While services like Tornado Cash Plus+ provide a powerful solution for on-chain privacy, achieving comprehensive anonymity requires user awareness of the broader digital environment. True privacy extends beyond the smart contract; it also involves securing your network-level footprint and avoiding transactional patterns that could inadvertently link your activities.

Mastering Network-Level Security

Your IP address can be considered public information, visible to your Internet Service Provider (ISP) and various servers. An ISP could potentially log the timestamps of your connections to a relayer and correlate them with withdrawal transaction times. To mitigate this, consider the following:

  • Hide Your IP Address: Use a trusted VPN or the Tor network to obscure your IP address, especially when making a withdrawal. This adds a critical layer of network privacy.
  • Guard Your Note: Your transaction note is the key that links your deposit to your withdrawal. Keep it secure. You can share it with a trusted party for auditing purposes, but only after the note has been spent.
  • Maintain Digital Hygiene: Before using your new, private address, clear your browser cookies for dApps. If a dApp detects the same cookies for both your old and new addresses, it can link them. The best practice is to use a completely new digital identity (new browser profile, wallet, and IP) for your withdrawn funds.
  • Beware of Public RPCs: If you use a public RPC (Remote Procedure Call) service like Infura with all your wallets, it might be able to link your addresses, especially if you connect from the same IP or use the same API token. Note that MetaMask, by default, may use the same API token for all your accounts.
"For most users, adopting even some of these practices provides far greater privacy than having a fully transparent transaction history on a public block explorer."

Avoiding Transaction Correlations

While observers cannot cryptographically prove which withdrawal corresponds to which deposit, they can make educated guesses based on transaction patterns. To maximize your anonymity, you need to blend in with the crowd.

  1. Wait Before Withdrawing: If a deposit and withdrawal occur sequentially, they are likely linked. It is highly recommended to wait until at least several other deposits have been made after yours before you withdraw.
  2. Vary Your Cadence: A batch of deposits from one address followed by a batch of withdrawals of the same total size to another address is a red flag. If you need to make multiple withdrawals, spread them out over time and send them to unlinked addresses.
  3. Let Time Pass: Wait a reasonable amount of time after your deposit. We recommend at least 24 hours to ensure that the anonymity set has been populated by multiple, independent users. Always check the instance statistics on tornadocashp.com before transacting.

Be mindful that even subtle patterns, like only transacting during your local waking hours, could potentially reduce your anonymity set over time. The goal is to make your activity indistinguishable from the activity of all other users.

A Note on the Anonymity Set

The statistics on tornadocashp.com reflect the total number of deposits in an instance. However, the real-world anonymity set can be smaller due to off-chain factors. For example, if a user posts on Twitter about their "private transaction," they effectively remove their deposit from the anonymity pool for everyone else. It is in the entire community's best interest to not publicize transaction amounts, dates, or times.

Anonymity is a Practice

In general, strive to avoid any correlations that might suggest a link between your deposits and withdrawals. A good rule of thumb is to move with the crowd. By combining the on-chain privacy of Tornado Cash Plus+ with smart off-chain security practices, you can achieve a robust and meaningful level of financial anonymity in the decentralized world.