Bitcoin privacy is very nuanced, this guide is a starting point.
Also see bitcoinprivacy.guide and the bitcoin wiki.
To buy bitcoin privately use services which don't link your identity to the purchase. We recommend buying with cash at a meetup or from a friend. You can find alternate methods here.
To receive bitcoin privately do not reuse addresses. Ideally use BIP47 enabled wallets (currently only Samourai Wallet on Android) to make this very easy.
Spend from your own wallet connected to your own full node. See our guide.
Use the following bitcoin wallet functions where possible;
Function | Description |
---|---|
Address labelling | Add a note to each address describing what it is used for |
Coin control | Select the utxo's you wish to spend |
CoinJoin | Multiparty transactions that obfuscate the history of utxo's |
Advanced spending tools | Spending methods that have multiple interpretations when looking at the blockchain |
We recommend Samourai Wallet on Android, in part because it has address labelling, coin control, can be used with whirlpool (a CoinJoin implementation_ and has the most advanced spending tools available in any wallet.
On desktop we recommend Specter Wallet which is used in conjunction with Bitcoin Core. It has address labelling and coin control.
Storing bitcoin privately requires that you avoid the many potential data leaks that can easily be made. Many of these are mitigated by using your own wallet connected to your own node.
For each potential data leak we have identified:
- Action: How you might leak data
- Data Leak: What information you may leak and to whom
- Mitigation: How you can avoid the data leak
You use an online block explorer to check whether you have received payment.
The company/individual running the block explorer can link any info you enter into the site (e.g. bitcoin address / transaction id) to your IP address.
If you check whether a bitcoin address has a bitcoin balance it is an indication that you were part of the transaction (sender or receiver).
Run your own block explorer which gets data from your own full node.
Access 3rd party block explorers via TOR
Searching for X.XXXXXXXX BTC in $
.
If the amount of bitcoin you search matches a recent transaction the search provider can link your IP address with that coin. If the search provider is google and you are logged in then it's likely that they can link the utxo to you.
- Search with DuckDuckGo over TOR
- Search with less precision X.XX BTC
- Manually Calculate
You use a plugin with access to all website data & do one of the above.
Plugin developer gets a copy of the data leaked above.
- Avoid plugins which have broad access to your web browsing
- Use a browser without plugins when doing anything bitcoin related
- Use incognito / private browsing when doing anything bitcoin related to disable plugins
You use the wallet software from your hardware wallet provider.
Most hardware wallets come with software that sends your addresses or xpubs to the servers of the hardware wallet manufacturer. This means that the hardware wallet manufacturer can link your IP address to your coins.
If the hardware manufacturer requires you to have an account or share other personal information then this could also be linked to your coins. If you provided your home address for shipping they can link the coins to you.
Use a bitcoin wallet that is connected to your own node. See our guide.
You use a wallet with email 2FA that isn't exclusively connected to your own node.
Your email address can be linked to your coins because your wallet leaks information about your coins to the wallet developer’s server along with your IP address (which could be logged when supplying your email address).
- Avoid email 2FA (use an open-source authenticator app where 2FA is required) for bitcoin wallets
- Connect your wallet to your own node. See our guide.
You use a light wallet that has unsophisticated clear-net block downloading rules.
Many light wallets download only the blocks that are relevant to your transactions making it easy for someone able to monitor the blocks you download (i.e. your ISP) to to identify the addresses common amongst blocks. Your ISP can then link your internet connection point / IP Address with your coins.
Use a wallet connected to your full node which downloads every block. See our guide.
You do any of the above things without an encrypted connection to the server you are communicating with (i.e. over http).
Your ISP can intercept all the data from the above leaks.
Only connect via HTTPS (look for the green padlock to the left of the URL).
You buy bitcoin on an exchange to a previously used cold-storage address.
Confirmation emails confirming the withdrawal leak your address to your email provider. The exchange can also link your email to the cold storage address.
- Disable notifications if possible
- Use a dedicated email not connected to your identity.