By The Defiant
10 min read
No sign-up, no KYC, and no real names.
You’d think that means DeFi is private, but the reality is, while a major improvement from centralized exchanges, all your transaction history and assets are open for the world to see—they can be even linked to your IP address.
We’ll go over what you can do to protect your privacy right now, and what developers are doing to make it easier to do in the future.
Here’s the issue: To start, every smart contract that you interact with —whether that be Uniswap, Compound, or Balancer— can see your balance, token holdings, and all past activity.
MetaMask alerting users of information sharing
This info isn't just available to smart contracts: it's publicly available on the blockchain. Anyone in the world can access it, and even run advanced analytics on that information.
That could be done by anyone: your mother, your neighbor, the NSA, or Amazon. Creepier still, because the blockchain stores information permanently, the transactions you make now will be visible for the entire future of the blockchain.
Top Ethereum accounts by balance
In this way, using DeFi is a bit like getting the financial equivalent of a tattoo. And while that $YAM logo tattooed on your ass might be fun for a week or two, you might regret it 30 years later.
To make matters worse, the majority of DeFi activity is accessed through the browser. While this makes for a nice user experience, it also means that without precautions you can end up leaking some highly valuable information.
In particular, services like MetaMask or Etherscan can read your IP address, which means linking your IP address to your wallet address. And IP addresses reveal location data.
If that doesn't scare you—imagine a future where you can correlate asset holdings to a precise geolocation.
Correlating an IP address to local coordinates
To be clear, IP addresses aren't stored on the blockchain. They are shared with companies like MetaMask and Etherscan, your Internet Service Provider, any websites you might visit, and various other parties.
While you might trust the intentions of these companies, it's always possible that centralized services can be hacked. Plus, they might sell your information to third parties.
This might seem a bit sinister, but there is some good news: DeFi tools are becoming more privacy-conscious.
MetaMask used to leak your Ethereum address to websites that you visit, but now that is disabled by default. The wallet also recently launched new privacy-focused features such as warning users every time they share account information with a smart contract.
Plus, many startups in the ecosystem are gearing up for privacy. Countless startups are lining up to protect user data and seize the market share that comes with that.
For now, most of these solutions haven't made it to the Ethereum mainnet. Still, here are the steps you can take right now to protect your information while using DeFi.
Vitalik Buterin’s alleged Ethereum account
Ethereum manages blockchain data using what’s called an account-based model, which means that in some ways, its privacy is harder to manage than bitcoin.
On bitcoin, users can create new addresses with every transaction. While vulnerable to chain analysis, this step gives a certain level of privacy, as it breaks the link between different transactions.
With Ethereum’s account-based model, however, the blockchain stores a record of each Ethereum account, complete with all the ether and tokens it has ever held and its entire transaction history.
You can’t break these links simply by spinning up a new ETH address. Rather, to properly unlink transactions from your ETH holdings and past activities, you need to deploy an entirely new account.
A new account will show up on the blockchain with no history or assets until you fill it with coins. Still, unless you are careful about how you send the money to that account, you can create a chain of transactions leading back to your original wallet.
Tornado Cash
That’s where mixing technology comes in.
A way to break the link between sender and receiver, different variants of this technology have been around since 2013. In theory, mixers allow users to shuffle their coins up with other users in order to preserve privacy.
But Tornado Cash is a break from this tradition. Unlike typical mixers, it’s all done automatically over smart contracts, meaning that there are relatively low trust assumptions, and the chances of anyone running off with your funds are reduced.
Tornado Cash allows users to send ETH into privacy pools that break the link between sender and receiver addresses. To better protect privacy, this is done using fixed amounts, such as 1ETH or 10ETH.
To interact with the pool, users send money to the Tornado Cash smart contract. This generates a unique key —called a “note”— that allows users to withdraw money from the smart contract later on.
This note also allows Tornado Cash users to selectively reveal their transaction path, meaning that the information isn’t lost forever if you ever need to declare your ETH for tax purposes or otherwise.
After a certain amount of time in the pool—the longer the better—a user can withdraw their funds. It’s impossible to do this without revealing your wallet identity, so it’s important to use Tornado Cash’s Relayer service, which will send your ETH back from a different address.
Tor Browser
But all these steps are all meaningless if you are still leaking your IP address.
When using the internet, your IP address is leaked constantly. For example, when using Tornado Cash, your Internet Service Provider (ISP) can link transactions to your IP address by correlating with the time of withdrawal with the time that information was sent to the Relayer.
Without precautions, using Ethereum and the internet at the same time means correlating your IP address with your wallet address, which potentially gives away dangerous and sensitive information about the physical location of your wallet.
Because of other information connected to your IP address, this could also potentially link your Ethereum account with your true identity.
The best way to ensure that you aren't leaking IP addresses and geolocation data is to use a VPN. By entering you into a private network, VPNs allow you to assume different IP addresses, that are shared among many computers and have no meaningful purchase on the computer you are using now.
Still, VPNs have trade-offs. For one, they are centralized services, meaning that they are also vulnerable to hacks. The most secure way to use a VPN is over Tor, an encrypted browser that mixes your internet activity through many volunteer nodes.
Tor comes with built-in privacy at the network layer, but the crypto community also has its own privacy-preserving browser- Brave.
Brave doesn’t hide IP addresses so it must be used in combination with a VPN. It also has an internal Tor integration, but the Brave team insists that this isn’t as secure as using the Tor browser itself.
Rather, Brave browser comes with some other privacy promises. For one, it doesn't give out your IP addresses without asking first. It also automatically blocks all ads and trackers and makes online advertising opt-in.
In particular, users can be optionally paid in $BAT for handing over some user-specific information.
If you are reading this newsletter you are probably familiar with $BAT. A popular choice for yield farming and liquidity -mining platforms. Brave’s native token is up 50% in value since January.
Ledger hardware wallet
MetaMask dominates the DeFi landscape. This is problematic because it means that the browser is the main portal to Ethereum finance.
Because of the difficulties of combining Ethereum usage with the internet, by far the safest place to keep funds is in a hardware wallet.
Many DeFi platforms offer Ledger hardware wallets as an alternative payment option. While it's not a standalone safeguard, because your data is stored locally and offline, this is an improvement on using a browser-based service.
Still, if you are constantly connecting your hardware wallet to the internet to make DeFi payments it will suffer similar problems as you will encounter using MetaMask. So it’s still essential to use a VPN and multiple accounts to reach a higher level of privacy.
Ethereum full node requirements
Currently requiring 470GB of disk space, running a full Ethereum node is pretty hardware intensive. That said, it comes with privacy benefits that make it attractive to any committed user.
In particular, by running a full node, users are storing all their transaction data locally and can access it without interacting with anything else.
Because full nodes verify that Ethereum’s underlying state is correct, running a full node comes with security benefits, and helps contribute to Ethereum’s decentralization as well.
But because the hardware constraints make running a full node unattractive to many users, some startups are gearing up to make using full nodes more accessible.
Toward this end, Binance-Labs backed startup HOPR has released a pre-assembled Ethereum node, that automatically runs over a mixnet. By shuffling activity between many participants, mixnets are a privacy technique that protects a user’s metadata, such as IP addresses.
That might seem like a lot to take in- and it is. Maintaining user privacy on DeFi is hard. Still, going forward, many startups are looking to offer better privacy-protecting solutions.
For one, Tornado Cash is planning to release a privacy-focused wallet that will allow users to keep their funds private without having to enter into a Tornado Cash pool. To protect IP addresses, this will run over Tor by default.
Privacy-focused startup Nym Technologies is also providing a mixnet solution geared toward privacy for the network layer, meaning the part that exposes IP addresses. Nym is quietly working with Ethereum teams to raise the bar on privacy solutions going forward.
And while it’s currently a bane on DeFi users, soaring gas costs might be good news for privacy in the long run. With the use of the Ethereum mainnet becoming prohibitively expensive, DeFi is being forced to move to off-chain, layer two solutions.
And there’s a big overlap between scaling and privacy technology, with both features relying on zero-knowledge cryptography. For example, the upcoming privacy project Zkopru will move Ethereum transactions off-chain, while additionally encrypting that information.
Rather than publishing transaction activity on the blockchain as DeFi does now, future-facing solutions may look more like this: encrypted statements on the blockchain that offer the security of Ethereum without sharing any user-sensitive information at all.
[This story was written and edited by our friends at The Defiant, and also appeared in its daily email. The content platform focuses on decentralized finance and the open economy and is sharing stories we think will interest our readers. You can subscribe to it here.]
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.