I have a question regarding Monero: when is it beneficial to run a Monero node vs connecting to the curated lists (eg: Tor-only nodes provided by Feather wallet, or https://monero.fail ?)
My understanding is that using your own node means no one can correlate your transactions to an IP, but also only the node operator can see your transaction in full.
In order for the transaction itself to be useful, in theory you need to know at least one participant in a transaction. Provided that the coins are swept, and the recipient uses a unique address for each transaction, a single logged transaction is useless, right? Because a bad node operator may only know that one transaction, not the sweep or any intermediate ones.
I am exploring the possibility of hosting my own node, but in the meantime I use feather wallet with the settings “always connect through Tor” and only using Tor nodes. My threat model is more about limiting data on merchants’ ends rather than a targeted attack via mass surveillance, so I think I am reasonably safe.
In addition, if I do run my own node, is there any benefit to making it publicly available via Tor? Tor allows you to NAT hole-punch, meaning no port forwarding etc is needed.
Lastly, there is maintenance burden both in updating the node software but also the underlying hardware.
depends. I wouldnt recomment a random node from monero.fail. only use trusted nodes. Random or malicious nodes can fail to relay your tx, or even cost you money by inflating fee calculations.
Your ISP can also see which txs originate on your node. (unless your node is configured to use –anonymous-inbound + –tx-proxy and/or –proxy)
Your ISP would know that you are one participant.
Unique addresses dont matter. Your address is not stored on chain. Monero uses 1 time stealth addresses.
correlating outputs is from consolidating (or sweeping) them, not from reusing addresses locally. You dont want to “co-spend” outputs to an external source if both ends of the tx (where you sourced them from and where you are sending them to) are being traced by the same entity. See EAE episode of breakingmonero series on youtube.
Depends is both ends (incoming and outgoing) of the outputs are logged. As in, if exchange A deposit to your wallet is logged, and your subsequent deposit to honeypot B is also logged. Worse if you have multiple deposits from exchange A that are consolidated in a deposit to honeypot B.
If the nodes that you use over tor are trusted, there is a lower attack surface than if you were to run a node. The only known traffic on your end would be some KBs of data going over tor.
Yes.
if you bad adequate hardware to begin with, you dont have to update it more than every several years (at this point). The unpruned database is about 230gb. A 2tb ssd should/could be fine for many years to come, especially if running a pruned node.
i think with respect to your threat model , using feather wallet on tor mode should be sufficient. Although syncing wallet through tor would be very slow. If you don’t have the hardware to run your own node then , feather wallet should be next best option. Although i don’t think any method comes with 100% guarantee on privacy or anonymity.
This is the logic behind “sweeping” your outputs after receiving them, right? Typically if I receive Monero I will sweep them afterwards (and recommend my friends do the same). I will look this up and give it a listen when I have some free time, thank you for the recommendation.
At the risk of sounding too self-centered, does opening up my node via Tor only help the network (as in, more people have a trusted node to transact with), or do I gain some benefit too (perhaps by increasing the quantity of transactions I broadcast?)
From what you’re saying, running your own local node that proxies everything through Tor would be the absolute best option, but using Tor-only nodes (via Feather as a “trusted” source, as an example) would be the next best thing?
Thanks for that. In my case, the speed isn’t really an issue and I have made it a habit to open Feather once in a while to sync blocks anyways.
best for whom? Your own privacy? Yes. Others? No. Proxying everything over tor disables incoming connections. To be most helpful to peers you must make sacrifices.
using Tor-only nodes (via Feather as a “trusted” source, as an example) would be the next best thing?
its probably the most private option for personal privacy. Tradeoff being slight centralization & trust