How to ensure confidentiality and security when mining bitcoin

In the early days, Bitcoin mining was truly open and accessible. Anyone could just download the free software to their computer and start making money.

However, such a low barrier to entry did not last long. By the end of 2010, CPU mining had lost its competitiveness due to the advent of GPUs. This trend led to the creation of the Slush Pool in November of the same year, which allowed the CPU miners to receive a steady income again.

When ASICs entered the market in 2013-2014, they quickly revolutionized the industry. The need for specialized mining hardware has raised the barriers to entry, and it remains high to this day. However, not all was lost.

At least if you were able to get your hands on a few SHA-256 ASICs and available electricity, nothing stopped you from mining. Unfortunately, now even this right may not remain for everyone.

As governments and regulators study Bitcoin, their attempts to regulate or even directly control mining seem inevitable.

What can be done to keep mining as accessible as possible?

Network security

Would you like your ISP to be aware of everything you do online? Most likely no. One of the ways internet users have partially restored privacy in recent years is by moving from HTTP to HTTPS. The latter is already the standard for all websites.

The “S” in HTTPS stands for Secure, short for Secure Socket Layer (SSL), which is a layer of secure sockets. Basically, this means that your ISP knows which websites you visit, but does not know what you are doing on them.

On websites without an SSL certificate, your ISP can track all of your activity, including usernames, passwords, and even payment details. Obviously, HTTPS is a more acceptable protocol for users.

Most bitcoin miners still use the HTTP equivalent of mining, Stratum V1. Miners and mining pools are constantly exchanging data in JSON (human readable format) and, unless additional precautions are taken, the ISP can see all the details of this data transfer.

In other words, ISPs can easily see that someone is mining bitcoin based on the data available to them. Worse, a malicious ISP employee can steal the hashrate (and thus the bitcoins) without your knowledge. Even your neighbor can carry out a hash hijacking attack if the ISP does not properly isolate clients from each other.

To prevent this, miners can use the industry equivalent of HTTPS: Stratum V2. While V1 data transfers are unencrypted and human-readable, Stratum V2 uses Authenticated Data-Attached Encryption (AEAD) to ensure the privacy of data transfers between miners and pools.

Switching from JSON to binary in Stratum V2 significantly reduces the size of the data transferred, so that encrypted messages in V2 are about 50% lighter than unencrypted messages in V1. Data download by miner will not increase after switching to V2.

Your ISP doesn’t have to know that you are mining bitcoin. Stratum V2 avoids this. But this is only part of the solution.

Complete confidentiality

Your ISP can still see which websites you visit. You can learn a lot about a person even from a list of URLs.

For normal web browsing, a VPN can come in handy. A VPN masks your public IP address so your ISP doesn’t know what you are doing on the Internet and doesn’t track your activities. Bitcoin miners can also use VPN services, but this leads to network latency, which can be quite costly in a business where every millisecond counts.

Bitcoin miners can achieve the same privacy improvement with DNS proxies without significantly increasing network latency.

This dnsscrypt-proxy provides a local service that can be used directly on the local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and forwarding them to an upstream server. The DNSCrypt protocol uses high-speed, high-security elliptic curve cryptography, which is similar to DNSCurve, but aims to secure communication between the client and its Layer 1 converter.

Information that is usually exposed is also encrypted through a DNS proxy server, which means that the ISP cannot determine which sites you visit.

Miners can use any DNS proxy that supports encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS to achieve much more privacy. Combined with Stratum V2, this is the equivalent of browsing the web with a VPN and visiting only HTTPS domains.

Hiding your energy consumption is another problem

If you only use one or a few ASIC devices, these steps will help you keep mining confidential and safe. Large-scale mining leaves a thermodynamic footprint that is difficult to hide.

The best thing to do with software is to make sure no one, including your ISP, can eavesdrop on your mining or steal your hashrate.