Tezos node and privacy

Is it possible to run a Tezos node (doing staking) without having to reveal information such as IP address or information related to wallet to the entire network? Will running a node over VPN (such as ProtonVPN https://www.protonvpn.com) work?

Alas no, all blockchains depend on the existence of ISPs and the internet backbone, in large part because every node must store the entire log of all transactions ever sent.

Nodes must sync and to do so requires that they talk to each other over specific protocols. In this layout, latency becomes critical really quick. VPNs can introduce massive latency issues, which is why most VPN providers allow you to choose an exit point close to your physical location. VPNs also encrypt which is another whammy, encrypting the encryption already running on the blockchain.

Still if you want to run a node over a VPN you can. I have tested it and it works, but remember it will come down to the weakest speed link between your node and the exit, public VPN IP address point. Also, remember your node should be accessible 24/7 for your stake period.

Your wallet address will always be known to every node. All transactions are recorded on the blockchain. I’m not saying that nodes can “see” who you are @Farmer_John but they must by definition record all transactions.

Did this help?

Thanks! Yes, it certainly helps. :slight_smile: It appears it might not be feasible to run a node over a VPN, because there is a risk the connection is not available 24/7 when needed for staking. End user can not guarantee this when using external VPN service. How I see it, those who are concerned about privacy might want to delegate staking.

I do have a suggestion for you, SSH tunneling, specifically High-Performance SSH/SCP - HPN-SSH tunneling.

Get yourself a low-cost cloud server, extra security points for running BSD, and port forward to your home Tezos staking server node. Said server does not have to be much, it will be running SSH only so don’t over provision.

Enable SSH to automatically restart all sessions and tunnels and you are golden if a connection drops it will restart without you having to initiate it.

Just a thought.

Concerning using VPN, I ran Tezos nodes on various connection speeds from 25mbit/sec to 10gbit/sec (in the cloud). IMHO VPN latency is neglectable.

Latency not Bandwidth @yg10

Latency is seen as a delay in communication and is measured in milliseconds for a reason.
In testing, I have found that < 30ms is best and <10ms is oh so nice.

The Linux command is:


Trace-route will then give you the “hop” times as it jumps around the web trying to end the connection.

Most VPN providers are inconsistent, sometimes the latency is great and other times it is awful.

@yg10 is making a great point, bandwidth requirements are low.

But ssh tunnel is better than VPN because. 1. No third party software is required. 2. Both sides of the tunnel are under the control.

Just wondering if many people will want to hide their IP addresses.

Thinking yes, developing an SSH server that will only transport Tezos.
These SSH servers will not allow any traffic except to other nodes, SSH works on an application level, all logs will be disabled once the remote node is validated.

The market will be for those who do not want to be tied maintaining a remote server, as well as IoT nodes that will be running Tezos and value privacy.

1 Like