Metamask Linkability
RPC providers can be pressured by third parties to disclose user data or even censor particular users or transactions.
Despite millions of users worldwide, today’s wallets often leak user IP addresses and all sorts of metadata.
Crypto wallets are an essential part of the blockchain ecosystem. But wallet transactions rely on RPC providers, centralized companies who can view and store users’ data and metadata, well beyond what’s available on chain.
We need to make web3 trustless, and that means eliminating the ability to harvest IP addresses and other metadata. This increases security and privacy for users and reduces exploit risks for wallets.
In web3, almost every transaction relies on infrastructure provided by closed-source, centralized infrastructure providers who you simply have to trust not to misuse your data. We’re talking about RPC providers like Infura/Alchemy, the engine that keeps the entire crypto rocket flying, supporting billions of RPC calls daily. But unlike the crypto system they support, they are highly centralized black boxes which are entirely closed source.
Want to know what your crypto wallet is exposing to RPC providers?
The only private, secure, and decentralized gateway to the blockchain. And the first real protection against data harvesting from RPC providers.
Even if your provider is trustworthy, handling vital metadata and sensitive information in this way poses a significant risk to privacy and security. RPCh plugs this leak by routing requests and responses through the HOPR mixnet, completely obscuring your metadata to all observers, including your provider.
Thanks to our SDK, RPCh integrates seamlessly with wallets. Users won't notice the difference, but everyone will benefit from the massive increase in privacy.
Common attack vectors users are exposed to through the data their RPC provider collects.
RPC providers can be pressured by third parties to disclose user data or even censor particular users or transactions.
RPC providers can harvest users’ data and metadata and exploit them for gain, including harmful new kinds of MEV.
Decentralized web3 RPC providers can actually be LESS private than their centralized equivalents. When anyone can host an RPC endpoint, it’s crucial that users’ metadata is protected.
Features
Wallet SDK
Docker connector
HOPR entry & exit nodes operated exclusively by RPCh
Centralized discovery platform
Centralized funding service
Alpha, "What does this mean?"
The Beta release already offers privacy far beyond any VPN setup or proxied RPC providers.
Data is routed through separate entry/exit nodes instead of a single proxy
Routing is dynamic, with every request receiving a different combination entry & exit nodes
Requests and responses are segmented and reformatted as Sphinx packets which are indistinguishable to an observer
The dynamic routing by itself already provides a greater disassociation from your IP than a VPN you change 10 times a second. But this version also comes with two intermediaries, protection against network observation and a complete integration of all the key architectural components.
Trust assumption: All entry and exit nodes are controlled by RPCh. We won’t perform a timing analysis! But you should know that we could. This will disappear by Beta.
New Features:
Randomized entry & exit nodes selected from RPCh node runners
Honesty score added to the discovery platform
Beta, "What does this mean?"
RPCh Beta adds decentralization to the ecosystem by allowing all registered RPCh node runners to function as entry & exit nodes. This comes with the additional features of registered nodes having a reliability score the SDK can use to improve network stability and incentivise high-performing nodes.
No need to trust RPCh to not perform timing attacks
Your tx skips the public Ethereum tx pool reducing vulnerability to MEV attacks
Network stability and relay consistency improve with the reliability score
Trust assumption: With significant effort, the entry and exit nodes controlled by random individual RPCh node runners could collaborate to perform timing analysis. This is extremely unlikely, but will be fixed by v1.
New Features:
Multi-hop functionality
Packet mixing
Light client verification
What does this mean?
RPCh v1 introduces multiple intermediary nodes between the entry and exit node, which allows RPCh to utilise the full functionality of the HOPR mixnet. Along with this we introduce light client verification through Kevlar/Helios to provide security against your RPC provider tampering with your response.
Parties that observe the network such as ISPs or your favourite three letter agency will have a significantly harder time analysing traffic
Your wallet no longer blindly trusts your RPC provider to not tamper with your data
Trust assumption: Timing analysis is now extremely difficult due to the delayed and randomized mixing cycles introduced with multi-hop functionality.
New Features:
Trust minimization through client side packet creation
Return pathing for relays
What does this mean?
The packet creation process for initiating relays will be executed by the client, reducing reliance on the discovery platform. And through the use of the return pathing feature of the HOPR mixnet, exit nodes will no longer see the entry nodes they are returning responses to.
Censorship resistance, as wallets don’t just trust the discovery platform
Increased security, as exit nodes no longer see the entry node they would like to collude with
Trust assumption: There is at least one honest node on the entire multi-hop relay. This is the strongest privacy offering of any transport layer privacy solution to ever be developed. A relay would have to consist entirely of colluding nodes to accurately confirm the source and destination of a relay.
DERP replicates an RPC provider and displays your requests in real-time, highlighting the privacy pitfalls of public RPC providers. Many of today’s DeFi services leak identifying metadata, even if you don’t make a transaction. This shows how vital a transport layer privacy solution like HOPR will be in building web3.
Clear and simple UX design is a fundamental part of bringing choices about privacy to users. At the first-ever crypto UX hackathon, participants designed an implementation of the HOPR protocol as a Snap within the MetaMask wallet. These designs were used to inform implementation decisions for later hackathons and the internal development of RPCh.
At the Infinite Hackathon , we challenged hackers to integrate RPCh with live crypto wallets of their choice. This was the first attempt to implement RPCh and was a resounding success with three seamless integrations: Block Wallet, Tally Ho! and Frame.
We have officially launched RPCh and dedicated a new sub-team within HOPR to its future development and integration. This commitment comes with exciting developments, from follow-up events to new partnerships. Keep an eye out, as the coming months will be eventful for both HOPR and RPCh!
What does RPCh solve?
Ethereum RPC providers can see IP addresses and other metadata of Ethereum users. That is a liability for users, wallets and RPC providers alike.
What is RPCh?
RPC middleware at the interface between an EVM wallet and RPC providers to route RPC requests and responses privately via the HOPR network and is thus metadata private on the transport layer.
What is the difference between RPCh and HOPR?
RPCh is a product made possible by building on top of the HOPR protocol.
What is the HOPR network?
The HOPR network is the (not so) secret sauce that makes RPCh metadata private. HOPR is an incentivized mixnet that is much more private than a VPN or even Tor. Thanks to its proof-of-relay mechanisms, the mixnode operators get paid for forwarding packets in the decentralized HOPR network and thus provide privacy for both senders and receivers. -> HOPRnet.org/protocol
Who is the team behind RPCh?
RPCh was created by the HOPR Association as the first commercial service to be built on the HOPR privacy mixnet. The HOPR Association has developed a fully incentivized and decentralized privacy mixnet which it currently continues to develop and maintain. Although HOPR is a company focused on developing infrastructure, after realizing how mishandled data was by web3 services, the Association invested in and created a sub-team to pioneer a service to solve the data leak created by today’s wallets. This is how RPCh was founded, a team of talented and motivated individuals who work closely with the HOPR Association to solve data privacy in web3.