Power-User's Guide
Tips to get the most privacy out of Firn.
Last updated
Tips to get the most privacy out of Firn.
Last updated
This post explains in slightly more detail how to use Firn, so as to obtain optimal privacy.
For most users, it’s sufficient just to follow the most basic rules, already discussed in Using Firn: namely, to avoid withdrawing or transferring immediately after depositing, and moreover to avoid withdrawing a quantity which obviously links you to a prior deposit. If you follow these rules, and use the UI naturally, you'll gain most of Firn's benefits. This article assumes knowledge of these basics, goes a bit beyond them.
Importantly, Firn follows the account-based paradigm; this fact is discussed in more detail in our Cryptographic Explainer. Please skim that article before reading this one.
The below image shows a logged-in account state:
I’ll distinguish in this post between your Ethereum account—in this case, 0xFc6b...4fCE, and your Firn account, which in this screenshot is 0x26cb...b887. Your active Ethereum account will always appear in the rectangular bar at the top right, to the left of the wallet icon. Your Firn account is (when you’re logged in) represented by the circular avatar, and will appear if you click that avatar. In Firn, privacy comes from dissociating your Ethereum and Firn accounts (especially during withdrawals).
Firn actually has two kinds of deposits. This is because—for Sybil protection, and in order to prevent the anonymity set from being flooded by attacker-controlled accounts—Firn requires that each new account do two things:
sign a message on behalf of itself.
deposit a nominal amount (at least 0.010 ETH).
In order to make the user experience as smooth as possible, Firn automatically and quietly handles both of these tasks in your first deposit, which we’ll henceforth call a registration. Because of the first requirement, however, in registrations, the depositing Ethereum account and the destination Firn account are linked. In standard deposits, they’re not.
For most users, the mere fact that withdrawals are private will deliver sufficient privacy, regardless of the privacy of deposits. If you want maximal privacy, though, you should perform your registration from a non-sensitive Ethereum account—containing only a nominal amount of funds (namely, at least 0.010 ETH)—and then, after waiting appropriately, deposit the bulk of your funds. This latter deposit will be anonymous.
Let’s go through the flow. The key technique is switching Ethereum accounts after you’re already logged in.
The first thing you should pay attention to is which Ethereum account is active when you log in in the first place. This account will be used—later—to regain access to your funds. Always log in using an account which you won’t forget or lose control of. We recommend using a Ledger for this purpose. The act of logging in is entirely local; nothing will show up on-chain.
Next step is your initial deposit, or your registration. To go through this process, you should—after logging in—select a non-sensitive Ethereum account, with a nominal amount of funds. In general, this can and will be different from the account you used to log in. If this is so, you will need to switch accounts in your wallet (you can even switch wallets altogether). When you switch accounts, you should see the active Ethereum account in the top right change; a toast will also appear upon each account change. After switching if appropriate, enter some amount (say, the minimum of 0.010 ETH) in the deposit panel, and go through with the deposit (really, a registration).
Once you’ve registered, you're good to go. Always wait some time after registering before making further deposits. Going forward, you can log back into Firn (using the initial account from the login step), and then select an arbitrary Ethereum account (switching if necessary). You can then deposit from this arbitrary Ethereum account. Each such Ethereum account will not be linked to your Firn account, or to the account you used to register.
Note that once you’ve logged in, your Firn account will not change, even if you switch Ethereum accounts. To log into a different Firn account, you will need to log out, select an appropriate Ethereum account, and log back in.
To summarize, for maximal privacy, here is the flow:
log in, using a secure account (ideally a Ledger). this act is local, and has no publicly visible manifestation.
select a non-sensitive Ethereum account (switching if necessary), and make a nominal registration deposit.
from this point, make (possibly multiple) deposits from arbitrary, sensitive Ethereum accounts. these won’t be linked, either to each other, to your Firn account, or to your registration account.
Withdrawals and transfers work in the usual way, and are always private. As always, make sure to wait between deposits and withdrawals, and to withdraw generic amounts.