Privacy at Glaciem
Last updated: 2026-05-22
Glaciem is a privacy cryptocurrency. The privacy guarantees the project inherits from Monero are real — but they are not the same at every layer of the system. This page is an honest accounting of what we can and can't guarantee, so you can make informed choices.
The layers
| Layer | Privacy | What that means |
|---|---|---|
| On-chain (the GLAC blockchain itself) | Strong | Sender, recipient, and transaction amount are all hidden through stealth addresses, ring signatures, and RingCT — Monero's well-audited cryptography, used as-is. Anyone observing the chain sees only that some transaction occurred, not who or for how much. |
| In-browser wallet generation (the wallet you make on glacwordmine) | Strong | Keys are generated entirely in your browser using
crypto.getRandomValues. The seed is shown to you once
and never transmitted to any server. We don't store it; we don't
log it; we can't recover it for you. Source. |
Our Worker code
(glaciem-rpc.frostmine.workers.dev) |
No tracking | Our code does not log IP addresses, wallet addresses, or per-user data. It writes a daily-rotated SHA-256 fingerprint to KV for the sole purpose of counting unique miners — this can't be reversed to an IP and auto-expires in 7 days. Wallet addresses inside RPC bodies are passed through untouched. Source. |
| Cloudflare (the CDN underneath) | Limited | Cloudflare sits in front of the Worker as a CDN, DDoS shield, and TLS terminator. They see and retain request metadata (source IP, timestamps, request paths) as part of standard CDN operation. This is the same trade-off any website behind Cloudflare makes. We do not have a special arrangement that hides this from them; nor do they share it with us in a way that maps to identity. If you mine through our Worker, Cloudflare can see that your IP hit our endpoint. |
| Hetzner (the VPS provider) | Limited | Our two relay nodes run on Hetzner VMs. Hetzner sees inbound traffic to those VMs (IP-level). They don't see RPC bodies (TLS is terminated at Cloudflare, but the connection from Cloudflare to the VM is over plain HTTP on the internal network). The VMs themselves do not log RPC client IPs. |
| Network layer (how packets reach our infrastructure) | Not by default | Without something like Tor or I2P, your ISP, your government, and
any AS in between can see that you connected to
glaciem-rpc.frostmine.workers.dev. This is true of any
web service. See below for opt-outs. |
What this means in practice
If you only care about who can see your on-chain activity: nothing here changes the Monero-level privacy guarantee. Your transaction amounts, senders, and recipients are hidden from the chain itself.
If you also care about who can see that you mine GLAC: Cloudflare can see this. Your ISP can see this. The pragmatic mitigation is to mine over Tor (next section).
If you want neither us nor Cloudflare in the path:
run your own rimed node and mine against your own daemon's
RPC. The miner apps' built-in peer discovery will let you target a
direct node by IP if you prefer — or you can skip our infrastructure
entirely.
Opt-outs and stronger setups
For users who want network-level privacy too:
- Mine over Tor. The Linux miner can be routed through
Tor with
torsocks ./glaciem-miner. This hides your IP from Cloudflare and from the relay nodes; they'll see a Tor exit relay's IP instead of yours. - Run your own node. Glaciem is open source. Building
rimedfrom source takes ~15 minutes (instructions). Mining against your own daemon eliminates our Worker from your data path entirely. - Use a VPN. Lower-effort than Tor; still removes your direct ISP from the picture. Doesn't help against the VPN provider itself.
What we never store
- Your wallet address. The RPC bodies you send to our Worker contain it, but our code does not read or log it — we just forward the bytes.
- Your seed phrase. Wallets generated on glacwordmine live and die in your browser. We could not give you a forgotten seed back even if subpoenaed.
- Your raw IP address. We can't help that Cloudflare sees it; we just don't write it down ourselves. The fingerprint we use for unique-miner counting is salted SHA-256 with the salt rotating each UTC day.
- Any link between fingerprints and identities. We don't know which fingerprint paid for what, which fingerprint mined which block, etc. The fingerprint is write-only from our perspective.
What's published
The only aggregate Glaciem itself publishes is the unique-miner total per day, available at /stats. The response is a single number plus per-node hit counts. There is no country, region, or per-miner breakdown.
Reach
If you spot something here that's wrong or could be tightened, please open an issue at github.com/hughson/Glaciem/issues. This page is a living document.