Network-level Privacy
for Ethereum RPC Traffic

Anonymized routing for wallets, frontends, dApps, and light-clients with one-line integration — no extension, user configuration, or system installations.

Ali Atiia
Private Reads
Ethereum Foundation

Stateless Summit · EthCC 2026

privreads.ethereum.foundation

Linkable Onchain ↔ Offchain

We assume users' regular traffic is unprotected vis-à-vis ISPs+. We want to break the link between on-chain and web2 identity.

Even with shielded transactions, simply reading state reveals who you are and what you care about.

Solution: Tor in the Browser

Make anonymized routing available to The Edge: [browser] wallets, frontends, dApps, light clients — with minimal integration effort, no system installations or configurations.

Traffic is encrypted in layers and routed through three relays. No single relay knows both who you are and what you're accessing.

Starting point: Arti

Adapting Arti for the Browser

Arti assumes a native OS environment. The browser has none of these:

std::time::Instant — high-resolution monotonic clock for measuring time intervals. Used in ~28 crates.
Threads / Send bounds — multi-threading and cross-thread data safety guarantees. WASM has a single thread.
Native sockets — TCP and UDP connections. Browsers only offer WebSocket and WebRTC.
SQLite — local database for directory caching and persistent state.
ring (C/asm crypto) — crypto library relying on C and assembly. Requires a pure-Rust replacement for the standard WASM target.
getrandom — OS-level random number generation. Needs special configuration in WASM.

Cross-Cutting Fixes

Browser-Compatible Timers

tor-time

Swaps in performance.now() on WASM, keeps the standard clock on native. One abstraction, two implementations.

~28 crates modified

Single-Thread Compatible

tor-async-compat

A compile-time macro that strips multi-threading requirements on WASM targets, since the browser only has one thread.

51 files across 7+ crates

Memory Optimization

psl → public-suffix

Replaced a dependency that embedded thousands of constants, causing WASM compilation to consume 10 GB+ of memory.

10 GB+ → 2.6 GB

The WASM Runtime

A bridge layer that maps Arti's assumptions to browser APIs

tor-js-gateway

Browsers can't open raw TCP connections to Tor relays. The gateway bridges browser protocols to TCP — restricted to Tor destinations only.

Fast Bootstrap

First prototype took ~3 minutes to connect. The bottleneck is Tor's directory protocol — it incrementally fetches from multiple nodes instead of getting a single bundle.

1

Pre-built Archive

Standard Tor bootstraps incrementally from many nodes — slow over the gateway. Instead, fetch a single brotli-compressed bundle over HTTPS. Arti verifies directory signatures internally, so the server can't lie.

→

2

Brotli Compression

Brotli compression for the bootstrap archive dramatically reduces download size and bootstrap time.

→

3

UI Thread Yields

Periodic sleep(0) yields during heavy processing so the browser doesn't freeze while crunching thousands of descriptors.

3 min

before

→

3 sec

after

Developer Experience

            import { TorClient } from 'tor-js';

            const tor = new TorClient();

            await tor.ready();

            // That's it. This routes through Tor.

            const response = await tor.fetch('https://api.example.com/data');

A familiar fetch()-compatible API. Wallets and dApps swap one line to get Tor routing.

Security Caveats

⚠ Crypto backend is alpha. rustls (TLS protocol) is audited, but rustls-rustcrypto (the underlying math) carries security warnings. Exploring audit options.
⚠ Reduced timer precision. Post-Spectre browser mitigations limit performance.now() resolution, which may affect Tor's traffic-analysis resistance.
⚠ No process isolation. WASM Tor client shares JavaScript context with the host dApp. A compromised dApp could inspect WASM memory.
⚠ Bootstrap trust model. Fast-bootstrap fetches data over plain HTTPS before Tor is running, exposing the user's IP to the bootstrap server. Consensus signatures are verified.
⚠ WASM fingerprinting. A WASM-based Tor client has different execution characteristics than Tor Browser, potentially making users distinguishable.