TL;DR; This guide will help you easily configure an Android Bitcoin Wallet to relay transactions via a trusted full node using Tor, thereby mitigating the several critical security and privacy issues on mobile devices.
Bitcoin mobile clients generally offer significantly reduced security and privacy in comparison to a full node. For many users, this is an unfortunate, but seemingly necessary usability compromise. Wallets have attempted to address the issues in several ways, but all have significant downsides. This guide presents a practical setup for enhanced privacy and security on mobile devices. Specifically, the guide below describes how to use the Bitcoin Wallet for Android and its "Trusted peer" option with a Tor hidden service to avoid several critical issues without sacrificing usability. This guide does not cover any of the issues related to endpoint security (keeping your Android device and full node secure) or privacy loss due to blockchain analysis.
Privacy in the context of Bitcoin is a complex, multifaceted issue. Here we will be focusing on addressing privacy issues related to Bloom filters, passive surveillance of transactions and capturing of IP addresses that broadcast a transaction. Basically everything that happens before transactions are collected by miners and written to the blockchain. There are many other privacy issues in the context of blockchain analysis, but those can be addressed in other ways and are out of scope for this document.
Issues with SPV clients and Bloom filters:
- The Bitcoin Wallet for Android, relies on Bloom filters to protect user privacy. However it has been demonstrated that this is ineffective and connected peers can easily discover which addresses are owned by the user.
- A passive observer controlling many nodes can pinpoint the IP address of the node which is first to broadcast a transaction. This information can then be used for geolocation, address clustering, etc. This is unrelated to Bloom filter information leakage, but can be used to link transactions to a specific actual user. Bitcoin full nodes are less vulnerable to this sort of data collection because they are constantly relaying not only their own transactions, but all transactions on the network.
Without access to the full blockchain, payments can potentially be blocked and peers can hypothetically lie about (withhold) transactions from SPV clients. In the event of a hard fork, running your own full node ensures that you see the fork you are interested in rather than blindly trusting peers.
The original Bitcoin Wallet for Android introduced a so called Trusted peer option allowing the wallet to communicate directly with a full node which the user presumably controls. This theoretically offers the benefits of a full node on a light client (assuming your connection to the node is secure).
In order to prevent a Man In The Middle attack, the connection to the "Trusted peer" must be secure - ie both authenticated and encrypted. However, it is left to the user to figure out this crucial piece.
Trusted peer connecting to self hosted Tor hidden service.
Benefits:
-
Provides authentication as the hidden service name itself is derived from the public key, preventing impersonation.
-
All traffic is encrypted preventing passive surveillance.
-
Data packets are protected against manipulation by intermediate nodes.
-
The Tor network hides the user’s IP address. This frustrates attempts to geolocate transactions and clustering Bitcoin addresses per IP address.
-
If you own the Trusted peer, then you can be reasonably confident that a third party is not monitoring transactions before they are broadcast on the Bitcoin network.
Essentially we resolve the most significant issues inherent in a mobile wallet client using existing software. See Possible data leakage section below.
This setup will require a Bitcoin Core full node which you trust, ie a secure desktop computer (ideally running Linux, etc) and available 24/7. Can also be a close friend you trust not to spy on your transactions or make stupid configuration errors. Although it is possible to host the full node on a remote server (ie Digital Ocean), this will undermine the trustlessness we are trying to achieve here, so it is not recommended. You will also run a Tor proxy on the system allowing your mobile to connect securely to the server.
- Install and configure Tor, then ensure it is properly routing traffic over the Tor network.
- Install Bitcoin Core. The wallet can be disabled, you only need
bitcoind. - Configure Bitcoin Core to run as a Tor hidden service.
IMPORATANT Do not skip this step as this provides all the security / privacy benefits outlined here. - Use the Tor hidden service as the "Trusted peer" as shown in the Android Bitcoin Wallet screen shots below.
Once you have it all setup, you can check your Tor hidden service is recognized on the bitcoin network and then configure your mobile to use the .onion address as shown below.
You will need to install Orbot (Tor Client for Android) and Bitcoin Wallet for Android.
Once the Trusted peer is configured with your .onion hidden service, you will see only a single node connected on a private IP address (10.xx.xx.xx in this example).
Use Orbot's Apps VPN Mode which allows the wallet app to connect to your Tor hidden service.
This setup will protect your transactions from passive surveillance, however the Android Wallet requires additional information via https when constructing the transaction:
- BIP70 payment requests (sent form merchant for example. Should be
https.) - Current fee data is requested from a server controlled by Bitcoin Wallet developers. (public data)
- Exchange rate feed from bitcoinaverage.com. (public data)
This data is transferred over https and tunneled through Tor, so they do involve exit nodes which could try and spy on you. A malicious entrance node might harvest your IP address and a little metadata, but nothing of real value because the connection is authenticated and data is encrypted.
These connections should therefore not present serious privacy / security concerns, but are good to be aware of.
This is by no means the only way to safely run a Bitcoin light client.
Here are a few additional possibilities which I have not tested:
- Use Electrum for Android with your own Electrum server.
- Use a standard VPN or SSH tunnel to route traffic over secure connection from your mobile device to your own full node.
- Use ssh to remotely login to your full node, then use the Bitcoin Core command line interface or to handle transactions (not user friendly).
- Run a pruned full node on your mobile device (significant bandwidth required)
These options may also use Tor to further obfuscate your IP address.
A: Yes: on hardware you control.
Q: Do I have to setup a Tor Hidden service?
A: Yes: This allows you to avoid exit nodes that will spy on your unencrypted traffic.
Q: Is it Dangerous to setup a Tor Hidden Service?
A: Normally not. We are not doing anything illegal here. You should not run an exit node (that is dangerous). You can block relaying, etc if you want to be safer.
A: No. Tor is less anonymous than people once thought and is easy to misuse and misunderstand. Using Tor exactly as outlined above provides a clear security + privacy benefit.
A: Because you believe in freedom enough to experiment with cryptocurrency maybe?
Thanks to Andreas Schildbach (Bitcoin Wallet for Android) and Jonas Schnelli (Bitcoin Core developer) for their input and feedback.
This document comes with no guarantees, do your own homework. Feedback is welcome.
WTFPL - See LICENSE for more info.