Wasabi Wallet White Paper TOR is crucial for achieving privacy during a Coinjoin operation. Wasabi has used TOR for all network activity, including keep-alive and normal (non-Coinjoin) incoming and outgoing transactions, since 2019 as a comprehensive privacy measure. Using TOR, entry (guard) nodes are randomly selected. Wasabi servers are located on the TOR network, as hidden services, so that Wasabi traffic never leaves the onion via an exit node, making its network activity secure from man in the middle attacks. In fact, when inspected in a network sniffer, such as WireShark, it was evident that there are only encrypted TOR packets on the Wasabi network Typically, TOR uses TLS (Transport Layer Security, a cryptographic protocol designed to provide communications security over a computer network) over TCP (Transmission Control Protocol) as its transport protocol. TCP and UDP (User Datagram Protocol) ports commonly affiliated with TOR include 9001, 9030, 9040, 9050, 9051, and 9150. In the below figure we can see an example of a Wireshark trace of Wasabi network traffic, in which the inspected traffic protocol is TLS v1.2, meaning only encrypted traffic is presented, and one of the ports (source or destination) is 9001, indicating the use of TOR. This usage of TOR also mitigates the risk of tracking activity on the blockchain in the event of a closure of Wasabi by law enforcement, who may seize logs to identify the illicit transaction makers. Even if the wasabiwallet.io site is taken down, IP logs would be worthless as the service uses TOR. Figure 5 – A Wireshark trace of Wasabi network traffic. Only encrypted traffic is displayed. Even the download of the Wasabi application is available via an onion link, so a privacy-seeker could completely masquerade his mere use of Wasabi wallet, let alone details of his crypto transactions. Figure 6 - Wasabi web site. Onion link is visible on the bottom 10