Announcing Tor Support on Casa Node!
Update: Casa Node software is no longer maintained; we recommend looking at other build-your-own node projects.
Today, we’re announcing the next development in the Casa Node’s resilience: Tor support! Tor brings a few really exciting improvements to the Casa Node:
- Enhanced privacy
- Improved security
- Remote access to your node
In this post, we’ll shed light on what exactly Tor is, and why we believe it’s such a huge improvement to the Casa Node user experience.
The Onion Router
Tor, an acronym for The Onion Router (its original name), was developed in the 1990s to protect government communication. Since its inception, however, it has grown to be useful for an array of applications.
Everyday citizens use Tor to avoid invasive data tracking. Journalists use Tor to share sensitive information in politically oppressive climates. News organizations use Tor as a safe way for whistleblowers to speak up. Bloggers use it to assert their opinions without fear of their name being tied to the blowback.
In these cases and many others, there isn’t just a want for privacy—there’s a need for it.
How does Tor work?
You might already be familiar with a VPN, or Virtual Private Network, which helps users anonymize their browsing activity. A VPN encrypts traffic on your computer, passes it through your ISP and then on to a VPN server. Because it’s encrypted by your computer, your ISP can’t tell what’s in the data they’re relaying to the VPN server. Once your data hits that VPN server, it’s decrypted and moves on to its final destination.
Tor works in a similar but more complex manner.
Instead of routing your data through only one server, Tor routes it along a random pathway of servers, known as relays or nodes. These relays combine to form the Tor network. As your data moves from one relay to another, each relay adds its own layer of encryption.
This creates multiple layers of encryption that keep your data private from each relay it touches, and from external actors. These layers of encryption led to the “onion” metaphor.
In addition to layering encryption, each Tor relay only knows which relay gave it data and which relay it’s giving data to. No single relay knows the entire path data has taken or will take. This makes it incredibly difficult for an observer to tell where your data came from or where it’s going at any one point.
Another advantage Tor has over standard networks using network address translation (“NAT” - AKA what most people use in their home) is that devices that wish to exchange data over the network are assigned an onion address.
This is similar to an IP address assigned by NAT, but it has a few unique benefits:
- Onion addresses aren’t public, making them virtually impossible to discover unless the address is shared with you by the owner.
- Onion addresses can communicate with any other address type—NAT or Tor. So, you can still access the “regular” internet from the Tor network.
- Onion addresses are static, so even if your IP address changes, your onion address won’t—it can continue communicating regardless.
Why is Casa implementing Tor?
At present, Casa Nodes don’t run on HTTPS. Information going to & from the Casa Node isn’t encrypted, but it’s protected by your home WiFi network’s firewall. This is why we don’t currently allow you to access your Casa Node from outside your home network—that would open up your information to the world.
We made the decision not to enable HTTPS initially because doing so would involve registering each individual Casa Node with a central security certificate server, breaking privacy and reducing client independence.
But now – by using Tor with Casa Node – data is encrypted by default over the Tor network! This means you can finally access your node from outside your home WiFi by using a Tor browser.
Check out our Casa Node Tutorial for Tor details on how to do this.
When running a Lightning or Bitcoin node, these protocols require you to publicly advertise your IP address, which allows other nodes to connect to yours. Although it would be difficult to find your exact location with this information, people could find your general real-world location using that IP address. This poses a particular risk for individuals running high capacity nodes. If an attacker associates high-value nodes with a particular IP address, they may decide to target that address.
Tor masks your Casa Node’s IP address by assigning it an onion address. An onion address contains no real-world location information, so it’s much harder to be targeted by attackers based on your node’s public information. Tor also thwarts anyone attempting to scan your home network’s open ports to see if you are running a Bitcoin or Lightning node.
Sometimes it’s necessary to enable port forwarding in your router settings in order to allow nodes outside your home network to communicate with your Casa Node. For many users, this is a confusing and arduous process.
A Tor-enabled Casa Node, however, will be able to communicate externally from behind your firewall thanks to its onion address. That means no more port forwarding fiascos, and you can access your node from outside your home network!
What are the trade-offs of using Tor?
There are a few trades that come with the benefits Tor provides:
- Speed – Sometimes using Tor can be slower than a normal browser, because the information has to hop through multiple points before reaching its destination.
- Onion address confusion – Onion addresses can be confusing for people who have never used Tor before. If you want to access your Casa Node dashboard over Tor, we recommend bookmarking the address in your Tor browser.
- Liquidity – There is generally less liquidity on the Lightning Network for Tor-to-Tor connections. However, you can still open a channel to non-Tor nodes from your Tor node, they just can’t open a channel to you. Hopefully, enabling Tor on Casa Nodes will help grow LN’s Tor liquidity!
- Bitcoin Peers – In our testing, we’ve found it difficult for the Casa Node to find peers when running Bitcoin on Tor only. This makes block syncing fall behind. Because of this, we are not allowing the Bitcoin node to run as Tor-only in the short term until we can work out the kinks with it. However, your Lightning Node can run exclusively on Tor.
Tor compatibility strengthens your security by encrypting your node’s communications, augments your privacy by masking your node’s IP address, and takes usability beyond the limitations of your firewall.
Enabling personal sovereignty lies at the core of our company mission, and we believe Tor compatibility for the Casa Node marks yet another positive step in achieving that.
Ready to use Tor?
Tor is now available on all Casa Nodes. If you don't have yours:
The Casa Node + Gold Membership includes:
- A new Casa Node (and first access to Casa Node v2 device once released!)
- Access to Keymaster with 2-of-3 Basic Multisig on iOS and Android
- A hardware wallet and Faraday Bag
- Expert technical support
Already have a Casa Node?
You should be prompted to update your software within the next 24 hours as the update rolls out to all Casa Nodes.
And make sure to claim your Gold Membership (if you haven't already!), with the instructions sent to you by email.
Questions? Feel the need to vent your excitement?
Send us a tweet @CasaHODL !