Cover photo

Web3 Privacy Begins With Your RPC

How You Connect to the Blockchain Matters for Privacy, Security, and Usability 

Article by Hiro Kennelly | Edited by Tomahawk and Trewkat | Cover Art by Tonytad

We all understand how to use MetaMask and other web3 wallets, right? You just download the extension or app, set up a wallet and record your seed phrase, add some ETH, and you’re off and running. It’s just that easy, right? Well, sort of…

If you’re interested in pseudonymous financial transactions, owning and controlling your data, and otherwise vibing with the web3 ethos of uncensorable, permissionless transactions then I have some news for you: a default MetaMask wallet setup doesn’t help you in this respect.

If you really care about pseudonymity and protecting your personal data, you’re going to need to level up your blockchain infrastructure game. You’re going to need to learn about RPCs.

What Does RPC Mean?

RPC stands for Remote Procedure Call, which is the name of the communication protocol services like wallets and dApps use to interact with a blockchain network. Most blockchains use RPCs, and many blockchains have multiple RPCs from which to choose. One way to think about the RPC is that it’s a way for you to choose your access route to the blockchain network. If you choose an appropriate RPC, you can connect to the network almost as if you were running your own node.

Among other things, RPCs are used to:

  • query the blockchain for information about transactions, addresses, and/or blocks.

  • send transactions to the network.

  • manage accounts, keys, and wallet functionality.

  • interact with smart contracts and retrieve data.

What Is an RPC Endpoint?

Remember that at their core, blockchains are just networked computers. An RPC endpoint is the internet address of the node through which RPC requests are submitted  —  the actual URL you use to access the network.

For example, in MetaMask the default RPC endpoint connects you to the blockchain through Infura: the blockchain infrastructure provider which shares a parent company with MetaMask.

Default RPC Endpoint on MetaMask. Source: MetaMask

See the entry in the field called New RPC URL? That’s the default RPC endpoint for Ethereum Mainnet when using MetaMask. But don’t worry, if you’re not comfortable routing all of your information through the world’s largest crypto conglomerate, ConsenSys  —  which owns MetaMask, Infura, and so much more  —  there are many other options.

Ethereum Mainnet RPC Endpoints List. Image source: Chainlist

This above list is from chainlist.org, your new bestie when it comes to RPC endpoints.

Why Are There So Many RPC Endpoints?

As you may have guessed, not all RPC endpoints are the same.

Most of the common endpoints are run by companies that directly benefit from the traffic on their RPCs. This means that they not only connect you to the blockchain, but they can also inspect, store, and digest your internet data while doing so. For example, when you use the default Ethereum Mainnet RPC endpoint in MetaMask, did you know that Infura is also correlating your IP address with your wallet address? Most MetaMask users probably assume that their anonymity is preserved since the wallet app doesn’t require KYC, while in truth their location and modem are doxxed by the default RPC endpoint. (Update: ConsenSys claims in its most recent Data Retention Update that "IP addresses and wallet address data relating to a transaction are not stored together or in a way that allows our systems to associate those two pieces of data.")

If you’re interested in pseudonymous financial transactions, owning and controlling your data, and otherwise vibing with the web3 ethos of uncensorable, permissionless transactions then I have some news for you: a default MetaMask wallet setup doesn’t help you in this respect.

Chainlist is a website that lists RPC endpoints for all EVM networks (there are dozens, perhaps hundreds). Below is a screenshot of the major networks, such as Mainnet, Polygon, Arbitrum, Optimism, and Binance Smart Chain.

Major EVM Networks. Image source: Chainlist

There are a number of reasons why blockchain networks have so many endpoints  —  partly it’s just redundancy to support higher bandwidth of transactions. However, many infrastructure providers encourage the use of their own RPC endpoints, presumably to benefit directly from that user data or order flow information. And it’s also because the types of RPC endpoints vary wildly, including whether they are public or private, and whether they collect personally identifying information or not.

Public v. Private RPCs

A public RPC enables anyone to access the blockchain through a particular URL for free  —  Infura is a public RPC endpoint. Point your wallet at that URL and it’s the node through which you’ll interact with the blockchain.

While having public blockchain access points is necessary, public RPC endpoints are sometimes slow and unreliable. Like busy highways at rush hour, they can get congested when demand is high and are not always the best way to travel. Bots looking to frontrun large trades will always be watching this public traffic, so you might end up paying higher spreads for significant trades. Perhaps more importantly, public access points may bring the worst aspects of web2 to web3: privacy-breaking data gathering by for-profit corporations or governments.

By contrast, a private RPC is not available for just anyone to use, and it provides a user with a direct, private connection to a node provider. The private RPC URL is unique to its owner, and enables only that person to interact with the blockchain through that endpoint. Imagine all MetaMask users trying to use the same Infura endpoint during a major crypto event and just watching their transactions, waiting for them to confirm. Private RPCs avoid this congestion, allowing users to interact with the blockchain more quickly. Alchemy, a blockchain infrastructure provider, has an awesome tutorial on how to set up a private RPC. I highly recommend you check it out.

How To Choose a Public RPC Endpoint

There are a few important things to consider when choosing the RPC endpoint. Not everyone is going to create a custom, private RPC endpoint. Most of us are just going to use what’s easy, what’s given to us. At the very least, however, it’s worth getting away from data-sucking RPCs like Infura, and using an RPC that doesn’t broadcast your order flow or collect your personal information as you play in web3. Fortunately, there are easy alternatives to the for-profit infrastructure providers.

Recall that long list of Ethereum Mainnet RPCs above. Notice the privacy column? That’s the key.

Privacy Highlight of RPC Endpoints on Ethereum Mainnet. Image source: Chainlist

When you hover your cursor over the entries in the privacy column, you’ll get some great info. As with driving, green means good to go, red means don’t use, and yellow means exercise caution. The messages you get when you hover above a go, stop, or caution symbol are not universal. Take this example from https://ethereum.publicnode.com and check out what each endpoint stores or tracks:

Highlight of RPC Endpoint’s Interaction With User Data. Image source: Chainlist

You see that this RPC endpoint claims it doesn’t store or track user data except what will be on chain, doesn’t map IP addresses to wallet addresses, and doesn’t use sketchy third-party tracking software.

Similarly, for https://1rpc.io/eth:

Highlight of RPC Endpoint’s Interaction With User Data. Image source: Chainlist

This is great, go green! Contrast this with the Cloudflare RPC endpoint, which does all the sketchy web2 stuff you wouldn’t expect in web3:

Highlight of RPC Endpoint’s Interaction With User Data. Image source: Chainlist

Another, https://eth.rpc.blxrbdn.com, tracks user data as well:

Highlight of RPC Endpoint’s Interaction With User Data. Image source: Chainlist

The yellow caution symbol indicates RPCs that only temporarily collect data. One should probably still stay away:

Highlight of RPC Endpoint’s Interaction With User Data. Image source: Chainlist

RPC 123

Many RPCs know you and use your data, and that’s really the problem. Just as with public connections to the internet, public connections to the blockchain (still the internet!) can expose you and your data in ways you never imagined. Follow this RPC hierarchy to know how best to keep your data safe and your blockchain connection secure:

BEST CHOICE  —  Get a private RPC endpoint through folks like Alchemy, or better yet, spin up a node (you don’t need to be a validator, so no need for ETH) and use that to access the blockchain.

ACCEPTABLE  —  Use a public RPC that doesn’t scoop up your data:

USE EXTREME CAUTION  —  Only use public, non-privacy protecting RPCs if you absolutely must. Be aware that you are being watched, and large trades might be affected by frontrunning.

These technical differences may seem minor to most folks. But we came to web3 to maintain our pseudonymity, to own our data, and to escape the walled gardens of web2. The way we connect to the blockchain plays a huge role in ensuring our actions align with our values. Take the time to get a new RPC today!


Author Bio

Hiro Kennelly is a writer, editor, and coordinator at BanklessDAO, an Associate at Bankless Consulting, and is still a DAOpunk.

Editors Bio

Tomahawk is a writer, editor, and tokenomics contributor at BanklessDAO. He is a longtime trader who enjoys charting, investing, and analysis of tokens using technical and on-chain data.

Trewkat is a writer and editor at BanklessDAO. She’s interested in learning about applications for blockchain and NFTs, with a particular focus on how best to communicate this knowledge to others.

Designer Bio

Tonytad is a graphic designer who has worked locally and internationally with organisations and firms on over 200 projects, which includes branding, logo, flyers, cards, and covers.


BanklessDAO is an education and media engine dedicated to helping individuals achieve financial independence.


This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.


Bankless Publishing is always accepting submissions for publication. We’d love to read your work, so please submit your article here!


More Like This

Proto-Danksharding Basics by Hiro Kennelly

How To Learn Solidity by Oxzh

Cryptocurrency Wallets 101 by ijeblowrider

Loading...
highlight
Collect this post to permanently own it.
IndyPen CryptoMedia logo
Subscribe to IndyPen CryptoMedia and never miss a post.
#crypto-101#defi#featured#rpc#technical#web3-wallet#cohort