Maintaining Privacy after withdrawing questions

Hello friends! I’ve read the Tornado Cash medium article about maintaining privacy, but I still have some concerns, hopefully you guys can fill in my knowledge gaps!

  1. I intend to use Tor to maintain privacy, but from what I’ve read, extensions such as metamask do not use Tor routing when interacting with any Defi applications. Doesn’t this mean that extension wallets don’t secure privacy at all, such that ISP will always know the date/time you used an extension wallet?
  2. Is there a privacy wallet intended for tor to help with privacy preservation, preferably with multiple addresses as a feature?
  3. Why are people concerned about tainted Tornado Cash tokens? Couldn’t one just trade these tokens on a CEX that accepts them, and have taint removed after withdrawing? Or perhaps trade for BTC on Thorswap and then coinjoin to remove all traces of Tornado Cash interaction? Just some thoughts.

You could use Tor on Whonix to solve such routing issues.

1 )

While that’s certainly best practice, it would be overkill for most people.

Just set up your browser to use your local Tor SOCKS (9050) or HTTP (8118) proxy … Metamask will also honor that. You can firewall all other ports for your browser, to be safe.

2 )

I haven’t found a privacy-focused ETH wallet, yet. This is pretty stunning, given ETH is a top cryptocurrency. Mindboggling how little privacy appears to be understood and valued. Let me know if you find one. PS: Given Ethereum doesn’t use UTXOs, there are limitations to what you can do efficiently.

3 )

It’s really only a problem if you’re lazy and/or not creative. Or if you use Coinbase & friends. Lol. Don’t.

4 )

I’ll also add a question of my own: Is there a way to refresh the Metamask API key without reinstalling and reconfiguring the extension? Seems painful to do this every time I do something in Tornado.

On Whonix the connection from the Workstation VM is enforced to connect to the Tor network via the Gateway VM, so structurally there should be no way of avoiding Tor routing by application on the Workstation VM, as said above.

Running Whonix is not difficult if you are familiar with VirtualBox. Import the appliance, run the two virtual machines, and you are good to go. You do not have to (and should not) modify configuration. I think it is worth a try if you want to maintain privacy as much as possible.

Here is a link to Whonix website:

Thanks for the advice guys, I’m excited to use Whonix, as soon as I can make the time I’ll be diving in!
By my understanding, because of the Whonix Gateway, any internet browser can be used, such as Chromium, and it will automatically gain tor-like functionality. Is this correct?
What about Bitcoin wallets such as Wasabi, which automatically use Tor. Would it be best to disable that so it can default to Whonix’s Gateway, or does a double Tor not matter?

Since I cannot answer those questions responsibly, first I would like to suggest the links which seem to be relevant.

If browsers other than Tor Browser are used in Whonix ™, the IP address and Domain Name Service (DNS) requests [5] are still protected. However, only Tor Browser provides protocol level cleanup, which includes unique features like proxy obedience, state separation, network isolation, and anonymity set preservation.

it is possible to start a Tor session from the client as well as from the transparent proxy, creating a “Tor over Tor” scenario. This happens when installing Tor inside Whonix-Workstation ™ or when using Tor Browser without configuring it to use a SocksPort instead of the TransPort. This is covered in further detail in the Tor Browser entry.

Doing so produces undefined and potentially unsafe behavior. In theory, the user could get six hops instead of three in the Tor network. However, it is not guaranteed that the three additional hops received are different; the user could end up with the same hops, possibly in reverse or mixed order. The Tor Project opinion is that this is unsafe:

So it is possible to run other browsers than Tor Browser, but it cannot protect privacy as much as Tor Browser does. Wasabi also should be able to be used on Whonix but the Tor-over-tor scenario is regarded as unsafe. Both depend on your risk profile, so I would recommend you to study the OS and decide how to use it.

Hope this helps.


Wasabi will automatically use the Whonix Gateway VM and won’t start a second Tor instance.

I did not check about that. Thanks for the follow-up!

1 Like

I would like to hear your explanation on what you mean by #3. How do you feel the Torn tokens are any more tainted then the withdrawal? Anyone can trace your transaction back and see your withdrawal came from a Tornado Cash contract. How do you feel the Tokens somehow taint you any more?

IMO the OP is referring to ANY token exiting the Tornado contract not just TORN itself.

1 Like