December 4, 2019 at 7:06 am #7401
Any chance your plugin could work with Tor?December 4, 2019 at 7:58 am #7402
Maybe if I figure out Static!!!
Attachments:You must be logged in to view attached files.December 4, 2019 at 8:22 am #7405
So I am looking for a static [wallets_withdraw]December 4, 2019 at 9:26 am #7407alexgKeymaster
Short answer: yes!
Generally speaking you can run WordPress as a tor hidden site, but it’s tricky. WordPress normally contacts various APIs, including the wordpress.org update server; these communications can de-anonymize you. There are several articles online that talk about how to run WordPress as an onion hidden site.
Besides your full node wallets, the plugin also contacts some third-party APIs for the purpose of retrieving exchange rates (See the menu “Wallets” -> “Exchange rates”). If you’re using even one of these, you can be de-anonymized. In the admin page for exchange rates, you can specify a tor endpoint to use when contacting these services.
If you decide to use full node wallets, then any contact with those wallets is probably safe because presumably the wallets are on servers that you control. If you choose to use the CoinPayments adapter, then this can also be configured to use tor (but you need to trust the coinpayments platform with your anonymity). The settings for enabling tor for the coin adapter are under “Wallets” -> “CoinPayments” -> “HTTP Settings”.
If you are strongly interested in preserving your anonymity you might be interested to set up a Monero full node on your own server, and use the Monero coin adapter, rather than rely on a third party service.
In general there’s always trade-offs between anonymity and ease of use. Setting up a Monero full node is somewhat harder but all the necessary instructions are available on the coin adapter’s homepage, and I am available to answer any questions you may have.
EDIT: I noticed now that you’ve posted under the forum for the Exchange extension, while I responded with general information for how to run the plugin in a hidden site. There are no additional considerations for running the Exchange in a hidden site. To answer your specific question, you can use either the static or dynamic templates. The exchange does not contact any third party APIs on its own. My recommendation is that you observe your server with wireshark and see if your identity is being leaked anywhere. Any plugin that you run can potentially de-anonymize you (but the Exchange extension is not one of them), so think in general what APIs your server contacts.
- You must be logged in to reply to this topic.