Workshop: Host your own Zcash servers

Hey all - we’re back and at it! Everyone in the class should have received a message today. If you’re wanting to jump in on it, it’s not too late! Shoot me a private message here on the forums if you are interested, we have budget for around five more people.

We’re conducting the class off of the forums in order to focus. There are many ways to host servers of any kind, and we want to stay laser focused on empowering users to host their own infrastructure in accordance with their personal threat models. Some people will want to obsess over an extremely secure server infrastructure, that’s great! Others will want to race forward with a “it’s secure enough for how I’m using Zcash” quicker approach. That’s fine too!

It is our belief that any self-hosted light wallet server, even if imperfect, is better than relying on centralized options. Regarding concerns of IP leaks during transaction broadcast, I personally do not see this as a big risk for most people’s security needs. It would be the IP address of the server leaking if anything, and is still a way better tradeoff than relying on centralized light wallet servers.

The budget was contributed by an individual donor (thank you!) not the Dev Fund.

Thank you again to everyone for your patience with me as deadlines have slipped. Hit me up on the messenger if you’d still like to participate, everything is ready. Let’s decentralize!

Science is not about beliefs!!

This type of approximate security works for Monero, not for Zcash. It’s certainly your right, but I don’t like that you are making it sound like your suggestion of running personal lightwallet nodes is a minor issue. It is not:

We should use our time and financial resources to build methods that are improving the network, improving the privacy of our users. Weakening it is just plain bad, unless you have conflicting interests in this story.

Now, we do need wallets and wallets need lightwalled servers, so this is still a great exercise and I am looking forward to learning things in here. But just like we’re not supposed to dox people in this forum, we shouldn’t be allowed to weaken the privacy of our users, particularly when it is absolutely unnecessary.

If we can find people that can reliably run lightwalletd in countries where there are currently none, this will be a massive win. So it’s really about framing this safely.

I run several regular (not lightwalletd) nodes in several countries for now, and I am looking forward to start running lightwalletd ones. I do not send transactions through my own nodes for the reasons explained above. We should be using each others nodes instead.

I have been following this guide, it seems pretty good:

Thank you @Autotunafish for the answer and @outgoing.doze for posting a specific guide, I will try to familiarize with that. My Zcashd is already up and running, looks like the hard part it’s configuring my home network so to make it secure while providing a public endpoint.

Also, I will ping @emersonian so to see if there are still some spots left.

After a segfault for a permission issue, I got it to work.

Now how do fellow people transacting ZEC tokens find lightwallet nodes, is there a discovery mechanism?

This post you are quoting seems fairly well reasoned (see Daira’s reply and subsequent thread too though).. but IMO there is not a one size fits all approach right now. People should think about their needs and wishes in relation to privacy.

People do need to understand some things before relying on critical technical systems. I hope these kind of workshops are getting people hands on and experimenting with these systems, while also benefiting the overall network, rather than immediately relying on them for their life or liberty. Same with this forum and all of it. Here some people are in (some kind of) public, trying things out again. Work out kinks and document, grow the network and participation. Future knowledge seekers and systems should benefit, even if they don’t participate.*

More technical, (from my own understanding, there are many here who know a lot! If I’m wrong about anything at all please jump in):

At the heart of it, it should be understood that zcash presently by itself does not provide network-layer privacy.

If you want to obscure your IP address…
using ‘malicious’ nodes [they will know the IP you connected from and all your command interactions, which blocks you might be interested in, and so on (there are more details here), because you’re working with the protocol and chain via their nodes]
OR non-malicious nodes [the node doesn’t log your activity, but a network observer may still have good knowledge of what IP is connecting to what, when and with which protocol, and is also seeing the transaction initiate across on the network]
…you will need an additional layer for your own privacy and anonymity.

If you run your own node, it won’t be malicious if all goes well! but network observers will still see the transaction gossip begin there** and if no one else is using it to make commands.. there will be a small set of users, exactly one, in fact.

If you run a node on a VPS that could a layer of obscurity too, but the issues are the same.

Zcash itself can provide a lot of privacy for you on-chain when using shielded transactions, but that is not the complete picture, as I have tried to spell out in some limited way here.

Zingolabs (among others) are working on integrating tools with the next-gen mixnet Nym, which should, theoretically, confound this level of observation to a large extent.***

*To find thanks for this situation where many of us can share tools and compare knowhow, and run them in the environment, we need only look to previous battles fought and won by people kind of like us, the good guys.

**(due to the lack of a dandelion type system as is mentioned in that post - which should add another layer of difficulty for an observer to understand everything)

***As some parting thoughts, getting everything lined up with Rust is central for having interoperability and industrial strength code. One reason we lost some old methods that were available to us is because of tech debt associated with the legacy C++ of zcashd. Also please see Online privacy and digital integrity under threat / Nym

Lightwalletd is rapidly deprecating in favor of Zainod.

It was pointed out to me by a careful reader that I might not have been very clear about the case where a user runs their own node. Because this is what this workshop is centered around I’ll try to clarify! That way I hope people can assess their status and of course be safe.

If a user runs their own node and wallet locally, there should be no network traffic to observe: the communication between the wallet and the node can be completely private. An observer will only see things happening on the gossip-protocol layer (transactions in the mempool). That’s something but, therefore, it is at least possible that the origin of those transactions could be narrowed down to include or be pinpointed as being from that particular node.

And like I said above, something like a Dandelion feature could help with this, but it is not a currently deployed feature. (There’s also Dandelion++ but I don’t know a lot about these so I’ll stop here, but you can look into it, it’s pretty cool stuff!)

Instead, this is a great example of something else we could still build, to improve the system.

Dandelion_Protocol-1943×521 55.8 KB

Either my or your understanding is completely incorrect. I wouldn’t mind if it’s me, but I think whichever one of us is wrong would really benefit from having this clarified.

The way I understand this situation, running your own node on your own computer / IP, is the worst thing you can do as far as Chainanalysis monitoring is concerned.

Hmm it sure would be good if people who actually understood things were around! ..oh wait they all… got fired…

Just kidding! That’s a dark future that’s only possible.

About IPs, we should both be trying to understand more about what the situation is, as well as being able to talk about the needs and wishes of users in different situations, and also at various levels of technical expertise and access.

My understanding is detailed above and I’m trying to speak generally so people can use info for their own needs. What capabilities a given company has, and how you handle

your own computer / IP

is up to you!

As it should be.

This is not correct.

The weakest link in Zcash privacy is the network layer, the traffic between the client (wallet) and the finalizer nodes is the place that Chainalysis can most efficiently extract information from the Zcash economy (thereby decreasing the utility of ZEC, if you care about ZEC value).

This is an area that we could rapidly improve on, if we had investment to onboard hackers.

What’s that, a “finalizer” node? I’ve never heard of this terminology.

Either way, I don’t think you understand how this works.

It’s all explained very clearly here:

I would guess the finalizer node is the one that, at least, receives the mined transaction block back to propogate after sending the block template (to mine) containing your transaction.

u1sylv2l59am3s57z32gvu42tsj900g0p0cetg482kv774klcsq9d8aesf30hky6mlqmjh04n32xwelnuqk4mjqv95z98kruv9yap9qsmtkdzspptpcfcmr0rwq36zejts99exrud8heegtfaecwarlxx6ke59nnn5wngy4rzu0usne09yn465srn4e6rt7nwkfqjkll56y7cdz754ahq

See this tweet from @paulbrigner ? I don’t blame him, after all this community hasn’t pushed back at all against the communication around this workshop, making people believe that they’ll be more private running their own nodes, while the reality is the exact opposite.

Thanks for brining this thread to my attention. If running your own Zcash stack leaks information, that is a serious issue that we need to address. I look forward to talking with the ECC team about it at the Z|ECC Summit in Prague.

The most important issue is not really that fully transacting out of your own stack is less private. The most important issue is how people with power in this project let this type of dangerous beliefs take hold.

But sure, it would be nice not to have to rely on third parties lightwalletd. Not just because it actually costs money to the dev fund to maintain those in existence, but because it’s what decentralization is about. I think for this to happen safely and privately, it’d need it to go through Tor.

Either way, it’s not the first nor most important critical privacy mistake made. The recent unified address leaking public transactions is top of the list in this field. Facepalm level.

They say shareholders couldn’t steer the project right; they are not educated. I say it’s not like whoever has been steering has been in any way impressive.

Privacy Implications of Running a Personal Zcash Node.pdf (101.9 KB)
For what its worth, here is ChatGPT’s deep research on the issue.

Thanks for doing this paul it is much needed.

Here is a snip from your pdf:

Screenshot_2025-07-05_07-24-301058×720 260 KB

I’d argue in terms on network level privacy, all projects have issues, so we are left with trade offs and what one is willing to put up with.

I think its also important to highlight this is fun, and supports decentralization.

Pack it up boys, Zcash is now about fun!

Some people need Zcash for their safety and if they can be identified, it can become at risk for their wellbeing, financial or otherwise. This is what we are talking about here, not some KYC’d forum users having some nerdy fun.