tornadocash/ docs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update opsec guide

This commit is contained in:
gozzy 2023-01-31 22:26:47 +00:00
parent 68e22a522d
commit d567397d31
4 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
general/guides/opsec.md
View File

@ -1,24 +1,49 @@
# Tips to remain anonymous
The Tornado Cash tool allows you to remain anonymous on-chain. However, if the tool is used without protecting oneself upstream and downstream, there is no point and the anonymity would only be partial. There are practices to avoid this.
While the protocol breaks the links between source and destination addresses when appeared on-chain, there is countless areas where individuals can disclose information about their identity when accessing the protocol through middleware like RPC endpoints, hosted web instances and top level domains.
### Use TOR and/or a VPN
### VPN
Your internet service provider (ISP) identifies you with an IP address. To prevent third parties from knowing that you are using Tornado.cash, you should consider [using TOR](tor.md) and/or a VPN for your transfers. Avoid using free VPNs, they tend to keep or even sell your data. There are several VPNs on the market boasting a "no-log policy".
Proxy servers that help mask your internet traffic and location, although purely are operated on a trust basis with the provider. Avoid using free VPNs, they tend to keep or even sell your data. VPNs are not a solution to anonymising your data and are always recommended to use in combination with other tooling. Wireguard is the latest standard when it comes VPN networking protocols.
### Save your note in a safe place
### TOR network
Your note provides a record of your original transaction. Anyone who has it can withdraw the funds deposited, but also know the deposit address. Be sure to keep this note away from prying eyes and store it in a secure environment.
Using onion routing, you can singificantly mask your internet traffic at the cost of connection speeds the more "hops" the harder is to identify the identity and contents of the traffic. This can be done by either:
### Delete data
* accessing served content using TOR browser (Metamask extension support)
* configuring the SOCKS proxy for TOR with the CLI tool
* configuring [Whonix](https://whonix.org) for your operating system or to a virtual machine
Your browser is a real source of information for the extensions you use. Delete your data after each deposit or withdrawal. If two transfers are made with the same cookies, the extension you are using will be able to link these two transactions.
### Store notes with confidentiality
### Be patient
Your note provides a record of your original transaction. Anyone who has it can withdraw the funds deposited, but also know the details regarding the depositing address therefore allowing the ability to deanonymise the transaction.
### Delete cache and history
Browser history and caches can provide a massive amount of data regarding specific behaviourial patterns and timestamps. It is common for browser extensions have read access permissiones to your cache. If two transfers are made with the same cookies, the extension you are using will be able to link these two transactions.
### Wallet
Metamask now by default, logs IP addresses **when a wallet is generated or makes a transaction** please excercise caution if you are using this choice as a wallet and do not take methods to migitate the logging. It would effectively void any anonymity acheived on-chain, if your actual IP address is exposed.
Additionally when you configure an Metamask wallet an Infura RPC access key is assigned to your instance, **if you make two transactions from two seperate addresses from that instance they will be directly related**. It is recommended to delete and reintall the extension for every address you wish to transact from to ensure a fresh access key.
### Wait for subsequent deposits
Your anonymity also depends on the number of transactions after your deposit (statistics tab). If you withdraw your funds immediately after depositing them, it is possible to link your deposit to your transfer using correlation probabilities. The longer you wait, the greater your anonymity set will be.
### Use multiple addresses
A 7 x 10 ETH deposit from one address and a 7 x 10 ETH withdrawal to a single address can also be linked. Remember to multiply your withdrawal addresses.
If an inidivudal makes 7 x 10 ETH deposit from one address and then makes 7 x 10 ETH withdrawals to a single address, it highly indicates an association - remember to use multiple withdrawal addresses to fragment original depositing amounts.
### Use different gas parameters
Behavioural patterns in consisent gas values can be used to fingerprint transactions by correlation, configure arbitary gas values when withdrawing and depositing to maximise anonymity.
### Select the strongest anonymity sets
As privacy through the protocol is achieved probabilistically, the more activity and volumes a specific anonymity set has - the better the potential for anonymity. Select the popular anonymity sets to hide in with the crowd.
### Do not repeatively process withdrawals through the same relayer
Only processing withdrawals through a singular relayer, oses a risk to behavioural pattern profiling. Ensure you are using different relayers for every withdrawal if you want to diassociate two withdrawal addresses from one another.

2
general/guides/post-censorship.md
View File

@ -4,7 +4,7 @@ This is a guide to using Tornado Cash after the 8th August crisis, when the OFAC
--------
> <h4>LANGUAGE:&nbsp;&nbsp;<a href="https://hackmd.io/@gozzy/tornado-cash-制裁后教程">ZH</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="https://hackmd.io/@gozzy/tornado-cash-tras-la-censura">ES</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="https://hackmd.io/@gozzy/tornado-cash-после-цензуры">RU</a>&nbsp;&nbsp;</h4>
<h4>LANGUAGE:&nbsp;&nbsp;<a href="https://hackmd.io/@gozzy/tornado-cash-制裁后教程">ZH</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="https://hackmd.io/@gozzy/tornado-cash-tras-la-censura">ES</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="https://hackmd.io/@gozzy/tornado-cash-после-цензуры">RU</a>&nbsp;&nbsp;</h4>
--------

6
general/guides/relayer.md
View File

@ -102,16 +102,16 @@ The minimum staked amount is currently set by Tornado Cash governance at **`300
When a relayer is used in the Tornado Cash pool, a small amount of TORN is automatically collected from this staked balance by the `StakingReward` contract. This element is essential to keep in mind as relayers will need to keep enough TORN locked (\~`40 TORN` at the moment in April 2022) to be able to pay back the transaction fee to the staking contract.
The collected fees are subsequently distributed among DAO members with locked TORN tokens. TORN are usually locked to participate in on-chain governance (submitting & voting on proposals). You can find more information both on the _[Staking documentation page](../token/staking.md).
The collected fees are subsequently distributed among DAO members with locked TORN tokens. TORN are usually locked to participate in on-chain governance (submitting & voting on proposals). You can find more information both on the _[Staking documentation page](../token/staking.md)_.
{% hint style="warning" %}
Your staked TORN amount is not claimable, and it is non-refundable.
Your staked TORN amount is not claimable, and it is non-refundable
{% endhint %}
![](/.gitbook/assets/5.png)
### 6. Final verification and registration
Last but not least, we advise you to **double-check all information** displayed in the Summary before registering.
Last but not least, we advise you to **double-check all information** displayed in the summary before registering.
![](/.gitbook/assets/6.png)

3
general/token/anonymity-mining.md
View File

@ -1,6 +1,6 @@
# Anonymity mining
Anonymity mining is an incentive to increase the level of privacy in any coin-joining or coin-mixing protocols by rewarding participants anonymity points (AP) dependent on how long they hedge their assets in a pool.
Anonymity mining was an incentive to increase the level of privacy in any coin-joining or coin-mixing protocols by rewarding participants anonymity points (AP) dependent on how long they hedge their assets in a pool.
{% hint style="warning" %}
_Tornado Cash anonymity mining program began on December 18, 2020 and has ended on December 18, 2021._
@ -82,4 +82,3 @@ For more information on anonymity mining, seek the following resources:
* [Tornado Cash governance proposal article](https://tornado-cash.medium.com/tornado-cash-governance-proposal-a55c5c7d0703)
* [Tornado Cash anonymity mining optimisation article](https://tornado-cash.medium.com/gas-price-claimed-anonymity-mining-a-victim-but-now-everyone-can-claim-ap-5441aaa32a1a)
* [Anonymity mining explained (technical)](https://torn.community/t/anonymity-mining-technical-overview/15)