TL;DR – The Short Version
- ✓Keys are generated in YOUR browser – never on our servers
- ✓We cannot see your keys – we don't receive them, store them, or have access to them
- ✓Works offline – disconnect from internet after loading to prove it
- ✓Open source – all code is auditable on GitHub
- ✓Verifiable – use DevTools to confirm zero data transmission
- ✓Live auditable – run 8 automated security checks right in your browser
01Where Your Keys Are Generated
Main Thread
(UI / React)
Web Workers (parallel)
W1
Ed25519
W2
Ed25519
...
Ed25519
Wn
Ed25519
🔐 Keys Generated HERE
Using YOUR CPU cores • In YOUR browser's memory
Static files only (HTML, JS, CSS)
NO key data flows here
Delivers static files
Cannot compute keys
No memory access
NO key access
✓ What happens in YOUR browser
- • All JavaScript execution
- • All cryptographic operations
- • Random number generation
- • Key pair creation
- • Pattern matching
- • File downloads
✗ What our server CANNOT do
- • See your private keys
- • Access your browser memory
- • Execute code on your device
- • Intercept generated keys
- • Track your patterns
- • Identify you personally
02What We Store (Nothing)
Zero Data Storage
AddrLab stores absolutely no data. There is no database, no analytics, no tracking. The application runs entirely in your browser.
We do NOT store:
- • No private keys
- • No public keys / addresses
- • No patterns searched
- • No IP addresses
- • No timestamps
- • No user identifiers
- • No cookies
- • No analytics
03Cryptographic Security
| Component | Technology | Standard |
|---|---|---|
| Key Algorithm | Ed25519 | RFC 8032 |
| Key Generation | Native Web Crypto API | W3C Standard |
| Random Numbers | crypto.getRandomValues() | Hardware-backed CSPRNG |
| Entropy | 256 bits | Industry standard |
| Address Encoding | Base58 | Solana compatible |
Key Security Check
After generating a key, AddrLab performs real-time security analysis:
- • Entropy verification – Confirms 256-bit entropy
- • CSPRNG check – Verifies cryptographically secure RNG
- • Chi-Square test – Statistical verification of randomness
- • Distribution analysis – Ensures uniform byte distribution
04HTTP Security Headers
| Header | Value | Purpose |
|---|---|---|
| Content-Security-Policy | Strict | Prevents XSS, blocks external scripts |
| Strict-Transport-Security | max-age=31536000 | Forces HTTPS for 1 year (HSTS) |
| X-Frame-Options | DENY | Prevents clickjacking |
| X-Content-Type-Options | nosniff | Prevents MIME sniffing |
| Referrer-Policy | strict-origin | Limits referrer information |
05How to Verify Yourself
Don't trust us – verify it yourself. Here are three methods to confirm that your keys never leave your browser:
1Network Monitor
- 1. Open DevTools (F12)
- 2. Go to Network tab
- 3. Clear existing requests
- 4. Generate an address
- 5. Watch: Zero requests
2Offline Test
- 1. Load AddrLab
- 2. Go offline (airplane mode)
- 3. Generate an address
- 4. It works!
3Code Review
- 1. Visit GitHub
- 2. Check
vanity.worker.source.ts - 3. Review the source code
- 4. Verify yourself
06Common Questions
Can you steal my keys?
No. We physically cannot access your keys because they never leave your browser. There is no code path that transmits key data to any server. You can verify this by auditing our source code or monitoring network traffic.
What if your servers get hacked?
Even if our servers were compromised, attackers could not access your keys. The server only delivers static files – it never receives or processes keys. Your keys exist only in your browser's memory.
Are vanity addresses less secure?
No. The cryptographic security is identical to random addresses. The private key is generated using the same secure methods. Only the resulting public key (address) is filtered for your pattern.
Do you collect any data?
No. AddrLab stores zero data. There is no database, no analytics, no tracking. Everything runs entirely in your browser.
Should I use this for large amounts?
For significant amounts, we recommend additional precautions: generate keys while offline, verify the key works with a small test transaction first, and consider using a hardware wallet for long-term storage.
Still Have Questions?
Security is our top priority. If you have any concerns or want to report a vulnerability, we want to hear from you.