Umbra is Live
June 3, 2021 / Ben DiFrancesco
We are thrilled to announce, after many months of work, that Umbra is live on mainnet and available for public use. In fact, the protocol was soft launched two weeks ago to a small group of testers who diligently acted as our guinea pigs. We're grateful for all the feedback they provided.
We've spent the last week implementing some of that feedback, and while we still see lots of opportunity to improve, we believe Umbra is ready to be useful to the Ethereum ecosystem.
Please note that while Umbra has been audited and thoroughly tested, we still consider it to be in "Beta" at this point. In 4-6 weeks, assuming the system has performed as expected, we'll feel comfortable removing that moniker. As always, please use Umbra with some measure of caution and at your own risk.
We know you're eager to try out the app— and we're eager to have you use it— but before we share the link, we think it's critical to share some limitations about Umbra you should be aware of. Please look these over and, at a minimum, review the summaries provided.
TL;DR The token list is limited but will expand soon.
The Umbra frontend & relayer service currently supports sending and receiving ETH, DAI, USDC, and USDT. The core protocol can support any non-rebasing ERC20 token, and we will be working to add more tokens to the mix soon.
Cloud Provider IP Logging
TL;DR Our cloud hosting providers (for now) may log your IP address when using the app.
Our app does not have any analytics, use any cookies, or log any user data. This is an intentional design choice on our part as a privacy tool. However, the cloud hosting providers we are using may log user IP addresses and keep them around for 30 days, and don't provide an (easy) way to ensure this this functionality is turned off.
We're working to remove this logging or switch providers, and will keep you updated. We're also exploring how to move as much of our hosting as possible to decentralized options in the future.
ENS Name Detection
TL;DR You can't (currently) configure Umbra with your ENS name unless you've first configured that ENS name for reverse resolution.
If you want to configure Umbra with your existing ENS name, you have to have reverse resolution configured first. If you don't, the app will not be able to detect your ownership of a given domain, and it will not be possible to complete the setup flow using it.
In a future update, we hope to enable you to configure Umbra with any ENS name you own, regardless of reverse resolution.
Umbra ENS Subdomain Ownership
TL;DR It's (currently) technically possible for us to seize
umbra.eth subdomains after they're registered, so if you require maximum security guarantees, configure Umbra with your own ENS name.
If you choose to set up Umbra with an address that doesn't own an ENS name, or doesn't have the reverse registrar configured, you'll be given the option to register an Umbra subdomain instead. A subdomain is something like
In ENS, subdomains can be configured by the owner of the root domain. As the owners of
umbra.eth, we've built a contract that allows you to claim the
umbra.eth subdomain of your choice on a first come, first serve basis.
Despite this subdomain registrar contract, it's still possible for the owner of the root ENS name to revoke or reassign subdomain ownership. That means, should we choose to be malevolent, we could seize subdomains in an effort to trick people to sending funds to us, instead of their intended recipient.
Hopefully it goes without saying that we won't do this, but given we are striving to create a trustless protocol, we want to get to the point that you don't have to take our word for it. As an initial step in this direction, we've transferred ownership of
umbra.eth to a 2-of-3 multisig controlled by Matt Solomon, Ed Mazurek, and Ben DiFrancesco, all of whom are engineers at ScopeLift. Two of us would have to choose the dark side and collude before any such evil behavior could take place.
In the near future, we will expand this multisig to include well known community members who are unaffiliated with the project directly, and up the threshold so that it would take more than just ScopeLift developers to collude before a malicious action could be carried out.
In the longer term, we plan to develop and deploy a contract to take permanent ownership of the
umbra.eth domain, guaranteeing that subdomains can never be seized once registered. Obviously, such contract will need to be developed with care and audited before being granted permanent ownership of the domain.
If your threat model requires maximum security, configure Umbra with your own ENS name, not an Umbra subdomain (for now). None of the tradeoffs described above impact your own ENS name in any way.
UX Challenges: Umbra Isn't Magic
TL;DR Umbra is a new protocol, and understanding its privacy properties can be confusing at first. Don't use Umbra like it's some magical tool that automatically confers privacy. It doesn't!
Something that became clear during our testing is that the way Umbra works, and the nature of the privacy protections it provides, is not always immediately intuitive to users. We think this is totally normal as a new protocol.
We have lots of ideas on how to address this issue, including tutorials, educational materials, and UX modifications to make what's happening more clear. We also see lots of opportunities to build integrations that make it easier for users to make privacy preserving decisions after they're received their funds.
As we execute and iterate on these efforts, and as you get familiar with the way Umbra works, we provide a word of caution: don't assume Umbra is a privacy panacea (it's not), and don't use carelessly assuming that it magically makes everything you do private (it doesn't).
If you're thinking of using Umbra for a transaction that absolutely requires the highest levels of privacy protection, we recommend holding off until you really understand the tradeoffs involved. A good place to get started for now is in the FAQ page.
With those caveats aside, we're so excited to get Umbra into your hands and to use it ourselves! We believe it provides an important new tool in the Ethereum tool belt. So without further ado, here's the link:
The journey to take Umbra from hackathon proof of concept to an audited mainnet protocol has been a long one. As a part time project for ScopeLift, this effort has been made possible entirely through grants and donations from the community. Your support has gotten us this far.
Still, we believe Umbra is just getting started. We have a laundry list of improvements to make, developer docs to write, and many integrations to build. And we expect to have more feedback rolling in from users now that the app is live.
We'll be sharing a lot more in the coming weeks about our plans and next steps. There are lots of exciting possibilities ahead. For now, though, we'll close with a simple and heartfelt "thank you."