As you know, we put the security of the network above everything else.
In the forthcoming release of 0.3.2 we have prepared a number of changes and improvements, but we will talk about that in a moment.
As you know, every cryptonote daemon has print_pl (print peer list for Monero codebase or getPeers for Bytecoin codebase). Thanks to these, a list of peers connected to the network is visible. An example can be seen at https://map.supportcryptonight.com/. This may remind some users that privacy is important and that every person running a daemon could export the ip peer list and use it for different purposes. This is not specific to ArQmA. If you want to be less visible, you need to start arqmad daemon with the –hide-my-port parameter, so you will not announce yourself as a peerlist candidate.
At the moment we are experimenting with the integration of the TOR network into the ArQmA network. Stay tuned and take care!
In the upcoming release…
While Arqma isn’t made to integrate with Tor, it can be used wrapped with torsocks, by setting the following configuration parameters and environment variables:
–p2p-bind-ip 127.0.0.1 on the command line or p2p-bind-ip=127.0.0.1 in arqmad.conf to disable listening for connections on external interfaces.
–no-igd on the command line or no-igd=1 in arqmad.conf to disable IGD (UPnP port forwarding negotiation), which is pointless with Tor.
DNS_PUBLIC=tcp or DNS_PUBLIC=tcp://x.x.x.x where x.x.x.x is the IP of the desired DNS server, for DNS requests to go over TCP, so that they are routed through Tor. When IP is not specified, arqmad uses the default list of servers defined in src/common/dns_utils.cpp.
TORSOCKS_ALLOW_INBOUND=1 to tell torsocks to allow arqmad to bind to interfaces to accept connections from the wallet. On some Linux systems, torsocks allows binding to localhost by default, so setting this variable is only necessary to allow binding to local LAN/VPN interfaces to allow wallets to connect from remote hosts. On other systems, it may be needed for local wallets as well.
Do NOT pass –detach when running through torsocks with systemd, (see utils/systemd/arqmad.service for details).
If you use the wallet with a Tor daemon via the loopback IP (eg, 127.0.0.1:9050), then use –untrusted-daemon unless it is your own hidden service.
Example command line to start arqmad through Tor:
DNS_PUBLIC=tcp torsocks arqmad –p2p-bind-ip 127.0.0.1 –no-igd
Using Tor on Tails
TAILS ships with a very restrictive set of firewall rules. Therefore, you need to add a rule to allow this connection too, in addition to telling torsocks to allow inbound connections. Full example:
sudo iptables -I OUTPUT 2 -p tcp -d 127.0.0.1 -m tcp –dport 19994 -j ACCEPT
DNS_PUBLIC=tcp torsocks ./arqmad –p2p-bind-ip 127.0.0.1 –no-igd –rpc-bind-ip 127.0.0.1 \
Secured connection to daemon RPC over SSL
We are on the last steps before the next release