Tor Support in Zcash¶
It is possible to run Zcash as a Tor hidden service, and connect to such services. Warning: Tor support does not explicitly support Zcash nor Zcash explicitly support Tor.
The following directions assume you have a Tor proxy running on port 9050. Many distributions default to having a SOCKS proxy listening on port 9050, but others may not. In particular, the Tor Browser Bundle defaults to listening on port 9150. See Tor Project FAQ:TBBSocksPort for how to properly configure Tor.
1. Run Zcash through Tor¶
Running Zcash through Tor will make all outgoing connections be anonymized on the network, and will suffice for most situations. This is actually quite easy to do!
Download and run Tor Browser. This will automatically run a SOCKS proxy on 127.0.0.1:9150 (with default configuration settings). While Tor Browser (and its proxy) is running, connect zcashd to it with:
$ zcashd -proxy=127.0.0.1:9050
Zcashd flags used:
-proxy=ip:port: sets the proxy server. If SOCKS5 is selected (default), this server will be used to reach .onion addresses as well.
3. Automatically listen on Tor¶
Starting with Tor version 0.2.7.1 it is possible, through Tor’s control socket API, to create and destroy ‘ephemeral’ hidden services programmatically. Zcash has been updated to make use of this.
If Tor is running (and proper authentication has been configured), Zcash automatically creates a hidden service to listen on. Zcash will also use Tor automatically to connect to other .onion nodes if the control socket can be successfully opened.
This new feature is enabled by default if Zcash is listening (
-listen), and requires a Tor connection to work. It can be explicitly disabled with
-listenonion=0 and, if not disabled, configured using the
-torpassword settings. To show verbose debugging information, pass
Connecting to Tor’s control socket API requires one of two authentication methods to be configured:
- Cookie authentication, which requires write access to the
CookieAuthFilespecified in Tor configuration. In some cases, this is preconfigured and the creation of a hidden service is automatic. If permission problems are seen with
-debug=torthey can be resolved by adding both the user running tor and the user running zcashd to the same group and setting permissions appropriately. On Debian-based systems the user running zcashd can be added to the debian-tor group, which has the appropriate permissions.
- Authentication with the
-torpasswordflag and a
hash-password, which can be enabled and specified in Tor configuration.