Metamask extension for Tor in Whonix


I need an anonymous Ethereum wallet to trade and hold ERC20 tokens. Here is my current config on Whonix workstation:

  1. Installed the Metamask extension on Tor
  2. Bought ETH on Bisq with clean Bitcoin (previously exchanged for Monero on Bisq)
  3. Bought ERC20 tokens on decentralized exchanges using the Metamask wallet
  4. If I loose the Tor browser data (during an upgrade), I can recover the wallet from the seed phrase. Metamask keeps the encrypted private key in the browser’s localStorage.

I chose Metamask for usability reasons, but anonymity is paramount. By default, it connects to a remote node hosted by Infura. Should I be worried about DNS leaks? Regardless, I’m relatively worried about Infura censoring Tor exit nodes but it’s not currently a problem.

I do not know any onion services for remote Ethereum nodes. However, such service is conceivable because Metamask uses an HTTP provider. Conversely, running a local client (Parity or Geth), even as a light client, would require UDP so I understand that it is not an option.

I could run a full node on the host and trust Whisper for anonymity. I do have a hardened host (free Debian, encrypted partition, core booted, me_cleaner applied and inbound ports closed). I don’t understand the Whisper threat models well enough to believe that it would be any safer.

I’m looking for general feedback on this config, specifically around any obvious attack vector, and hopefully start a useful discussion about Ethereum. @Patrick I could help author the Ethereum wiki if anything worthwhile comes out of this thread.


I don’t know how you define “clean bitcoin”.

If you mean, bitcoin which aren’t associated with you, then yes, you have achieved that purpose.

If you mean, likely untainted bitcoin (addresses that are somehow linked to illegitimate activities), then BTC bought for XMR on Bisq are certainly no guarantee for that. Actually I’d say the BTC you get on Bisq for XMR have a high likelihood to be tainted.

To move from XMR to BTC I’d prefer xmr.to


Good point. I meant untraceable to back me.


Etherium and BTC not meant to be anonymous anyway. so this is not whonix issue.

Learn how to use XMR


jpearson via Whonix Forum:

By default, Metamask connects to a remote node hosted by Infura. Should I be worried about DNS leaks?

DNS requests by Metamask from Whonix-Workstation have the same safety as
any custom installed application in Whonix-Workstation.

(Minor: stream isolation. If you want to perfect that, disable
transparent proxying and transparent dns anyhow.)

@Patrick I could help author the Ehtereum wiki if anything worthwhile comes out of this thread.

Yes, https://www.whonix.org/wiki/Ethereum currently looks like “cannot
do”. Some ways to somehow interact with ETH would be better than nothing.


@TNT_BOM_BOM The designs ETH and BTC protocols are neutral towards anonymity. To put things in perspective, anonymity is a core feature of the XMR protocol while anti-anonymity is a core feature of the traditional banking system. With ETH and BTC, anonymity is a client problem, not a feature of the protocol, but not an anti-feature either. This makes Whonix even more relevant to the subject. For further illustration, Bisq is an exchange protocol with anonymity as a core feature, but it is also built on top of the BTC protocol.

I know how to use XMR, I stated that my ETH holdings were anonymized by trading them for XMR. Learn more about cryptocurrencies, you’ll understand the purpose of tokens in decentralized applications, and why they can’t just be substituted for Monero.

so this is not whonix issue.

Says who? Are you a Whonix maintainer? I never raised any issue with Whonix itself. Keep in mind that Whonix also publishes a Wiki with guides for both BTC and ETH anonymity. I made my intentions clear and offered help with authoring the Ethereum guide. @Patrick Is this a relevant topic for the Wiki? If not, I would suggest including a mention to explain why.

1 Like

That would be great - helping wiki hands are most welcome, especially in the Money section.

1 Like

Pseudonym only

Good you know that

Thats why i dont see good future with it

No , just random guy jumping on the net.

Feel always welcome and free to do that.


I agree that using pseudonyms isn’t as good as anonymity-preserving cryptography because it require diligence on the part of the client, which is why I’m discussing the topic on a Whonix forum. A protocol that truly isn’t meant to be anonymous wouldn’t allow such loophole.

Ethereum has the components for anonymity-preserving cryptography (zero-knowledge-proofs, multiparty computation, etc). Here is a concrete example: https://www.aztecprotocol.com/. Today, using pseudonyms is still the easiest and most universal strategy (probably not for long).

I prefer using Monero for payments when possible. But the reality is that many merchants, if not most, still only accept Bitcoin. My usage of Ethereum-based tokens goes well beyond payments.

I don’t know about the future of Bisq, but at present, it is the only decentralized exchange designed for anonymity.


this is not whonix issue.

This has been said in past for various things, perhaps inconsistently. Mostly for things up to upstream projects we’re based on. Some things are not related to Whonix (default) software directly such as the https://www.whonix.org/wiki/Money page. What we choose to document might be arbitrary based on contributions received. Sometimes we added the name of a maintainer on top of a page if the content looks good enough but can’t be supported by everyone. I don’t think we rejected wiki contributions yet for any subjects since they wouldn’t fit for some reason.

Yes, as already confirmed in my initial reply.

We have that wiki page https://www.whonix.org/wiki/Ethereum already. Enhancement contributions are welcome. I don’t need to be convinced BTH vs ETH vs XMR anything.

Btw we try keep this page up to date: