A guide to maintaining full anonymity and improving security as a Bitcoin miner, protecting you against eavesdropping and hashrate hijacking by your ISP or other third party.
Hablas español? Privacidad de Datos y Seguridad para los Mineros de Bitcoin via Criptonoticias
In its early days, Bitcoin mining was truly permissionless. Anybody who knew about it could simply download some free software onto their computer and start earning BTC.
Of course, that low barrier to entry didn’t last. By late 2010, mining with CPUs was no longer competitive due to the introduction of GPUs. In fact, this trend is what led to the creation of Slush Pool in November of that year, enabling CPU miners to earn stable income again.
When ASICs came to the market in 2013-2014, it quickly revolutionized the industry even more than GPUs had before. The requirement for specific hardware to mine raised the economic barrier to entry dramatically, and it remains high to this day. However, all was not lost.
At least if you could get your hands on some SHA-256 ASICs and affordable electricity, there was nothing else to stop you from mining. Sadly, even this level of permissionless may now be fading away. As governments and regulators take a closer look at Bitcoin, it appears inevitable that they will try to regulate or even directly control mining operations.
So, what can be done to keep mining as permissionless as possible? This article will tell you exactly that.
Would you want your ISP (internet service provider) to know everything you do online? Probably not. One way that internet users have regained some privacy in recent years is with the switch from HTTP to HTTPS, as HTTPS has become the standard for websites.
The ‘S’ in HTTPS stands for ‘Secure’ — short for Secure Socket Layer (SSL). What it means, essentially, is that your ISP will know what websites you visit but not what you do on them. On regular HTTP websites without the SSL certificate, your ISP can know everything you do there, including usernames, passwords, and even payment details that you input. Needless to say, HTTPS is better for internet users.
For Bitcoin miners, most are still using the mining industry’s HTTP-equivalent, Stratum V1. Miners and mining pools constantly send data back and forth between them in JSON (human readable format), and without proper security measures it’s possible for the miner’s ISP to see every detail about these data transfers.
In other words, ISPs can easily see that somebody is mining Bitcoin based on their data. Even worse, a clever and malicious person working at your ISP can actually steal hashrate (and therefore BTC) from a miner without the miner knowing it. (In fact, even your next-door neighbor may be able to do a hashrate hijacking attack if the ISP does not properly isolate customers from each other.
To prevent this, miners can use the industry equivalent of HTTPS: Stratum V2. Whereas V1 data transfers are unencrypted and human-readable, Stratum V2 uses authenticated encryption with associated data (AEAD) to keep data transfers between miners and mining pools private.
Importantly, the switch from JSON to binary in V2 significantly reduces the size of data transfers such that encrypted messages in V2 are still about 50% lighter than unencrypted messages in V1. In other words, miners’ data loads won’t spike up after switching to V2.
Your ISP shouldn’t be able to know that you are mining Bitcoin. Using Stratum V2 helps ensure they won’t. But it’s only part of the solution...
Even if you exclusively visit HTTPS websites, your ISP can still see the websites you visit. They may not be able to see what you do on those sites, but they’ll be able to know a lot about you just from the list of URLs in your browsing history.
For regular web browsing, this is where a VPN (virtual private network) is useful. VPNs mask your public IP address so that your ISP doesn’t see any details about what you do online and your activity is virtually untraceable. Bitcoin miners can use a VPN service as well, but this introduces latency which can be quite costly in a business where every millisecond counts.
However, Bitcoin miners can achieve a similar privacy improvement as a VPN by using a DNS proxy without adding significant latency.
This dnsscrypt-proxy provides local service which can be used directly at your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server. The DNSCrypt protocol uses high-speed and high-security elliptic-curve cryptography that’s similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.
In less technical terms, the name resolving that occurs when you communicate online is encrypted as well through the DNS proxy, meaning that your ISP cannot see details about all of the data being transmitted with the sites you communicate with. For miners who don't have access to Stratum V2 yet or who simply want extra security, this is a good solution.
Miners can use any DNS proxy that supports encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS to achieve much better privacy for their mining operations. Combined with Stratum V2, this is the mining equivalent of browsing the web with a VPN and only visiting HTTPS domains.
However, it's important to note that this still misses something compared to a VPN, which is that the mining pool you connect to can still see your IP address and your ISP can still see that you're communicating with a mining pool.
The best way to hide your IP address on both sides would be using an actual VPN or Tor, but that will likely introduce extra latency. If you care about privacy, it's advisable to always access your pool account using a VPN so that at least your IP address is hidden for that account activity that doesn't have low-latency requirements.
For actual mining activity, it is harder to find a solution that doesn't impact performance, but one option is to rent some cloud server and run a simple TCP proxy there to privately route your mining jobs and share submissions. Stratum V2 along with a TCP proxy is a solid solution. If you can't use Stratum V2, you could instead setup a SOCKS proxy, which would make it such that both your ISP and your mining pool(s) would know you are using a SOCKS proxy, but not what is on the other end of it.
In the end, though, no solution is 100% full proof (not even a VPN). The goal here is to enhance security and preserve privacy as best as possible without sacrificing significantly in performance. If nothing else, you'll make it much more difficult for anybody to mess with your hash.
If you’re running only one or a few ASICs, the measures discussed above can help you mine with better privacy and security such that it will be difficult for anybody to even see that you are mining. However, there’s no escaping the fact that mining at scale will leave a large thermodynamic footprint which is difficult to hide. The best that can be done with software is make sure that nobody — not even your ISP — can eavesdrop on your mining activities or steal your hashrate.
That being said, security and privacy are important for all miners, whether they be small retail operators in a country that restricts crypto mining or an enterprise miner in a regulated environment like North America. With Stratum V2 and a DNS proxy, your operation will be safe and secure against the majority of cyber attacks out there.
The DNS proxy is open-source for any who want to use it. Meanwhile, you can upgrade to Stratum V2 by installing Braiins OS+ autotuning firmware on your ASICs and connecting to Slush Pool, who developed the first firmware and pool implementations of the mining protocol. For more information, visit braiins.com/upgrade.
Bitcoin mining software company: Slush Pool, Braiins OS+ & Stratum V2.
By miners, for miners.
Industry leaders in transparency and innovation, with more than 1.25 million BTC mined since 2010.
Increase hashrate on your Bitcoin ASICs, improve efficiency as much as 25%, and mine on any pool or get 0% pool fees on Slush Pool.
Cutting-edge firmware with an implementation of Stratum V2 and mining software written from scratch in Rust language. Upgrade your ASICs with our firmware and mine on any pool.
Quality improvements including reduced data loads, empty block elimination, hashrate hijacking prevention, and more.