tornadocash/docs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d567397d31
docs/general/guides/opsec.md
gozzy d567397d31 update opsec guide
2023-01-31 22:26:47 +00:00

3.8 KiB
Raw Blame History

Tips to remain anonymous

While the protocol breaks the links between source and destination addresses when appeared on-chain, there is countless areas where individuals can disclose information about their identity when accessing the protocol through middleware like RPC endpoints, hosted web instances and top level domains.

VPN

Proxy servers that help mask your internet traffic and location, although purely are operated on a trust basis with the provider. Avoid using free VPNs, they tend to keep or even sell your data. VPNs are not a solution to anonymising your data and are always recommended to use in combination with other tooling. Wireguard is the latest standard when it comes VPN networking protocols.

TOR network

Using onion routing, you can singificantly mask your internet traffic at the cost of connection speeds the more "hops" the harder is to identify the identity and contents of the traffic. This can be done by either:

  • accessing served content using TOR browser (Metamask extension support)
  • configuring the SOCKS proxy for TOR with the CLI tool
  • configuring Whonix for your operating system or to a virtual machine

Store notes with confidentiality

Your note provides a record of your original transaction. Anyone who has it can withdraw the funds deposited, but also know the details regarding the depositing address therefore allowing the ability to deanonymise the transaction.

Delete cache and history

Browser history and caches can provide a massive amount of data regarding specific behaviourial patterns and timestamps. It is common for browser extensions have read access permissiones to your cache. If two transfers are made with the same cookies, the extension you are using will be able to link these two transactions.

Wallet

Metamask now by default, logs IP addresses when a wallet is generated or makes a transaction please excercise caution if you are using this choice as a wallet and do not take methods to migitate the logging. It would effectively void any anonymity acheived on-chain, if your actual IP address is exposed.

Additionally when you configure an Metamask wallet an Infura RPC access key is assigned to your instance, if you make two transactions from two seperate addresses from that instance they will be directly related. It is recommended to delete and reintall the extension for every address you wish to transact from to ensure a fresh access key.

Wait for subsequent deposits

Your anonymity also depends on the number of transactions after your deposit (statistics tab). If you withdraw your funds immediately after depositing them, it is possible to link your deposit to your transfer using correlation probabilities. The longer you wait, the greater your anonymity set will be.

Use multiple addresses

If an inidivudal makes 7 x 10 ETH deposit from one address and then makes 7 x 10 ETH withdrawals to a single address, it highly indicates an association - remember to use multiple withdrawal addresses to fragment original depositing amounts.

Use different gas parameters

Behavioural patterns in consisent gas values can be used to fingerprint transactions by correlation, configure arbitary gas values when withdrawing and depositing to maximise anonymity.

Select the strongest anonymity sets

As privacy through the protocol is achieved probabilistically, the more activity and volumes a specific anonymity set has - the better the potential for anonymity. Select the popular anonymity sets to hide in with the crowd.

Do not repeatively process withdrawals through the same relayer

Only processing withdrawals through a singular relayer, oses a risk to behavioural pattern profiling. Ensure you are using different relayers for every withdrawal if you want to diassociate two withdrawal addresses from one another.