Zcashd full node, start off Tor?

Hi,

I have few questions about keeping zcashd completely anonymous with tor:

1 - If on ubuntu behind whonix can I use zcashd as normal with no special command line usage?

2 - If I run zcashd to sync the full node before tor, then shutdown and boot up behind whonix in tor and reconnect, will it be completely anonymous at that point? Will there be any connection between my tor and non-tor connection that is stored in the client?

Thanks you.

So I imagine you mean Whonix on Ubuntu. Zcashd does not by default route through Tor, so if you wanted to protect your IP address you should use a VPN or Torsocks.

For question 2, I would say just use a remote node. You’re overthinking this and making it impractical.

Also see this guide for setting up Zcashd to connect via Tor on Ubuntu, should be similar on Whonix: Set-up Guide for running Zcash on Tor (Ubuntu / Debian Linux Desktop)

3 Likes

Ok, maybe I missing something. Can I connect to a remote node instead of running a full node and use z- addresses? I don’t see that in the user guide. Could you send link to instructions?

Also, not running on ubuntu. Running a whonix gateway (tor) in a VM, then running debian in a second Vm behind the whonix gateway.

Thank you

You’ll have to (currently) run a full node somewhere if you want to use zaddrs and have privacy. I guess the poster was eluding to something like you can use SSH port forwarding e.g. assuming the default RPC port ssh -L 8232:127.0.0.1:8232 user@your-remote-server

You can then use a GUI wallet like https://github.com/ZcashFoundation/zec-qt-wallet or just the RPC on your local machine to connect to the remote node. You could also accept RPC connections from something other than localhost but this is generally not a good idea.

I’m not sure that helps too much though depending on what you want to do and the Tor guide linked above is your best starting point.

Thank you, but that does not get to goal. I want a fully anonymous connection when creating a z- address and sending/receiving. But download of blockchain over Tor is very slow.

If I can download blockchain while connected directly to internet, then stop VM, then boot VM behind whonix (tor), create z- and send/receive, that would work.

Want to make sure the client has no identifier that would connect the IP downloaded blockchain with IP in tor for send/receive.

I have this question as well. If I’m in the field and I connect to a remote node that I’m running at home, my home IP address shows up in the routing table of whatever gateway router I’m using in the field, which I’d rather avoid.

Currently, I keep the ~/.zcash and ~/.zcash-parameters directories on an encrypted drive, install a zcash node via the package manager on tails, and use symlinks to connect my amnesiac home directory to the directories on the encrypted drive. Then I use zcashd -proxy=127.0.0.1:9050 to start the zcash daemon through tor. It would seem that if tor fails, the adversary will be able to find the coffee shop I’m in, but they won’t be able to find my house.

I think my question is equivalent to harveen123’s question #2:

Is there any way that having downloaded the blochain at home and then using it later in the field could somehow betray my IP address at home? i.e. does any per-node-uniqueness get stored in the initial download?