How to stay anonymous with Tornado.cash and similar solutions

Network-level security

In the current implementation, we only attempt to solve the on-chain part of privacy. There is also network-level privacy that needs to be handled by users.

  • Your IP address can be considered public information because it is known to many parties like your ISP and any router on the way to your target server. For example, your ISP could log timestamps of packets sent to Relayer and correlate them with withdrawal transaction timestamps. Use a VPN or Tor to hide your IP, especially during a withdrawal.

Realistically, for most users, it might be optimal to ignore some of those points in favor of convenience. It might be acceptable that some dapps or RPC nodes have an ability to track the transactions (but most likely they don’t care and don’t log the required data), it still much better privacy than everyone being able to see the full history on a block explorer like Etherscan.

Transaction correlations

Although external observers cannot prove which withdrawal comes from which deposit, they can make an educated guess about it. For example:

  • If a deposit and a withdrawal are right next to each other, it is very likely that they belong to the same person. We recommend waiting until at least a few deposits are made after yours before withdrawing the note.
  • It may also be possible that making deposits or withdrawals only during waking hours of the timezone you are in can reduce your anonymity. A simple way to avoid this problem is to try your best to spread out your deposits and withdrawals as evenly across the 24 hours of each day.

In general, try to avoid any correlations that may suggest that your deposits and withdrawals are linked. A good rule of thumb is to mingle with the crowd.

Written by Tornado.cash team, Wei Jie Koh

Non-custodial private transactions on Ethereum. tornado.cash