Run Your Own Node Over Tor (Most Private)
The gold-standard setup: run your own local node, route its peer traffic over Tor, and point your wallet at localhost — the most private way to use Monero.
If you want the strongest network privacy Monero can offer, this is the setup: run your own node, route its traffic over Tor, and point your wallet at it on your own machine. Nothing you do touches a stranger's server, and even the peer network never learns your real IP. This lesson explains why that combination is the gold standard and how to put it together, building on Running or Choosing a Node and Connecting Over Tor.
Why This Is the Most Private Setup
As the node privacy ladder shows, two separate things leak your network privacy, and running your own node over Tor fixes both:
- Your own node means no third-party operator can see which outputs your wallet queries, your subaddresses, or when you broadcast — because your wallet only ever talks to software on your own machine.
- Over Tor means your node reaches the Monero peer network through Tor, so other peers see a Tor circuit, not your home IP. Even the fact that "a Monero node runs at your address" stays hidden.
Run your own node on the clear internet and you've solved the first problem but not the second: your node still appears on the peer network with your real IP (not tied to any specific transaction, but visible). Add Tor and that last thread is cut. This is why "your own node, over Tor" sits at the very top of the privacy ladder.
The Two Directions of Tor for a Node
A node makes and receives connections, and Tor can cover both:
- Outbound (the important one): your node dials out to other peers through Tor's SOCKS proxy, so you sync and broadcast without exposing your IP. This alone gives you the private setup.
- Inbound (optional): you can also publish a
.onionaddress so other peers — or your own phone wallet when you're away — can reach your node inside Tor. This is nice for reachability but isn't required for personal privacy.
What You Need
- Tor installed and running. It provides a local SOCKS proxy, by default at
127.0.0.1:9050. - monerod, the Monero daemon, with enough disk for the blockchain (or use pruning — see Node Pruning).
- A wallet you'll point at your own node instead of a remote one.
Putting It Together
The exact commands are documented in the official Monero user guides, but conceptually you do three things:
- Route the daemon's outbound traffic through Tor. Start monerod with a proxy pointing at Tor, e.g.
--proxy 127.0.0.1:9050, and add some.onionpeer nodes so it can sync entirely inside Tor. To broadcast transactions over Tor specifically, monerod also supports a--tx-proxyoption for the Tor network. - (Optional) Offer an inbound onion service. Configure a Tor hidden service for monerod's P2P port and pass
--anonymous-inboundwith your.onionaddress so peers can connect to you privately. - Point your wallet at localhost. Set the wallet's daemon address to your own node —
127.0.0.1:18081— so it never contacts a remote server. That's it: local node, Tor for the network, wallet on your own machine.
If running and maintaining this yourself is more than you want, a good node appliance can automate much of it, and some ship with Tor configured out of the box.
Check That It's Actually Working
Two quick sanity checks save you from a false sense of privacy:
- Confirm your wallet is connected to 127.0.0.1, not a remote node — a wallet quietly falling back to a public node defeats the point.
- Confirm the daemon is using Tor: its peer connections should be to
.onionaddresses, and it should sync even if you block clearnet, showing the traffic really is going through Tor.
The Trade-Offs
This setup costs some convenience for its privacy:
- Slower sync. Tor adds latency, so the first blockchain sync over Tor is noticeably slower. Many people do the initial sync on clearnet, then switch the daemon to Tor for day-to-day use.
- More setup and upkeep. You're running two services (Tor and monerod) and keeping them updated.
- Resources. A full node needs disk and bandwidth; pruning reduces the disk cost a lot.
For most people the payoff is worth it: this is as private as everyday Monero use gets. Remember that network privacy is one layer — pair it with sound on-chain habits from OPSEC for Monero, and be clear-eyed about your threat model so your effort matches what you actually need.
Your own node plus Tor is the top rung of the ladder: your wallet's activity is hidden from any operator, and your node's location is hidden from the network. Do the initial sync, flip on Tor, point your wallet at home, and you're running Monero the most private way there is.
Comments
Log in or create a free account to comment.
No comments yet — be the first.