You might have heard of anonymous proxies. These are similar to other types of proxies but have crucial differences. Anonymous proxy accounts can be confusing, but this guide will explain these types of accounts and how they can help you manage funds in a more secure and permissionless way.
Note that the name “anonymous proxies” has recently been replaced with “pure proxies” since even though a particular account does not own them, they may not necessarily be anonymous. This guide will retain the old name because that’s the name with which it’s widely known.
A hypothetical scenario
To better explain what anonymous proxies are, let’s take this hypothetical scenario as an example:
Mr. Ben Wants to set up a new bounty that will be funded by Polkadot’s treasury and must provide a multi-signature account whose signatories will manage the bounty. He sets up a 2-out-of-4 multi-signature account composed of himself, John, Alice, and Joe.
The council accepted the multi-signature account and funded the bounty. But one month later, John lost his private keys and is now required to use a different address for the multi-signature account. Since John will need to use a new account, the multi-signature address for the bounty has to change.
Unfortunately, to use the new multi-signature account for the bounty, Mr. Ben will have to close the bounty handled by the old multi-signature account, create an entirely new bounty with the new multi-signature account, and start the process all over again.
Of course, Mr. Ben could continue with the old multi-signature account to avoid the trouble of opening another bounty. But then, that won’t be a 2-out-of-4 multi-signature account anymore (It will functionally become a 2-out-of-3 multi-signature account).
With an anonymous proxy, this wouldn’t need to happen (even if one of the signatories loses access to his account). Read on to find out why.
A quick introduction to proxies
To ensure that we’re all on the same page, let’s first take a quick look at proxies in general.
A Polkadot proxy account is an account set up to carry out transactions on behalf of the primary account. Whenever you set up a proxy account to act on behalf of your main account, the main account becomes the primary (or proxied account). This is at least true for regular proxies.
Security is the most common reason why you might want to set up a proxy account to act on your main account’s behalf. If you have a large stash of tokens on your main account, then it may be in your best interest to keep the main account as offline as possible. You can then add other accounts as proxies for your main account and use these proxies for day-to-day transactions.
For example, you can create the following:
- A staking proxy to manage nomination transactions for your main account (this is different from a controller account because a staking proxy allows you to do much more. For example, you can sign the transaction to bond more tokens in a staking proxy, but you can’t do that with a controller account)
- Another account for participating in crowd loans.
- And yet another for participating in governance.
The type of proxy you set up is what will determine its privileges. A “non-transfer “ proxy will permit all transactions except the transfer of funds from your main account. On the other hand, an “any type” proxy can perform any transaction on behalf of the primary account.
There are generally two categories of proxies:
- Regular proxies: These are actual accounts (with private keys) that act on behalf of the primary account. The main account in these types of proxies is the primary (proxied) account.
- Anonymous proxies: These proxies have no private keys (i.e., no particular account owns them). Unlike regular proxies (where the primary account is the proxied account), once an anonymous proxy has been created, the proxy becomes the primary (proxied account), and the main account becomes the proxy. This might seem confusing initially, but it will be more apparent once we dive deeper into anonymous proxies.
How Anonymous Proxies Work
Now that we have an overview of proxies, let’s take a deeper look at how anonymous proxies work.
When creating an anonymous proxy, the primary account becomes the proxy. It will act on behalf of the anonymous proxy (i.e., the anonymous proxy won’t be a proxy anymore). Instead, it becomes the primary or proxied account. This might raise the question of why the anonymous proxy is regarded as a proxy since it’s the proxied account. There’ve been controversies about this name, and some consider it a misnomer.
But because an anonymous proxy has no private keys, the only way to gain access to it is via the proxy acting on its behalf. Hence, one of its proxies has to be able to perform all possible transactions on its behalf (i.e., one of the proxies must be of the “any” type).
This compulsory proxy relationship is required to ensure that at least one of its proxies can carry out any type of transaction at any point in time. You can think of the “any type” proxy as the powerhouse of the anonymous proxy. There must be at least one “powerhouse” connected to the anonymous proxy at all times.
Note: Don’t confuse a proxy account with a proxied account. A proxied account is the primary account on behalf of which proxies act.
Important things to note when working with an anonymous proxy
- Any account can set up an anonymous proxy (be it a single account or a multi-signature account).
- To set up an anonymous proxy, you’ll need to use the “Proxy.anonymous” extrinsic. You can find a detailed guide to creating an anonymous proxy here.
- The most crucial point to note is that the first proxy your primary account will set up must be of the “any” type. Otherwise, you won’t be able to sign any transactions for the anonymous proxy. After setting up the anonymous proxy account, you can add more proxies to it in the future if you want.
- For the anonymous proxy to remain accessible, it must have at least one proxy of the “any” type at all times.
- All transactions are initiated from the anonymous proxy (i.e., the proxied account) and signed by an “any-type” proxy.
- If you need to remove an old proxy from an anonymous proxy, make sure that you first add the new proxy (of the “any” type) to the anonymous proxy. If you remove an old proxy without adding a new any-type proxy first, the anonymous proxy will be permanently inaccessible.
Now back to our hypothetical scenario
If Mr. Ben uses an anonymous proxy, the multi-signature account becomes a proxy for the anonymous proxy. The address of this proxy is what will be funded (and not the address of the multi-signature account).
The signatories of the multi-signature account will still be able to perform transactions on behalf of the anonymous proxy. But this time, if any of the curators lose access to his account, they won’t have to change the account that the bounty funded (since the account is an anonymous proxy). All they will have to do is:
- Create a new multi-signature account
- Add the new multi-signature account as a proxy of the “any” type for the anonymous proxy.
- Remove the old multi-signature account from the anonymous proxy.
- Now they can use the new multi-signature account to sign transactions on behalf of the anonymous proxy.
Aside from the fact that anonymous proxies allow for flexibility in the composition of fund managers, it’s also an uber-secure way to manage funds since (like a multi-signature account) the anonymous proxy has no private key. The only way to access funds in an anonymous proxy is to gain control of one of its any-type proxies, most of which are usually multi-signature accounts).
Conclusion
In this guide, I’ve taken you through how anonymous proxies work and how they fit into the broader categories of proxies. I have also discussed important things to note when working with anonymous proxies and a hypothetical scenario in which anonymous proxies could prove helpful.
This article doesn’t contain all you need to know about anonymous proxies but serves as a foundation with which you can start using anonymous proxies securely. Check out the wiki if you want to dive deeper into anonymous proxies.