Privacy Architecture

zer0's privacy architecture is built on three pillars: zero-knowledge proofs, Tor network routing, and on-device computation. Together, they create a fortress where even we can't see what you're doing.

🏗️ Architecture Overview

┌─────────────────────────────────────────────────────────┐
│                     zer0 Browser                         │
├─────────────────────────────────────────────────────────┤
│                                                          │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐ │
│  │   Chromium   │  │  AI Agents   │  │  $zer0      │ │
│  │   Renderer   │  │  (Llama-3)   │  │  Wallet      │ │
│  └──────┬───────┘  └──────┬───────┘  └──────┬───────┘ │
│         │                  │                  │          │
│  ┌──────▼──────────────────▼──────────────────▼───────┐ │
│  │           Privacy & Shielding Engine              │ │
│  │  • Zcash Sapling Pools  • Halo2 Proofs           │ │
│  │  • zk-DNS Resolution    • No Telemetry            │ │
│  └──────────────────────┬──────────────────────────────┘ │
│                         │                                 │
│  ┌──────────────────────▼──────────────────────────────┐ │
│  │              Tor Expert Bundle                     │ │
│  │  • Onion Routing      • Exit Node Rotation         │ │
│  └──────────────────────┬──────────────────────────────┘ │
└─────────────────────────┼──────────────────────────────┘
                          │
                          ▼
                  Encrypted Internet

🛡️ Layer 1: Zero-Knowledge Proofs

What Are Zero-Knowledge Proofs?

Zero-knowledge proofs let you prove something is true without revealing WHY it's true.

Example:

• Traditional: "I'm over 21" → Show full birthday, ID, name, address

• Zero-knowledge: "I'm over 21" → Mathematical proof (reveals nothing else)

How zer0 Uses ZK-Proofs

1. Shielded Transactions (Zcash Sapling)

All $zer0 token transactions are fully private:

Traditional Crypto:
Alice → 5 $zer0 → Bob
(Everyone sees: sender, receiver, amount)

zer0 with zk-Proofs:
Shielded Pool Activity Detected
(Nobody sees: who, what, how much)

Technical Implementation:

• Sapling Protocol - zkSNARK-based shielded addresses

• Note Commitments - Encrypted transaction details

• Nullifiers - Prevent double-spending without revealing sender

2. Anonymous Browsing Proofs (Halo2)

Prove you're human without revealing identity:

Challenge: "Prove you're not a bot"

Traditional: CAPTCHA (trains AI, wastes time, tracks device)
zer0 zk-Proof: Submit proof of computational work
              → Website knows you're human
              → You revealed zero information

Use Cases:

• Anti-bot protection without tracking

• Age verification without ID

• Payment proof without transaction details

• Reputation without identity

3. zk-Cohort Advertising

Advertisers target WITHOUT personal data:

Traditional Ads:
"John Smith, 34, NYC, $120k salary, likes crypto"
→ Invasive, creepy, data breach risk

zer0 zk-Ads:
"User in cohort #482: [Crypto enthusiast, 25-40, Urban]"
→ Effective targeting, zero PII
→ 10x better CPM ($50 vs $5)

How It Works:

1. Your device generates anonymous cohort proof

2. Ad network sees: "Cohort 482 viewed site X"

3. Bidders compete: "I'll pay $50 CPM for cohort 482"

4. You earn $zer0, advertiser gets results, privacy intact

🧅 Layer 2: Tor Network Integration

What is Tor?

Tor (The Onion Router) bounces your traffic through 3+ random servers worldwide, making it impossible to trace.

You → Guard Node → Middle Node → Exit Node → Website
  🔒         🔒            🔒          🔓
  
Each node only knows its neighbors - no one sees the full path

zer0's Tor Implementation

Built-In Tor Expert Bundle

Traditional Tor Browser:

• Separate application

• Limited compatibility

• Slow and clunky

• Not a daily driver

zer0's Integration:

• Embedded in browser

• Full Chromium compatibility

• Optimized routing

• Seamless experience

Enhanced Tor Features

zk-DNS: Private DNS Resolution

The Problem: Even with Tor, DNS queries can leak your browsing:

Regular DNS:
You → ISP DNS → "Looking up zer0.build"
ISP now knows you visited zer0.build

zer0's Solution:

zk-DNS:
You → Tor → zk-DNS Resolver → Encrypted Response
Nobody knows what sites you're visiting

Features:

• DNS-over-HTTPS (DoH) via Tor

• Multiple resolver fallbacks

• DNSSEC validation

• Zero logging

💻 Layer 3: On-Device Computation

Why On-Device Matters

Cloud AI Services (ChatGPT, Claude, etc.):

You: "Analyze my financial spreadsheet"
↓
[Data uploaded to cloud]
↓
AI Company: Now has your financial data
Government: Can subpoena the data
Hackers: Can breach the servers

zer0 On-Device AI:

You: "Analyze my financial spreadsheet"
↓
[Llama-3-8B processes locally]
↓
Result: Insights generated
Nobody else saw your data - not even us

Local AI Stack

Model Architecture

Llama-3-8B Optimized

• Size: 4-8 GB compressed

• Speed: 20-50 tokens/sec on consumer CPU

• Accuracy: GPT-3.5 equivalent for most tasks

• Privacy: 100% local, zero cloud calls

Optimization Techniques:

• Quantization: INT4/INT8 for 4x faster inference

• KV Cache: Reuse computations across requests

• Batching: Process multiple requests efficiently

• WebGPU: GPU acceleration when available

Agent Sandboxing

Each agent runs in isolated sandbox:

┌─────────────────────────────────────┐
│         Agent Sandbox               │
│                                     │
│  ┌─────────────────────────────┐  │
│  │   AI Model Execution        │  │
│  │   (Read-only file access)   │  │
│  └─────────────────────────────┘  │
│                                     │
│  ┌─────────────────────────────┐  │
│  │   Memory Isolation          │  │
│  │   (No data persistence)     │  │
│  └─────────────────────────────┘  │
│                                     │
│  ┌─────────────────────────────┐  │
│  │   Network Restrictions      │  │
│  │   (Tor-only, whitelisted)   │  │
│  └─────────────────────────────┘  │
└─────────────────────────────────────┘

Security Benefits:

• Agents can't exfiltrate data

• Crashed agents don't affect browser

• Malicious agents can't access wallet

• Complete audit trail of agent actions

🔒 Additional Privacy Features

1. Always-On Incognito Mode

Cannot be disabled - this is zer0's core promise:

• ✅ No browsing history saved

• ✅ No cookies persist across sessions

• ✅ No cache survives browser restart

• ✅ No form data remembered

• ✅ No download history logged

2. WebRTC Leak Prevention

WebRTC can expose your real IP even through VPN/Tor:

Vulnerable Browser:
Tor says IP: 185.220.101.34 (Germany)
WebRTC leaks: 192.168.1.100 (Your real local IP)
→ Privacy broken

zer0's Protection:

• WebRTC disabled by default

• Strict ICE candidate filtering

• Real IP never exposed

3. Browser Fingerprinting Protection

Websites track you via browser "fingerprint":

Fingerprint Components:

• Screen resolution

• Installed fonts

• Canvas rendering

• WebGL capabilities

• Audio context

• Installed plugins

• Timezone

• Language settings

zer0's Countermeasures:

• Randomize non-critical values

• Normalize revealing attributes

• Block advanced fingerprinting APIs

• Regular fingerprint rotation

Result: Your fingerprint changes every session, making tracking impossible.

4. Cookie & Tracker Blocking

Built-in blocking (no extensions needed):

5. HTTPS Everywhere

• Auto-upgrade HTTP → HTTPS

• Warn on insecure connections

• Block mixed content

• HSTS preload list included

🔐 Cryptographic Primitives

Encryption Standards

Transport Layer:

• TLS 1.3 minimum

• Perfect Forward Secrecy (PFS)

• Strong cipher suites only

Storage Layer:

• AES-256-GCM for wallet encryption

• Argon2id for password hashing

• Secure key derivation (BIP-39)

Random Number Generation

Critical for:

• Wallet seed phrases

• zk-Proof generation

• Tor circuit selection

Source:

• OS-level CSPRNG (/dev/urandom, CryptGenRandom)

• Hardware RNG when available (TPM, Secure Enclave)

• Entropy pooling from user interactions

🛡️ Threat Model

What zer0 Protects Against

What zer0 Cannot Protect Against

Be aware of these limitations:

1. Compromised Exit Nodes

   • Tor exit nodes can see unencrypted (HTTP) traffic

   • Mitigation: Always use HTTPS (zer0 enforces this)

2. JavaScript-Based Attacks

   • Malicious JS can still execute (needed for modern web)

   • Mitigation: Disable JS for high-security browsing

3. Browser Exploits

   • Zero-day vulnerabilities in Chromium

   • Mitigation: Keep zer0 updated, bug bounty program

4. Social Engineering

   • Phishing, fake sites, user error

   • Mitigation: User education, built-in warnings

5. Physical Access

   • Someone with your device can access everything

   • Mitigation: Strong password, encrypt device, never leave unlocked

📊 Privacy Metrics & Audits

Verified Privacy Claims

Third-Party Audits

Security Audits:

• 🟢 Trail of Bits (Q1 2026) - Comprehensive security review

• 🟢 Least Authority (Q2 2026) - Zcash integration audit

• 🔄 Ongoing Bug Bounty - $500k pool, HackerOne platform

Privacy Audits:

• 🟢 Cure53 - Browser privacy assessment

• 🟢 NCC Group - Cryptographic implementation review

🔬 Technical Deep Dives

Want to learn more about specific technologies?