A guide to maintaining full anonymity and improving security as a Bitcoin miner, protecting you against eavesdropping and hashrate hijacking by your ISP or other third party.
Hablas español? Privacidad de Datos y Seguridad para los Mineros de Bitcoin via Criptonoticias
In its early days, Bitcoin mining was truly permissionless. Anybody who knew about it could simply download some free software onto their computer and start earning BTC.
Of course, that low barrier to entry didn’t last. By late 2010, mining with CPUs was no longer competitive due to the introduction of GPUs. In fact, this trend is what led to the creation of Slush Pool in November of that year, enabling CPU miners to earn stable income again.
When ASICs came to the market in 2013-2014, it quickly revolutionized the industry even more than GPUs had before. The requirement for specific hardware to mine raised the economic barrier to entry dramatically, and it remains high to this day. However, all was not lost.
At least if you could get your hands on some SHA-256 ASICs and affordable electricity, there was nothing else to stop you from mining. Sadly, even this level of permissionless may now be fading away. As governments and regulators take a closer look at Bitcoin, it appears inevitable that they will try to regulate or even directly control mining operations.
So, what can be done to keep mining as permissionless as possible? This article will tell you exactly that.
Would you want your ISP (internet service provider) to know everything you do online? Probably not. One way that internet users have regained some privacy in recent years is with the switch from HTTP to HTTPS, as HTTPS has become the standard for websites.
The ‘S’ in HTTPS stands for ‘Secure’ — short for Secure Socket Layer (SSL). What it means, essentially, is that your ISP will know what websites you visit but not what you do on them. On regular HTTP websites without the SSL certificate, your ISP can know everything you do there, including usernames, passwords, and even payment details that you input. Needless to say, HTTPS is better for internet users.
For Bitcoin miners, most are still using the mining industry’s HTTP-equivalent, Stratum V1. Miners and mining pools constantly send data back and forth between them in JSON (human readable format), and without proper security measures it’s possible for the miner’s ISP to see every detail about these data transfers.
In other words, ISPs can easily see that somebody is mining Bitcoin based on their data. Even worse, a clever and malicious person working at your ISP can actually steal hashrate (and therefore BTC) from a miner without the miner knowing it. (In fact, even your next-door neighbor may be able to do a hashrate hijacking attack if the ISP does not properly isolate customers from each other.
To prevent this, miners can use the industry equivalent of HTTPS: Stratum V2. Whereas V1 data transfers are unencrypted and human-readable, Stratum V2 uses authenticated encryption with associated data (AEAD) to keep data transfers between miners and mining pools private.
Importantly, the switch from JSON to binary in V2 significantly reduces the size of data transfers such that encrypted messages in V2 are still about 50% lighter than unencrypted messages in V1. In other words, miners’ data loads won’t spike up after switching to V2.
Your ISP shouldn’t be able to know that you are mining Bitcoin. Using Stratum V2 helps ensure they won’t. But it’s only part of the solution...
Even if you exclusively visit HTTPS websites, your ISP can still see the websites you visit. They may not be able to see what you do on those sites, but they’ll be able to know a lot about you just from the list of URLs in your browsing history.
For regular web browsing, this is where a VPN (virtual private network) is useful. VPNs mask your public IP address so that your ISP doesn’t see any details about what you do online and your activity is virtually untraceable. Bitcoin miners can use a VPN service as well, but this introduces latency which can be quite costly in a business where every millisecond counts.
However, Bitcoin miners can achieve a similar privacy improvement as a VPN by using a DNS proxy without adding significant latency.
This dnsscrypt-proxy provides local service which can be used directly at your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server. The DNSCrypt protocol uses high-speed and high-security elliptic-curve cryptography that’s similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.
In less technical terms, the name resolving that occurs when you communicate online is encrypted as well through the DNS proxy, meaning that your ISP cannot tell what sites you are communicating with in the same way that they can’t know what sites you visit in regular web browsing when you use a proper VPN.
Miners can use any DNS proxy that supports encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS to achieve much better privacy for their mining operations. Combined with Stratum V2, this is the mining equivalent of browsing the web with a VPN and only visiting HTTPS domains.
If you’re running only one or a few ASICs, the measures discussed above can help you mine with better privacy and security such that it will be difficult for anybody to even see that you are mining. However, there’s no escaping the fact that mining at scale will leave a large thermodynamic footprint which is difficult to hide. The best that can be done with software is make sure that nobody — not even your ISP — can eavesdrop on your mining activities or steal your hashrate.
That being said, security and privacy are important for all miners, whether they be small retail operators in a country that restricts crypto mining or an enterprise miner in a regulated environment like North America. With Stratum V2 and a DNS proxy, your operation will be safe and secure against the majority of cyber attacks out there.
The DNS proxy is open-source for any who want to use it. Meanwhile, you can upgrade to Stratum V2 by installing Braiins OS+ autotuning firmware on your ASICs and connecting to Slush Pool, who developed the first firmware and pool implementations of the mining protocol. For more information, visit braiins.com/upgrade.
Operators of Slush Pool. Creators of Braiins OS+ autotuning firmware & a fully open-source mining stack: Braiins OS + BOSminer + Stratum V2.
Industry leaders in transparency and innovation, with more than 1.25 million BTC mined since 2010.
Increase hashrate on S9s to 17+ TH/s, improve efficiency as much as 20%, and get 50% lower pool fees on Slush Pool
Cutting-edge firmware with an implementation of Stratum V2 and mining software written from scratch in Rust language.
Quality improvements including reduced data loads, empty block elimination, hashrate hijacking prevention, and more.