running Whonix-Qubes: https://www.whonix.org/wiki/Qubes - which will pull everything 'anonymously' via Tor.

2 . Arm Tor controller will help you ensure that everything is working properly with your set-up.

If you then do;

cd zcash

./src/zcash-cli getpeerinfo

and if you see outgoing IP addresses that are not .onion addresses (when this is the desired functionality of your set-up i.e. onlynet=onion or onion=127.0.0.1:9050 etc.,) then something is clearly a miss.

If you are referring to potential DNS leaks with Tor, then using Wireshark (cli) would be a good starting point.

...

I would be delighted to have others collaborate on documentation and to help promote the project in due course. Again, the more folks that can run Zcash on Tor the better, especially as 'Dual Stack'! If anyone has a zcash addnode=.onion address running on a stable server then I'm always willing to add it to the core project list.