TL;DR
Running Bitcoin-Qt (the original Bitcoin client) securely and privately requires careful configuration. This guide covers essential steps to protect your identity and transactions, focusing on firewall rules, Tor integration, seed management, and avoiding common pitfalls.
1. Firewall Configuration
The most basic privacy step is controlling network access. You want Bitcoin-Qt to *only* connect through the channels you specify (ideally Tor).
- Block all outgoing connections by default: Configure your firewall (Windows Firewall, ufw on Linux, etc.) to deny all outbound traffic from the
bitcoin-qt.exeprocess. - Allow Tor connection: Specifically allow outgoing TCP connections on port 9050 (the standard Tor SOCKS port) for
bitcoin-qt.exe. This is crucial.
Example ufw rule (Linux):
sudo ufw allow out from any to any port 9050 proto tcp comment 'Bitcoin Qt Tor'2. Using Tor for Network Connections
Tor hides your IP address, making it harder to link transactions back to you.
- Configure Bitcoin-Qt: Go to Settings > Options > Connection.
- Enable ‘Use proxy’ and set SOCKS5 proxy: Enter
127.0.0.1as the host and9050as the port. Check ‘Connect through SOCKS v5’. Do *not* use DNS resolution through Tor (leave that unchecked unless you have a specific reason). - Verify Connection: After restarting Bitcoin-Qt, check your IP address using a website like check.torproject.org while the client is syncing. It should show a Tor exit node IP.
3. Seed Management and Peer Discovery
Bitcoin-Qt uses seeds to find peers, but these can reveal your location. Minimize seed usage.
- Disable default seeds: In Settings > Options > Connection, uncheck ‘Connect automatically to nodes’.
- Add trusted peers manually (optional): If you know reliable Bitcoin nodes, add their IP addresses directly in the peer list. This reduces reliance on public seeds. Be cautious about adding untrusted peers.
4. Wallet Encryption
Always encrypt your wallet with a strong password.
- Enable encryption: In Settings > Options > Wallet, check ‘Encrypt wallet’. Choose a long, complex password you won’t forget.
- Backup your encrypted wallet: Immediately after enabling encryption, create a backup of your
wallet.datfile and store it securely (see section 5).
5. Secure Wallet Backups
Your wallet.dat is the key to your Bitcoin. Protect it!
- Regular backups: Create regular, offline backups of your
wallet.datfile. - Secure storage: Store backups on multiple devices (e.g., USB drive, external hard drive) in physically separate locations. Consider using encrypted containers like VeraCrypt.
- Test restores: Periodically test restoring from your backups to ensure they are valid and you remember the encryption password.
6. Avoid Reusing Addresses
Address reuse links transactions, reducing privacy.
- New address for each transaction: Always use a new Bitcoin address for each incoming or outgoing transaction. Bitcoin-Qt generates new addresses automatically; don’t manually reuse old ones.
7. Coin Control (Advanced)
Coin control allows you to select which UTXOs (Unspent Transaction Outputs) are used in transactions, giving you more privacy control.
- Enable coin control: In Settings > Options > Privacy, check ‘Enable Coin Control’.
- Select inputs carefully: When creating a transaction, use coin control to avoid combining UTXOs from different sources or using older UTXOs that might be linked to your identity. This is complex and requires understanding of Bitcoin internals.
8. Keep Software Updated
Updates often include security fixes.
- Regularly update: Check for new versions of Bitcoin-Qt and install them promptly.
9. Beware of Phishing and Malware
Protect your system from attacks that could compromise your wallet.
- Download from official source: Only download Bitcoin-Qt from bitcoincore.org.
- Use antivirus software: Keep your antivirus and anti-malware software up to date.
- Be cautious of emails and links: Never click on suspicious links or open attachments from unknown sources.