Why Your Bitcoin Node Is Broadcasting Your Location to the Entire Network
Every time your Bitcoin node connects to a peer, it hands over your IP address.
No encryption. No anonymization. Just your home or server IP, visible to every node you connect to — and to anyone watching the network.
If you run a Bitcoin node without Tor, your IP address is:
Visible to every peer you connect to
Logged by blockchain analytics companies
Correlatable with your transactions
Publicly indexed on sites like Bitnodes.io
This is not a bug. It is how the Bitcoin P2P protocol works by design. The question is whether you have taken steps to address it.
What actually happens when your node connects
When Bitcoin Core starts, it connects to multiple peers to download blocks and broadcast transactions. Each connection is a direct TCP connection that exposes your IP address.
Your peers can see:
Your IP address and port
When you come online and go offline
Which transactions you relay first (a strong indicator of which transactions originated from your wallet)
Your node’s version and capabilities
The last point is particularly significant. Research has shown that the node that broadcasts a transaction first is statistically likely to be the originating wallet. If that node’s IP is known, the transaction can be linked to a real-world location.
The fix: route everything through Tor
Tor (The Onion Router) routes your traffic through a chain of encrypted relays before it reaches the destination. Your real IP is never exposed to peers.
Instead of connecting directly, your node:
Sends traffic to a local Tor process
Tor encrypts and routes it through 3 relays
The final relay connects to your peer
Your peer sees the Tor exit node IP, not yours
Additionally, Tor creates a .onion hidden service for your node. Inbound connections reach you through this address without ever knowing your real IP or location.
What this protects — and what it does not
Tor solves the IP exposure problem. It does not solve the transaction graph problem.
Protected with Tor:
Your IP address is hidden from all peers
Your ISP cannot see you are running a Bitcoin node
Your node’s physical location is not publicly visible
Analytics companies cannot correlate your IP with your on-chain activity
Not protected by Tor:
The Bitcoin transaction graph — on-chain analysis still works
Your Lightning channel graph — channel capacity and routing activity are still public
Your node’s public key — still visible on the Lightning Network graph
Tor is a necessary layer, not a complete solution. Combined with good UTXO hygiene and CoinJoin, it significantly raises the cost of surveillance.
The tradeoff: onion-only vs dual-stack
There are two ways to run Tor on a Bitcoin node:
Onion-only mode routes all connections through Tor exclusively. Maximum privacy, but you connect to fewer peers and initial blockchain sync is slower.
Dual-stack mode uses Tor for inbound connections and optionally clearnet for outbound. Better connectivity and uptime, slightly less private since your clearnet IP is still used for some connections.
For a personal node focused on privacy, onion-only is the correct choice. For a Lightning routing node focused on uptime and liquidity, dual-stack is often more practical.
The implementation is straightforward
Setting up Tor for Bitcoin Core and LND takes about 20 minutes on a standard Ubuntu server. The configuration involves:
Installing Tor and creating a hidden service
Adding 4-5 lines to
bitcoin.confAdding a Tor section to
lnd.confVerifying the setup with a few commands
I published a complete step-by-step guide covering the full setup, including Docker configurations, common errors, and how to verify nothing is leaking:
github.com/shadowbipnode/sovereign-linux-tools
Why this matters beyond Bitcoin
The IP leakage problem is not unique to Bitcoin. Any peer-to-peer application that makes direct connections exposes participant IPs. Bitcoin just makes this particularly consequential because the stakes — financial privacy — are high.
The broader lesson is that network-layer privacy requires deliberate action. Encryption protects content. Tor protects metadata. Both are necessary.
Running a Bitcoin node with Tor is one of the cleaner implementations of this principle in practice: a financial application that handles real money, routing all traffic through an anonymization network by default.
It is not perfect. But it is significantly better than the alternative.
I run a sovereign Bitcoin and Lightning node. I publish practical guides on node operation, privacy, and Linux security at github.com/shadowbipnode/sovereign-linux-tools