Privacy Modes
Lowkey supports three privacy modes that control network visibility and connection routing.
On this page
Overview
| Mode | IP Visibility | Latency | Use Case |
|---|---|---|---|
| Normal | Visible to all peers | ~10-50ms | Maximum performance |
| Relay-Only | Hidden from peers | ~100-300ms | Privacy-conscious |
| Tor | Anonymous | ~500-2000ms | Maximum anonymity |
Normal Mode
Default mode - Optimized for performance.
Behavior
- Direct TCP connections to peers
- External IP address advertised
- AutoNAT enabled for NAT detection
- DCUtR enabled for connection upgrades
+----------+ +----------+
| Your | Direct TCP | Other |
| Peer |<------------------>| Peer |
| IP: 1.2.3| | |
+----------+ +----------+
| |
| Your IP is visible |
+------------------------------+
Relay-Only Mode
Privacy-focused - Your IP is hidden from other peers.
Behavior
- All connections routed through relay circuits
- No external IP advertised
- AutoNAT disabled
- Relay reservations on seed node
+----------+ +----------+ +----------+
| Your | | Relay | | Other |
| Peer |<---->| (Seed) |<---->| Peer |
| IP: ??? | | | | |
+----------+ +----------+ +----------+
|
Only seed sees your IP
Limitations
- Seed node sees your IP (but other peers don't)
- Higher latency due to relay hop
- Depends on seed node availability
- Limited circuits per peer (16 max)
Tor Mode
Maximum anonymity - Traffic routed through Tor network.
Behavior
- All connections via Tor SOCKS5 proxy
- No external IP advertised
- AutoNAT disabled
- Requires external Tor daemon
+----------+ +-----------------------------+ +----------+
| Your | | Tor Network | | Other |
| Peer |<->| Guard -> Middle -> Exit |<->| Peer |
| IP: ??? | | | | |
+----------+ +-----------------------------+ +----------+
|
Nobody sees your IP
(Seed sees exit node IP)
Prerequisites
# macOS
brew install tor
brew services start tor
# Linux
sudo apt install tor
sudo systemctl start tor
# Verify Tor is running
curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/Limitations
- High latency (500ms-2s per round trip)
- Reduced bandwidth (~1-5 Mbps typical)
- Exit nodes may be blocked by some networks
- Tor daemon must be running externally
Comparison Table
| Feature | Normal | Relay-Only | Tor |
|---|---|---|---|
| IP visible to peers | Yes | No | No |
| IP visible to seed | Yes | Yes | Exit node IP |
| Direct connections | Yes | No | No |
| AutoNAT | Enabled | Disabled | Disabled |
| External dependency | None | None | Tor daemon |
| Typical latency | 10-50ms | 100-300ms | 500-2000ms |
| Max bandwidth | Network | Network | ~5 Mbps |
Switching Privacy Modes
Privacy mode changes require application restart:
// Settings.tsx
const handlePrivacyChange = async (mode: PrivacyMode) => {
await configSave({ ...config, privacyMode: mode });
await invoke('restart_app');
};The engine cannot change transport at runtime - it must be reinitialized.
Security Considerations
| Mode | Trust Model |
|---|---|
| Normal | IP visible to all connected peers |
| Relay-Only | Trusts seed node operator |
| Tor | Anonymity from all parties (vulnerable to timing attacks) |