Hi! I have a question similar to those discussed in this thread. I would appreciate it if you would check out my other post. However, I will copy the relevant questions to this chat as well. You can check it out here: Monero Anonymity: QubesOS/Whonix Split Monero Wallet vs. Self-hosted Onion Remote Node
Half of my question is also about the optimal monerod configuration in the QubesOS/Whonix Monero split wallet setup, which is also described in the Whonix documentation.
- How can I separate p2p traffic from transaction broadcasting traffic to avoid correlation attacks? In other words, I don’t want the p2p nodes I’m connected to also receiving my Monero transactions from the same Tor exit nodes.
My current work-in-progress idea is to use TransPort for p2p traffic and add another TorSocks port for the “new” –tx-proxy flag. However, I am unsure whether this is what the proxy flag is actually intended to do.
Currently, my best guess is to use the following configuration for QubesOS: --tx-proxy tor,127.0.0.1:9180,10. Is that the right approach? Note the IP address, port number, and 10. Is this the correct setup? What does the 10 actually do? From my understanding, it will rotate through ten different peers for broadcasting. Is that correct? Is 127.0.0.1 correct in the QubesOS context? What do you think about the specific port 9180?
- I am also trying to determine whether stream isolation is ideal for the two types of traffic (p2p and transaction broadcast).
My understanding is that, for long-lived p2p connections, stream isolation isn’t ideal, but it is for transaction broadcasts. Therefore, I would use the TransPort for p2p traffic and a SocksPort in the range of 9180–9189 for transaction broadcast traffic. These ports are documented in the Whonix documentation and come with IsolateDestAddr and IsolateDestPort. More information can be found here: Stream Isolation .
As a follow-up, I have a question about the specific port. Is it a good idea to choose any available port in sys-whonix? Wouldn’t doing so increase the risk of another application (perhaps from a different VM) using the same port, which could lead to identity correlation? Would it be better to define a unique monerod --tx-proxy SocksPort to ensure that it is not used by anything else? Is that even an issue, or is traffic using the same SocksPort (e.g. 9180) from two different VMs isolated anyway?
- I also believe that P2P connections running over Tor exit nodes allow for more timing correlation as if they never left the Tor network (e.g., by using Onion Services). In other words, I see potential for improvement in moving all p2p traffic from the current TransPort IP obfuscation method to Tor Onion Services exclusively.
My idea is to use the exclusive relay feature to add only Onion Services as peers. This should result in only P2P connections to Onion Services. I haven’t tested this yet, so I’m looking for feedback and discussion about it.
-
Given the shift to Onion Services for p2p traffic, I would like to determine the optimal number of peers to mitigate the risk of an eclipse attack. Additionally, I would like to explore the potential benefits of implementing stream isolation for p2p traffic. In other words, I am requesting a reevaluation of previous p2p traffic considerations in light of the use of Tor Onion Services.
-
I would also like to start a discussion about whether the Flatpak or the direct Monero binary is the better option.
Flatpak could be updated more easily. Depending on the option chosen, I recommend checking the hardening options, as these should differ between the systemd service file with the Monero daemon (monerod) binary and the Flatpak version.
This is just a rough draft and not a complete setup. It has not been fully tested either. I would appreciate some feedback before moving forward. Please note that I have already spent quite a bit of time testing and consulting the Whonix documentation.