RPCh Alpha Launch Provides First Private RPC Calls For Wallets

In November 2022, MetaMask users spotted a worrying change to the privacy policy: IP addresses are gathered and stored by Infura, the default RPC provider responsible for piping data between the wallet and the blockchain. Although Consensys, the organization which owns both billion-dollar projects, asserted that the data would not be monetized and would only be used were needed to provide their services, many users asked the obvious question:

Why should we trust you?

This isn’t to suggest that Consensys were dishonest in their statement. But trustlessness is a fundamental principle of crypto and web3. If you have to trust your wallet and their RPC provider to not misuse your data or spy on you, why not just use a regular bank?

And this isn’t the first privacy issue linked to MetaMask’s handling of RPC calls. DERP, an educational tool from Swiss privacy company HOPR, shows how MetaMask RPC calls leak details of every address in a user’s wallet, even if they’ve never interacted on-chain. Worst of all, this can happen just by opening the wallet extension, without even logging in.

For web3 enthusiasts who value their financial privacy, it was an uncomfortable moment where the dreams and values of the ecosystem were brought to earth by the reality of the mechanics of data transport over the internet.

RPC (remote procedure call) providers are the backbone of crypto and web3. It sounds complicated, but at its heart a remote procedure call is just a way for two computers in different locations to communicate. Every wallet and DeFi service uses them, and RPC providers process billions of RPC calls a day. But they’re still bound by the technologies which have underpinned the internet for decades. The internet runs on exposed IP addresses so that computers know how to talk with each other. Even a VPN can’t help much, simply switching one IP address for another. There’s no other way to do things…

Actually there might be. The same team behind HOPR and DERP have come to the rescue with RPCh, the first fully private RPC provider and the first product on top of their privacy mixnet.

Launched on 26th Feb at ETH Denver, RPCh promises to be the first private gateway to the blockchain. Wallets integrated with RPCh no longer leak user IP addresses, because the RPC call is first split and sent via different routes across the HOPR mixnet.

RPCh integrates seamlessly with existing RPC providers like Infura, with the crucial difference that they no longer see a user’s IP address. Instead, they’ll see many different IP addresses for each RPC call, none of which can be linked to each other or the original sender.

Although the tech behind RPCh is complex, the user experience seems very simple. RPCh integrates directly into wallets, so users shouldn’t notice any difference from their normal crypto activities. They won’t even need to pay extra: wallets bear the cost in exchange for simpler data handling and compliance.

Although this is a totally new approach to handling RPC calls and IP addresses, it’s far from theoretical. RPCh is already integrated into privacy wallet BlockWallet, with more wallet integrations in the pipeline. Web3 enthusiasts on other wallets and chains who are prepared to do a little extra setup of their own can also try out RPCh on their own by accessing the alpha version.

In fact, previous collaborations between HOPR and MetaMask suggest that the biggest wallet in the Ethereum space may also be eyeing up a new solution to their privacy woes.