 Does running a Bitcoin full node and or a lightning node at home attract hackers to my IP address and home network? Also, could it reveal ownership of Bitcoin and attract physical attacks? Are pre-configured full-node starter kits safe to use for non-technical people? Or is this completely against the point of running a full node, and thus non-technical people should abandon the idea? That's a great set of questions, JJ. Running a Bitcoin full node on your home network will, possibly, under certain circumstances, make it obvious to the world... that you have an interest in Bitcoin. If your security depends on nobody knowing that you have an interest in Bitcoin, we have a term for that in security circles, and that's called security by obscurity, and it's not security. Security by obscurity, basically relying on the fact that people don't know either about the layout of your network, or the security tools you're using, or what things you have interest in, or what kind of assets you have, is the weakest form of security. It's not zero, it's still somewhat secure to have some obscurity. It's not a bad thing to do, but if you rely on that as your only security, then you've got a big problem. If it's easy to access your Bitcoin wallet or compromise your Windows machine, then you're going to fall victim to attacks... that are broad-based. That means someone writes a virus to troll as many Windows machines as possible, millions around the world, or even Macs, Linux machines, and other devices, looking for specific things. For example, files called wallet.dat, or entries in the clipboard that look like base 58-encoded Bitcoin addresses, or private keys, or things like that, and then they attack those machines. It's not really the targeted attacks that are the main problem, but these types of viruses and trojans are now being distributed broadly. The chances of you getting one on your machine depends on how well you secure your computer. Whether someone knows you have Bitcoin or not, that doesn't make you more or less of a target of attack, because at the moment everyone is being attacked. The good security that you should do is maintain your operating system, meaning apply the security updates as soon as they come out. Don't install all kinds of weird software that you don't know where it's come from. Be careful with the settings of your firewalls to protect access from the outside. Use strong passwords on your operating system and all of the websites you visit using a password manager. All of these are standard security practices to strengthen the security of your home network. If you're really worried about advertising the presence of a Bitcoin node, one of the things you can do is use a Tor hidden node, where your Bitcoin node only communicates over Tor, the onion-routed network. What that does is it obscures the origin and destination of your Bitcoin-related messages and the protocol interactions that your Bitcoin node is doing. However, you should really not think of obscurity as a good security mechanism. As for the second part of the question, which is full nodes, full-node starter kits are a great way to get involved in starting and running your own Bitcoin full nodes. While they make it easy for you to install in the first place, you can buy this little mini-PC that's usually running some version of Linux, and has a Bitcoin node implementation, usually Bitcoin Core on it. Just plug it into your home network or configure the wireless. Boom, you've got a node. It will sync, it will run, and do all of the things you expect it to do. Just because you've bought it pre-configured doesn't mean that you can't gradually develop the expertise to log on to that Linux system, to upgrade the Bitcoin Core software, to configure it differently, and gradually to learn more and more about how to manage that Bitcoin system. Things that you'd have to do anyway if you're running your own Bitcoin node from scratch. It's a great way to get started easily, but it doesn't stop you from expanding your knowledge and doing more with the Bitcoin node you've installed. I think it's an overall good idea. You can do it fairly easily, fairly inexpensively. The next question is closely related to the previous one. It comes from Mark. If I've understood correctly, Bitcoin full nodes listen, find, and connect to other nodes via port 8333. What does this mean from a security perspective? Could ISPs block traffic along those ports? How would Bitcoin nodes find each other if we use different ports? Or have all these lessons been learned from the P2P Torrenting community, and can we just follow in their footsteps? Mark, that's a great question. While the default standard port for Bitcoin is port 8333, you don't have to have your Bitcoin nodes on that port. In fact, you can change ports. If, for whatever reason, that port was blocked, you can just configure it to use a different port. When your Bitcoin node connects to other nodes that it finds on the network, any other node, it advertises its own presence and tells other nodes that they can connect to it. That address is propagated, but it's not just propagating its IP address, it's also propagating its port number. A full node connection string for Bitcoin protocol is IP address and port. If you put your Bitcoin nodes on a non-standard port, it will advertise its IP address and non-standard port, so that others can find it, and they will happily connect to it on any port it may be on. While the default is 8333, you don't have to use the default. Is it more secure not to use the default? Perhaps. If your node is advertising an open port on 8333, then it's obviously Bitcoin. But if it's advertising an open port on 6, 3, 2, 5, or 2, 5, 1, 3, or any other port number, does that mean that you've managed to hide the fact that you're running Bitcoin? No. Very simply, a port scanner will connect to port 2, 5, 1, 3, send the TCP packet, and see what comes back. Port scanners have the ability to do what's called fingerprinting. From that fingerprinting, they can find out not only what application is responding on the other side, but looking at certain patterns in the response. They can also figure out what kind of operating system and TCP IP stack is on the other side of that connection. You're not really hiding anything by changing ports. It's just as easy to discover that you are running, in fact, Bitcoin Core. Port scanners also will get you down to the version number and fingerprint that quite easily. If you really want to hide the presence of Bitcoin on your node, then you should run it behind a tour, and run it as a hidden tour node. That's the only way to hide it better than changing your port number. What happens if ISPs block that port? Well, you just use a different port. The thing is, most ISPs don't play any more. The reason they don't play is because they realize that it's very difficult to maintain that game. If you keep blocking ports that correspond to different services, all of the services end up migrating to port 80 and port 443. We end up running these services so that they look like web servers. They can't really block your access to port 443, which is HTTPS, or port 80, because that would disrupt your web browsing experience. Some ISPs will block all incoming ports, in which case you can use a VPN or proxy to forward things back into your node. They can't stop that either. If they start looking at the traffic in order to determine if it's Bitcoin or really HTTP traffic, to figure out how to block one versus the other, then you encrypt the traffic and run over an SSL proxy, or over an SSL VPN into a country where ports are not blocked. The bottom line is that it's very difficult to control access to different applications. If you have a general-purpose computer and a general-purpose network like the internet, you can hide traffic in a number of different protocols and in such ways that it becomes this cat-and-mouse game. Even in places like China, where they have very effective firewalls, and places like North Korea, where they dedicate enormous resources, those who are willing to take the risk to evade and bypass these restrictions, are able to do so. The biggest risk there is not that they're going to find your port. It's that one of your neighbors is going to snitch on you for doing this, and you'll end up in jail, or Gulag, or worse. The technical aspect of evading port blockers, deep packet inspection, and things like that, these have been learned by the P2P community, as you indicated, Mark. Therefore, there isn't really a great risk of ISPs blocking those ports. If they want to start playing this cat-and-mouse game, we have a big, big tool set. As I've said before, if people start attacking Bitcoin in this way, what it's going to do is trigger the evolution of Bitcoin into a much more stealthy, anonymous, and much more evasive protocol, which it can keep doing so that it will evolve against that response. The only reason it doesn't do these things today is because it really doesn't need to.