LogoLogo
WebsiteDiscordTelegramTwitter
  • ๐Ÿ Witnet Oracle Docs
  • Introduction
    • โ“What is Witnet?
      • โš™๏ธOracle Architecture
      • ๐Ÿช™The Witnet Coin (Wit)
      • ๐Ÿ‘›Wallets
      • ๐Ÿค”Frequently Asked Questions
      • ๐Ÿ˜ŽAwesome Witnet
    • ๐Ÿš€Quick Tutorials
      • ๐Ÿ“ˆPrice Feeds
      • ๐ŸŽฒRandomness
      • ๐ŸŒAPIs and HTTP GET/POST
      • โ›๏ธMining Wit
  • Smart contracts developers
    • โ›“๏ธSupported chains
    • ๐Ÿ”ฎWit/Oracle
      • HTTP GET Requests in Solidity
      • HTTP POST Requests in Solidity
      • Query GraphQL APIs in Solidity
      • Dynamic Requests in Solidity
      • UsingWitnet Inheritance
      • API Reference
        • Solidity API
          • Solidity Contracts
            • WitnetRequestBoard
        • Javascript API
        • RADON API
          • RADON Type System
          • RADON Errors
      • Multi-chain Addresses
    • ๐Ÿ’นWit/Price Feeds
      • How To Use Witnet Price Feeds
      • Update Conditions
      • Code Examples
      • API Reference
      • Multi-chain Addresses
        • Arbitrum Price Feeds
        • Avalanche Price Feeds
        • Base Price Feeds
        • Boba Price Feeds
        • Celo Price Feeds
        • Conflux Price Feeds
        • Cronos Price Feeds
        • Dogechain Price Feeds
        • Elastos Price Feeds
        • Ethereum Price Feeds
        • Gnosis Chain Price Feeds
        • Kaia Price Feeds
        • Kava Price Feeds
        • KCC Price Feeds
        • Mantle Price Feeds
        • Meter Price Feeds
        • Metis Price Feeds
        • Moonbeam Price Feeds
        • OKX Price Feeds
        • Optimism Price Feeds
        • Polygon Price Feeds
        • Reef Price Feeds
        • Scroll Price Feeds
        • Syscoin Price Feeds
        • Ultron Price Feeds
        • Request new price feed or chain support
    • ๐ŸŽฒWit/Randomness
      • Generating Randomness
      • WitnetRandomness Contract
      • Low-level Requests
      • Code Examples
      • API Reference
      • Multi-chain Addresses
    • ๐Ÿ—๏ธGuides
      • ๐Ÿ“–Solidity Contracts
        • Appliances
          • ๐Ÿ“ƒWitnetPriceFeeds
          • ๐Ÿ“ƒWitnetRandomness
        • Core
          • ๐Ÿ“ƒWitnetOracle
          • ๐Ÿ“ƒWitnetRadonRegistry
          • ๐Ÿ“ƒWitnetRequest
          • ๐Ÿ“ƒWitnetRequestFactory
          • ๐Ÿ“ƒWitnetRequestTemplate
        • Mockups
          • ๐Ÿ“ƒUsingWitnet
          • ๐Ÿ“ƒUsingWitnetRandomness
          • ๐Ÿ“ƒUsingWitnetRequest
          • ๐Ÿ“ƒUsingWitnetRequestTemplate
          • ๐Ÿ“ƒWitnetRandomnessRequestConsumer
          • ๐Ÿ“ƒWitnetRequestConsumer
          • ๐Ÿ“ƒWitnetRequestTemplateConsumer
      • ๐Ÿง™Solidity Wizard
    • ๐ŸŽ“Tutorials
      • Building a Satoshi/Wei custom price feed
  • Witnet Node Operators
    • ๐Ÿ–ฅ๏ธRequirements
    • ๐Ÿš€Witnet Node Quick Start Guide (Docker)
    • ๐Ÿ”ŽNext steps
    • ๐Ÿ“„CLI Reference
    • ๐Ÿค“Advanced Setups
      • Run Witnet as a systemd service
      • Run Witnet as a docker compose service
      • Paranoid mode (Witnet over proxies and Tor)
      • Configuration file
  • Witnet Node Developers
    • ๐Ÿ—๏ธIntegration Guide
      • Node API Reference
      • Wallet API Reference
    • ๐Ÿ—œ๏ธCompile witnet-rust from Source Code
Powered by GitBook
On this page
  • Supported proxy protocols
  • Configuration
  • proxies
  • paranoid_percentage
  • allow_unproxied
  • Recommendations and best practices
  • Public proxy servers (at your own risk!)
  • Premium SOCKS5 proxy services (recommended)
  • Tor over SOCKS5 (recommended)

Was this helpful?

Edit on GitHub
  1. Witnet Node Operators
  2. Advanced Setups

Paranoid mode (Witnet over proxies and Tor)

How to make your Witnet node resolve data requests over multiple network proxies to protect itself from potential reputation loss and slashing.

Witnet-Rust now supports an opt-in functionality called paranoid mode. This mode protects nodes from being targeted by ill-intended data requests that may harm their reputation score and steal part of their collateralized Wit coins.

When a node is in paranoid mode, in addition of performing data retrieval through its regular network interface, it will also perform the retrieval over one or more network proxies. Only if the result is consistent across all the proxies, it will proceed to submit a commitment as a response to the request.

Several proxy protocols are supported. This includes Tor, which is probably the most reliable and easy-to-setup proxying solution.

For the extremely privacy-conscious, the paranoid mode allows also to disable the regular network interface, so that data retrieval can never leak their clearnet IP address.

Supported proxy protocols

The currently supported proxy protocols are:

Protocol
Supports authentication
URL example

http

โŒ

http://example.com:3128

https

โŒ

https://example.com:3128

socks4

N/A

socks4://127.0.0.1:1080

socks4a

N/A

socks4a://example.com:1080

socks5

โŒ

socks5://127.0.0.1:1080

socks5h

โŒ

socks5h://example.com:1080

tor (over socks5)

โŒ

socks5://127.0.0.1:9050

Authentication support may be added in a future release of witnet-rust if there is demand for it.

Configuration

Paranoid mode is configured through the witnet.toml configuration file of your node. By default, this file can be found in the following location in your file system:

/.witnet/config/witnet.toml
%USERPROFILE%\.witnet\

The settings that are relevant to the paranoid mode can be found in the [witnessing] section of the witnet.toml file:

~/.witnet/config/witnet.toml
[witnessing]
proxies = []
paranoid_percentage = 51
allow_unproxied = true

If the [witnessing] section does not exist in your configuration file, you can simply create it by copying and pasting these lines at the end of witnet.toml.

proxies

~/.witnet/config/witnet.toml
[witnessing]
proxies = [
    "http://example.com:3128",
    "socks4://example.com:1080",
    "socks5://localhost:9050",
]

If this setting is not found in the configuration file, paranoid mode is disabled.

paranoid_percentage

The paranoid_percentage setting adjusts how strict or lenient to be with inconsistent data sources. Paranoid level is defined as the percentage of successful retrievals over total number of retrieval transports. That is, if we have 3 proxies in addition to the default unproxied transport (4), and we set the paranoid percentage to 51 (51%), the node will only commit to requests in which "half plus one" of the data sources are in consensus (3 out of 4).

~/.witnet/config/witnet.toml
[witnessing]
proxies = [
    // add proxy addresses here
]
paranoid_percentage = 66

If this setting is not found in the configuration file, the default percentage value is 51%.

allow_unproxied

The allow_unproxied setting enables or disables the default unproxied HTTP transport so as to protect the clearnet IP address of a witnessing node. This feature can only be active if the address of at least one retrieval proxy is provided.

This extreme form of the paranoid mode is enabled by setting allow_unproxied to false.

~/.witnet/config/witnet.toml
[witnessing]
proxies = [
    // add proxy addresses here
]
allow_unproxied = false

If this setting is not found in the configuration file, it defaults to true, i.e. unproxied witnessing is allowed as usual.

Recommendations and best practices

Public proxy servers (at your own risk!)

There are plenty of publicly accessible HTTP, HTTPS, SOCKS4 and SOCKS5 proxy servers that anyone can use for free. Their addresses are regularly collected and listed on websites like these:

While there are thousands of different proxy addresses you can choose from, finding a good one is a bit hit or missโ€”it often takes a lot of trial and error. Public proxies also tend to be very slow and can go down unadvertedly at any time. In general terms, they are not reliable enough for the witnessing activity of a Witnet node. Other options such as premium SOCKS5 proxy services and Tor are much preferable.

Premium SOCKS5 proxy services (recommended)

Some VPN providers offer premium SOCKS5 proxy services that perform much better than those that you can use for free. These are some good options:

The only downside to premium proxy services is that, unless you are already using one of those for your regular browing, you will have to pay a subscription. Moreover, if you want to use several of these for optimum results, the cost may be significant. If you just want to add one proxy and prefer not to pay any subscription services, the Tor proxy explained below could be the best option for you.

Tor over SOCKS5 (recommended)

By default, every Tor client normally exposes a SOCKS5 interface that can be used to tunnel network traffic through the Tor network.

If you are running your Witnet node using Docker, setting up another Docker container that will run a Tor proxy on the same machine can be as simple as it gets:

docker run -d \
    --name tor-socks-proxy \
    --publish 9150:9150 \
    --restart always \
    peterdavehello/tor-socks-proxy
docker run -d --name tor-socks-proxy --publish 9150:9150 --restart always peterdavehello/tor-socks-proxy
PreviousRun Witnet as a docker compose serviceNextConfiguration file

Last updated 3 months ago

Was this helpful?

The proxies setting expects a list of addresses to be used as proxies when performing data retrieval. These need to include full scheme, URL and port (you have some examples in the table above).

For non-containerized setups, here is a on how to run a Tor Socks5 proxy on a Debian or Ubuntu server.

๐Ÿค“
Spys.one
FreeProxyLists
ProxyNova
Geonode
NordVPN
IPVanish
PrivateVPN
PrivateInternetAccess
Hide.me
detailed guide
Supported proxy protocols