aboutsummaryrefslogtreecommitdiff
path: root/doc/tor.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/tor.md')
-rw-r--r--doc/tor.md19
1 files changed, 14 insertions, 5 deletions
diff --git a/doc/tor.md b/doc/tor.md
index 79f1563021..a05979fca8 100644
--- a/doc/tor.md
+++ b/doc/tor.md
@@ -99,10 +99,10 @@ This means that if Tor is running (and proper authentication has been configured
Bitcoin Core automatically creates a hidden service to listen on. This will positively
affect the number of available .onion nodes.
-This new feature is enabled by default if Bitcoin Core is listening, and
-a connection to Tor can be made. It can be configured with the `-listenonion`,
-`-torcontrol` and `-torpassword` settings. To show verbose debugging
-information, pass `-debug=tor`.
+This new feature is enabled by default if Bitcoin Core is listening (`-listen`), and
+requires a Tor connection to work. It can be explicitly disabled with `-listenonion=0`
+and, if not disabled, configured using the `-torcontrol` and `-torpassword` settings.
+To show verbose debugging information, pass `-debug=tor`.
Connecting to Tor's control socket API requires one of two authentication methods to be
configured. For cookie authentication the user running bitcoind must have write access
@@ -113,4 +113,13 @@ the user running bitcoind to the same group and setting permissions appropriatel
Debian-based systems the user running bitcoind can be added to the debian-tor group,
which has the appropriate permissions. An alternative authentication method is the use
of the `-torpassword` flag and a `hash-password` which can be enabled and specified in
-Tor configuration. \ No newline at end of file
+Tor configuration.
+
+4. Privacy recommendations
+---------------------------
+
+- Do not add anything but bitcoin ports to the hidden service created in section 2.
+ If you run a web service too, create a new hidden service for that.
+ Otherwise it is trivial to link them, which may reduce privacy. Hidden
+ services created automatically (as in section 3) always have only one port
+ open.