Running your own Bitcoin full node allows you to verify transactions independently and significantly improve your privacy. This guide explains why connecting the BitBoxApp to your own node matters, which connection options exist, and how to set everything up step by step, including Tor and TLS considerations.
Why should I run my own node?
Running your own node is optional, but it provides two major benefits:
-
Improved privacy:
The BitBoxApp queries your own node instead of external servers for transaction history and balances. -
Trust minimization:
Your node independently verifies all Bitcoin transactions and enforces consensus rules.
You do not need to run a node to use the BitBoxApp. This setup is intended for users who want maximum sovereignty and privacy.
What do I need to connect the BitBoxApp to my node?
To connect the BitBoxApp to your own node, your setup must include:
- A Bitcoin full node (e.g., Bitcoin Core)
-
An Electrum-compatible server, such as:
- Electrs
- Electrum Personal Server (EPS)
- Bitcoin Wallet Tracker (BTW)
The Electrum server acts as the communication layer between your node and the BitBoxApp.
Connection types and security model
There are two supported ways to connect the BitBoxApp to your node. The difference lies in where you connect from and how privacy and security are achieved.
Local connections (clearnet)
Use this option if your computer and node are on the same network.
- A direct connection is sufficient.
- TLS is strongly recommended to encrypt traffic between the BitBoxApp and your node.
Remote connections (Tor)
Use this option if you want to access your node from anywhere.
- Tor is the recommended approach
- No port forwarding or public IP address is required
- Your IP address remains hidden
Exposing an Electrum server directly to the internet without Tor is discouraged and can be risky if misconfigured.
Onion addresses, ports, and TLS
When using Tor, your node is typically accessed via an .onion address. Two ports are commonly encountered.
Anonymity
Anonymity is provided exclusively by Tor.
- Using port 50001 or 50002 does not change Tor-based anonymity.
Security
The difference between the ports lies in transport encryption:
-
Port 50001 (TCP)
- No TLS encryption
- No certificate verification
- Traffic is anonymized by Tor, but not additionally encrypted at the application layer
-
Port 50002 (TLS)
- Encrypted connection
- Certificate verification enabled
- Protection against manipulation or malicious Tor relay behavior
When available, always use port 50002 (TLS) — even with onion services.
How does TLS certificate verification work with onion addresses?
TLS works seamlessly with onion services:
- The BitBoxApp verifies the TLS certificate against the onion hostname contained in the certificate (e.g., via the SAN field).
- Onion services are self-authenticating, so no traditional DNS-based CA validation is required.
- Modern TLS implementations explicitly support this behavior.
Using TLS with onion services increases security without reducing anonymity.
Recommended configuration (summary)
- Local network: TLS over clearnet
- Remote access: Tor + TLS (port 50002)
- Avoid: Plain TCP (port 50001), unless no alternative exists
Connecting to your full node without Tor
Use this setup if your computer and node are on the same network.
Steps
- Open the BitBoxApp.
- Select Settings from the sidebar.
- Open Advanced Settings.
- Click Connect your own full node.
-
Enter the node endpoint (hostname or IP and port), for example:
blockstream.info:700 - Click Download remote certificate.
- Click Check to verify the connection.
- Confirm the message “Successfully established a connection.”
-
Click Add to save the node.
- (Optional) Remove the default BitBox servers to use only your own node.
Only download certificates from servers you control or trust.
What is Tor, the Tor proxy, and which port should I use?
Tor (The Onion Router) routes your traffic through multiple relays to protect your identity.
You can run Tor in two common ways:
-
Tor Browser
- Easy setup
- Uses proxy port 9150
-
Tor background service (daemon)
- Runs continuously in the background
- Uses proxy port 9050
Connecting to your full node via Tor
Use this setup to access your node remotely and privately.
Enable Tor in the BitBoxApp
- Open the BitBoxApp.
- Select Settings from the sidebar.
- Open Advanced Settings.
- Enable Tor proxy.
-
Enter the proxy address:
127.0.0.1
-
Enter the proxy port:
-
9150if using Tor Browser -
9050if using the Tor daemon
-
- Save the settings.
- Restart the BitBoxApp.
Add your onion node
- Open Settings → Advanced Settings → Connect your own full node.
-
Enter your onion endpoint and port, for example:
exampleonionaddress.onion:50002 - Click Check.
- Confirm the successful connection message.
-
Click Add to save the node.
- (Optional) Remove the default BitBox servers.
When using Tor, certificate download is optional but recommended if your server supports TLS.
FAQ
Which Tor proxy address should I use?
This depends on how Tor is running on your system:
-
Tor daemon (background service):
Use127.0.0.1:9050 -
Tor Browser:
Use127.0.0.1:9150
After changing the Tor proxy settings, restart the BitBoxApp to ensure the changes take effect.
For a dedicated Tor setup guide, see:
How to configure the BitBoxApp with Tor
Is running my own node required to use the BitBoxApp?
No. The BitBoxApp works without a personal node, but privacy is improved when you use one.
Is Tor more anonymous than TLS?
Tor provides anonymity. TLS provides encryption. They solve different problems and work best together.
Why is port 50001 sometimes mentioned?
Port 50001 is a minimal TCP setup without TLS. It works but is not recommended if TLS is available.
Can the BitBoxApp verify TLS certificates for onion addresses?
Yes. Certificate verification works correctly with onion services.
Which setup is recommended for most users?
Tor with TLS on port 50002.
Do I need Tor when connecting locally?
No. Tor is mainly useful for remote access.