8 | 9 | # Sourcing Your Bitcoin 10 | 11 | ### Table of Contents 12 | 13 | 1. [Why no-KYC?](#why-no-kyc) 14 | 2. [Where to buy no-KYC?](#where-to-buy-no-kyc) 15 | 3. [Other options](#other-options) 16 | 4. [Trade-offs](#trade-offs) 17 | 18 | ### Why no-KYC? 19 | 20 | KYC or 'Know your customer' is a regulation that any businesses with a banking relationship has to abide by and Bitcoin exchanges are no different. These rules are imposed worldwide and are geared towards ensuring that a business acting as a money exchange and/or transmitter has 'suitable' information on every customer they serve. 21 | 22 | 95% of Bitcoin on-ramps today require KYC information. If you purchase through one of these regulated entities, you essentially tag your bitcoin addresses to your personal identity. This makes it much easier for chain surveillance firms, the companies they work with or worse, governments, to potentially... 23 | 24 | * Track your spending habits 25 | * Prevent you from using other regulated services 26 | * Confiscate your bitcoin 27 | * Come after you for tax liabilities 28 | * Generally know more about you than they should 29 | 30 | If you already own some bitcoin from a KYC source, you can decide on the best course of action and read more on the risks of KYC [here](https://bitcoinqna.github.io/noKYConly/). At the very least, ensure that you keep your KYC and non-KYC stacks of bitcoin completely separate. 31 | 32 | Given these risks it seems logical that step 1 of your Bitcoin privacy journey should be to ensure that when obtaining bitcoin, the fewer people who know, the better. Buying from a no-KYC source facilitates this. 33 | 34 | ### Where to buy no-KYC? 35 | 36 | #### Easy 37 | 38 | 1. Sign up for [Hodl Hodl](https://hodlhodl.com/) 39 | 2. Click 'Buy BTC' 40 | 3. Select desired payment method 41 | 4. Select the offer you wish to take 42 | 5. Specify the amount you wish to buy (if the seller is offering a range) 43 | 6. Enter receive address to which you want the bitcoin to be sent 44 | 7. Generate an escrow password 45 | 8. Wait for seller to deposit their bitcoin to the escrow and for 1 confirmation 46 | 9. Send the funds using your chosen payment method and confirm this on Hodl Hodl 47 | 10. Once the seller confirms receipt of payment, the bitcoin will be sent to your address 48 | 49 | 50 | #### More in-depth 51 | 52 | 1. Download [Bisq](https://bisq.network/downloads/) onto your computer, run it and wait for it to sync 53 | 2. Click on account and add the payment method you intend to use to purchase bitcoin with 54 | 3. Go to 'Buy BTC' and search for sellers offering bitcoin in exchange for your chosen payment method 55 | 4. Click 'Take Offer' 56 | 5. Specify the amount you wish to buy (if the seller is offering a range) 57 | 6. Fund trade wallet with BTC 58 | 7. Confirm trade 59 | 8. Wait for 1 blockchain confirmation 60 | 9. You will then see seller's payment details to send to 61 | 10. Once the seller confirms receipt of payment, the bitcoin (including your deposit) will be sent to your Bisq wallet 62 | 63 | ### Other options 64 | 65 | - **Peer to Peer Exchanges** 66 | - [LocalCryptos](https://localcryptos.com/) 67 | - [Local Coin Swap](https://localcoinswap.com/) 68 | - [Agora Desk](https://agoradesk.com/) 69 | 70 | - **ATMs** 71 | - [ATMs](https://coinatmradar.com/) *Check for individual KYC requirements* 72 | 73 | - **Vouchers** 74 | - [Azteco](https://azte.co/index.php#intro) 75 | 76 | - **Misc** 77 | - [Earn it](https://www.lopp.net/bitcoin-information/buying-earning.html#earning) 78 | - [Buy in person at a meetup](https://bitcoin-only.com/#meetups) 79 | - [Mine it](https://keybase.pub/diverterbtc/Mining%20for%20the%20Streets.pdf) 80 | 81 | 82 | ### Trade-offs 83 | 84 | Whilst buying from a no-KYC source will undoubtedly give you far more privacy, going down this route is not without its limitations. Some of the challenges you may face include... 85 | 86 | * Higher premiums for instant purchases (*this can be mitigated by creating your own buy [offer](https://www.bitcoinqna.com/post/creating-a-buy-offer-on-hodl-hodl) and having patience*) 87 | * You may struggle to buy larger amounts in a single transaction 88 | * If you are limited to one payment method, liquidity may be limited 89 | * The user experience is not as easy as centralised KYC offerings 90 | 91 | *** 92 | 93 | Now you know how to obtain bitcoin privately, lets [secure it](https://bitcoinprivacy.guide/secure.html). 94 | 95 | 96 | 97 | -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | [](https://bitcoinprivacy.guide) 6 | 7 | ## Intro 8 | 9 | We won't beat around the bush. Bitcoin privacy is not easy, especially for newcomers. There are many pitfalls in which you can trip yourself up. This site is designed to walk you through the basic steps to gain a good level of privacy when interacting with the Bitcoin network. These steps are written in a deliberate order to ensure that those starting from absolute zero give themselves the greatest privacy opportunity from day 1. If you are already a bitcoiner, but after reading this feel that you have missed or done something wrong, fear not, the best time to start taking steps to improve your privacy is now. 10 | 11 | Bitcoin privacy is a spectrum that is constantly shifting with different protocol changes, wallet or node features, and regulatory frameworks. However, there are some core principles that are likely to remain unchanged for the foreseeable future and we aim to walk you through those here. Please do not feel the need to implement all of these from day 1. Think of this site as your Bitcoin privacy toolbox, work on adding to it slowly over time as you gain understanding. 12 | 13 | Let's get started! 14 | 15 | ## Table of Contents 16 | 17 | 1. [Sourcing your Bitcoin](get.md) 18 | 2. [Securing your Bitcoin](secure.md) 19 | 3. [Segregating your Bitcoin](segregate.md) 20 | 4. [Scrutinising your Bitcoin transactions](scrutinise.md) 21 | 5. [Separating your Bitcoin from its past](separate.md) 22 | 6. [Safeguarding your Bitcoin](safeguard.md) 23 | 7. [Spending your Bitcoin](spend.md) 24 | 8. [Supplementary tools](supplementary.md) 25 | 26 |
27 | 28 | [Pull requests](https://github.com/BitcoinQnA/BitcoinPrivacyGuide) and suggestions are welcomed 29 | 30 | 31 | *** 32 | 33 |
34 | By Bitcoin Q+A |
35 | Support |
36 | More resources
37 |
38 |
8 | 9 | ## Safeguarding your Bitcoin 10 | 11 | ### Table of Contents 12 | 13 | 1. [What is cold storage?](#why-safeguard) 14 | 2. [Desktop node](#desktop-node-version) 15 | 3. [Plug + Play node](#plug-play-node-version) 16 | 3. [DIY node](#diy-node-version) 17 | 4. [Other options](#other-options) 18 | 5. [Trade-offs](#trade-offs) 19 | 20 | 21 | ### Why safeguard? 22 | 23 | So far all we have discussed are mobile wallets that favour convenience because they are internet connected devices that allow you quick and easy access to your bitcoin. The drawback with convenience is that internet connected devices bring their own exposure which may not be desireable if you are storing larger amounts of bitcoin. So how can we safeguard that bitcoin in a more secure way? 24 | 25 | Cold storage refers to a method of bitcoin storage that has never touched the internet. For most users this takes the form of a hardware wallet which is a dedicated device designed with one aim, to generate and secure your private keys. When looking for a cold storage method, look for 'air gapped' devices like the [Coldcard](https://coldcardwallet.com/) or [Cobo Vault](https://cobo.com/hardware-wallet/cobo-vault). These devices never need to be plugged into your *potentially* malware infected computer to sign transactions and allow you to spend your bitcoin, adding a huge layer of protection from attack. 26 | 27 | ### Desktop Node Version 28 | 29 | **Bitcoin Core + Specter Desktop + Coldcard** 30 | 31 | 1. Set up your [Coldcard](https://coldcardwallet.com/docs/quick) 32 | 2. Download [Bitcoin Core](https://bitcoin.org/en/download) 33 | 2. Open Core, go to 'options' and edit the config file to add the line `server=1` 34 | 3. Restart Core, initital block download (IBD) will now recommence. 35 | 4. Download [Specter Desktop](https://github.com/cryptoadvance/specter-desktop/releases) 36 | 5. Select 'run local Specter server' 37 | 6. Bitcoin Core will be automatically detected 38 | 7. In Specter press 'add new device' then give it a name and select the device type 39 | 8. On your ColdCard export 'Electrum Wallet' to your Coldcard SD card and insert into your computer 40 | 9. In Specter 'choose files' and select the **.JSON** file you just exported 41 | 10. Press continue and the device will be added 42 | 11. Press 'add new wallet', then 'single key' 43 | 12. Name the wallet, choose Segwit and select your Coldcard 44 | 13. Press continue then 'create wallet' 45 | 14. Wait for IBD to complete in core 46 | 15. Select your newly created wallet in Specter and press receive to see your first address 47 | 48 | [Here](https://www.youtube.com/watch?v=4koKF2MDXtk) is a fantastic video version of the above steps. 49 | 50 | ### Plug + Play Node Version 51 | 52 | **myNode One + Specter + ColdCard** 53 | 54 | 1. Setup your [Coldcard](https://coldcardwallet.com/docs/quick) 55 | 2. Setup your [myNode One](http://mynodebtc.com/guide/getting_started) 56 | 3. Wait for initital block download (IBD) to complete 57 | 4. Enable and open Specter from your myNode dashboard 58 | 5. In Specter press 'add new device' then give it a name and select the device type 59 | 6. On your ColdCard export 'Electrum Wallet' to your Coldcard SD card and insert into your computer 60 | 7. In Specter 'choose files' and select the **.JSON** file you just exported 61 | 8. Press continue and the device will be added 62 | 9. Press 'add new wallet' then 'single key' 63 | 10. Name the wallet, choose Segwit and select your Coldcard 64 | 11. Press continue then 'create wallet' 65 | 12. Wait for IBD to complete in Core 66 | 13. Select your newly created wallet in Specter and press receive to see your first address 67 | 68 | ### DIY Node Version 69 | 70 | **RoninDojo + Electrum Desktop + Coldcard** 71 | 72 | 1. Set up your [Coldcard](https://coldcardwallet.com/docs/quick) 73 | 2. Assemble your RoninDojo node [hardware](https://wiki.ronindojo.io/en/hardware) 74 | 3. Flash SD card then insert into device 75 | 4. Complete Manjaro setup 76 | 5. SSH into the device and install RoninDojo, ensuring you say 'yes' to installing Electrum Rust Server (electrs) 77 | 6. Wait for IBD and Electrs compaction to complete 78 | 7. Download [Electrum](https://electrum.org/#download) desktop wallet 79 | 8. [Connect](https://wiki.ronindojo.io/en/gui-setup/step5) Electrum wallet to your Electrum Rust Server 80 | 9. On your ColdCard export 'Electrum Wallet' to your Coldcard SD card and insert into your computer 81 | 10. In Electrum wallet press 'choose' then select the **.JSON** file that you just exported to the SD card and press next 82 | 11. Wallet will load and you should see a warning asking you to connect your Coldcard, ignore this message and press no 83 | 12. Press receive to see your first address 84 | 85 | 86 | ### Other options 87 | 88 | There are plenty of other hardware wallet and node combinations, most will require some form of Electrum Server to act as a bridge between the underlying bitcoin software on your node and desktop wallet which the most commonly used hardware wallet interface. 89 | 90 | 91 | ### Trade-offs 92 | 93 | * As touched on in the [secure](https://bitcoinprivacy.guide/secure.html) page, your backup **is** your bitcoin. This is no different for mobile or hardware wallets. Guard it with your life. 94 | 95 | * If you have just coinjoined some of your bitcoin and are keen to get it sent off to cold storage, be mindful of how you construct your transaction. Merging UTXO's shows common ownership to anyone watching on chain. 96 | 97 | * When getting any form of bitcoin related hardware delivered you are susceptible to supply chain attack. This means that an attacker could intercept the package and swap it out with a malicious device designed to steal your bitcoin. Whilst this is unlikely, it is something worth taking into account when setting up your devices. Ensure you follow the check procedures outlined by the product manufacturer when you receive. 98 | 99 | * Another thing worth considering is your payment method and delivery address. You can buy no-KYC bitcoin in cash from a meetup for maximum privacy, but if you buy a Coldcard from Coinkite (a public bitcoin company) using your credit card and have it delivered to your home address you're certainly giving away some clues! 100 | 101 | 102 | *** 103 | 104 | Now you have obtained, secured, segregated, labelled and coinjoined your bitcoin into both mobile and hardware wallets that are backed by your own node, let's look at how to [spend](https://bitcoinprivacy.guide/spend.html) your bitcoin in a private way. 105 | -------------------------------------------------------------------------------- /script/bootstrap: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | gem install bundler 6 | bundle install 7 | -------------------------------------------------------------------------------- /script/cibuild: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | bundle exec jekyll build 6 | bundle exec htmlproofer ./_site --check-html --check-sri 7 | bundle exec rubocop -D 8 | bundle exec script/validate-html 9 | gem build jekyll-theme-midnight.gemspec 10 | -------------------------------------------------------------------------------- /script/release: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Tag and push a release. 3 | 4 | set -e 5 | 6 | # Make sure we're in the project root. 7 | 8 | cd $(dirname "$0")/.. 9 | 10 | # Make sure the darn thing works 11 | 12 | bundle update 13 | 14 | # Build a new gem archive. 15 | 16 | rm -rf jekyll-theme-midnight-*.gem 17 | gem build -q jekyll-theme-midnight.gemspec 18 | 19 | # Make sure we're on the master branch. 20 | 21 | (git branch | grep -q 'master') || { 22 | echo "Only release from the master branch." 23 | exit 1 24 | } 25 | 26 | # Figure out what version we're releasing. 27 | 28 | tag=v`ls jekyll-theme-midnight-*.gem | sed 's/^jekyll-theme-midnight-\(.*\)\.gem$/\1/'` 29 | 30 | # Make sure we haven't released this version before. 31 | 32 | git fetch -t origin 33 | 34 | (git tag -l | grep -q "$tag") && { 35 | echo "Whoops, there's already a '${tag}' tag." 36 | exit 1 37 | } 38 | 39 | # Tag it and bag it. 40 | 41 | gem push jekyll-theme-midnight-*.gem && git tag "$tag" && 42 | git push origin master && git push origin "$tag" 43 | -------------------------------------------------------------------------------- /script/validate-html: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | require 'w3c_validators' 5 | 6 | def validator(file) 7 | extension = File.extname(file) 8 | if extension == '.html' 9 | W3CValidators::NuValidator.new 10 | elsif extension == '.css' 11 | W3CValidators::CSSValidator.new 12 | end 13 | end 14 | 15 | def validate(file) 16 | puts "Checking #{file}..." 17 | 18 | path = File.expand_path "../_site/#{file}", __dir__ 19 | results = validator(file).validate_file(path) 20 | 21 | return puts 'Valid!' if results.errors.empty? 22 | 23 | results.errors.each { |err| puts err.to_s } 24 | exit 1 25 | end 26 | 27 | validate 'index.html' 28 | validate File.join 'assets', 'css', 'style.css' 29 | -------------------------------------------------------------------------------- /scrutinise.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | [](https://bitcoinprivacy.guide) 6 | 7 |
8 | 9 | ## Scrutinise your Bitcoin transactions 10 | 11 | ### Table of Contents 12 | 13 | 1. [What are we scrutinising?](#what-are-we-scrutinising) 14 | 2. [Node considerations](#node-considerations) 15 | 3. [Node options](#node-options) 16 | 4. [Trade-offs](#trade-offs) 17 | 18 | 19 | ### What are we scrutinising? 20 | 21 | As outlined in the [secure](https://bitcoinprivacy.guide/secure.html) page, if you aren't trusting your own node to verify your transactions then you are trusting someone else's. A node is a computer running the 'bitcoin software' that comes with its own copy of the 'bitcoin rules.' Each time a node sees a transaction it will scrutinise the details against its own ruleset to ensure everything is present and correct and that the creator of the transaction isn't trying to cheat the system. By having your wallet connected to your own node, you can be sure that every transaction you receive is compliant to the rules that you, and everyone else participating in the network agrees upon. 22 | 23 | If you are trusting someone else's node, you are abiding by their rules. Their rules could be allowing false transactions to hit your wallet leading you to believe you are receiving bitcoin when in reality you aren't. Try spending those bitcoin with someone who is abiding by the 'real' or widely adopted rules and you will be rejected. 24 | 25 | From a privacy perspective, trusting someone else's node means that they can see... 26 | 27 | * Every transaction you send 28 | * Every transaction you receive 29 | * All of your balances 30 | * In some cases every address in your wallet (even the currently empty ones) 31 | 32 | In a perfect world everyone would have their own node setup before they even get any bitcoin. That way they never have to leak any transactional privacy by relying on other people's nodes to verify their transactions for them. The problem is, it takes seconds to download a phone wallet and receive bitcoin and it takes 3-5 days to set-up a node and download the blockchain so the natural progression works in the reverse. 33 | 34 | If, like most, you already have a wallet with bitcoin in that is backed by someone else's node, fear not. All you need to do is set up a new wallet (they're free remember) that is backed by your own node and send your funds across. For an extra level of security I would recommend [coinjoining](https://bitcoinprivacy.guide/separate.html) them before sending but this is not absolutely essential. 35 | 36 | [Here](https://www.bit-buy-bit.com/podcast-1/episode/1c6e67f7/ep38-bitcoin-podcast-with-bitcoin-qa-nodes) is a podcast episode where I talk through the basics of nodes. 37 | 38 | ### Node considerations 39 | 40 | The main things to consider when choosing a node to run... 41 | 42 | * Your technical ability 43 | * Your budget 44 | * What [features](https://www.bitcoinqna.com/nodecompare) you require 45 | * Running costs 46 | * Bandwidth 47 | * The level of support/community available 48 | * Wallet compatability 49 | 50 | 51 | ### Node options 52 | 53 | | Difficulty | Description | Setup Guide | Works with Samourai or Fully Noded? | 54 | |---------------|------------------------------------|--------------------------------------------------------------------------|-------------------------------| 55 | | Super Easy | Bitcoin Core on a computer | [Bitcoin Core](https://bitcoin.org/en/full-node#windows-instructions) | No - Built in wallet or works with Specter desktop | 56 | | Plug + Play | myNode One | [myNode](http://mynodebtc.com/guide/getting_started) | Both | 57 | | Plug + Play | Nodl One or Nodl Dojo | [Nodl](https://docs.lightning-solutions.eu/nodl-box/quick-start/getting-started) | Both | 58 | | Self build | RoninDojo | [RoninDojo](https://wiki.ronindojo.io) | Both, but more Samourai focused | 59 | 60 | 61 | ### Trade-offs 62 | 63 | Depending on the setup you go for, every node comes with it's own tradeoffs. If you want a plug and play option with sturdy hardware that requires little maintenance, it's going to cost you much more than a DIY option built to a budget spec. Another example would be that Bitcoin Core offers the easiest setup but lacks the ability to allow mobile wallets to connect to it. Not good if you want to spend bitcoin when away from your laptop! 64 | 65 | Consider carefully what is important to you before making your decision and don't be afraid to reach out for support. All of the projects mentioned above have very supportive community chat groups that can offer you advice. 66 | 67 | Running a node is a big step for many but is an absolute must for the ultimate transaction level privacy. 68 | 69 | *** 70 | 71 | Now you have obtained, secured, segregated and labelled your bitcoin in a wallet backed by your own node, lets [separate it](https://bitcoinprivacy.guide/separate.html) from its past. 72 | -------------------------------------------------------------------------------- /secure.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | [](https://bitcoinprivacy.guide) 6 | 7 |
8 | 9 | # Securing your Bitcoin 10 | 11 | ### Table of Contents 12 | 13 | 1. [Why secure your own bitcoin?](#why-secure-your-own-bitcoin) 14 | 2. [Android](#android) 15 | 3. [iOS](#ios) 16 | 4. [Other options](#other-options) 17 | 4. [Backup](#backup) 18 | 5. [Trade-offs](#trade-offs) 19 | 20 | 21 | ### Why secure your own bitcoin? 22 | 23 | There goes a saying in Bitcoin, "not your keys, not your coins." What this essentially means is that, if you are not in control of your private keys (your recovery/seed words) then you are not in control of your bitcoin. Fortunately, if you are buying from a no-KYC source then you will almost certainly require your own wallet to conduct trades. From a privacy perspective if you do not control your own keys, for example if you have your bitcoin held with a custodian, then you essentially have zero privacy. Whoever controls those keys has the ability to not only see all of your funds, but spend them as they see fit. 24 | 25 | [Here](https://www.bit-buy-bit.com/podcast-1/episode/26df4d37/ep35-bitcoin-podcast-with-itcoin-qa) is a podcast episode where I walk through in details the basics of bitcoin wallets. 26 | 27 | ### Android 28 | 29 | 1. Download [Samourai Wallet](https://samouraiwallet.com/download) 30 | 2. Select mainnet and enable tor 31 | 3. Start new wallet 32 | 4. Create a passphrase (*it is crucial that you secure this. Without this and your recovery words you cannot access your bitcoin*) 33 | 5. Set a pin code 34 | 6. Write down your recovery words (*it is crucial that you secure this backup. Without this and your passphrase you cannot access your bitcoin*) 35 | 7. Tap the blue + and then press receive 36 | 8. You will now see your first bitcoin address that you can receive to 37 | 38 | 39 | ### iOS 40 | 41 | *Fully Noded requires your own node but is currently the only well tested iOS wallet that offers coin control.* 42 | 43 | 1. Download [Fully Noded](https://apps.apple.com/gb/app/fully-noded/id1436425586) 44 | 2. Scan the connection QR provided by your node 45 | 3. Press the Bitcoin logo followed by the + in the top corner 46 | 4. Select single sig 47 | 5. Write down your recovery words (*it is crucial that you secure this. Without it you cannot access your bitcoin*) 48 | 7. Press invoice 49 | 8. You will now see your first bitcoin address to which you can receive funds 50 | 51 | 52 | ### Other options 53 | 54 | - **Desktop Wallets** 55 | - [Bitcoin Core](https://bitcoincore.org/en/download/) (*has a built in node*) 56 | - [Specter Desktop](https://github.com/cryptoadvance/specter-desktop) (*requires your own node*) 57 | 58 | 59 | ### Backup 60 | 61 | Your bitcoin backup is your bitcoin. Anyone with access to it has access to your bitcoin. 62 | 63 | * Samourai Wallet creates an encrypted backup of your wallet automatically on your phone 64 | 65 | For extra redundancy most people keep their seed words on some form of [metal](https://jlopp.github.io/metal-bitcoin-storage-reviews/) storage. 66 | 67 | You should ensure that your chosen method of backup is resistant to... 68 | 69 | * Theft/Loss 70 | * Fire/Water/Elements damage 71 | * Degradation 72 | 73 | ### Trade-offs 74 | 75 | Unless your chosen wallet is backed by your own node, you are trusting someone elses. This means that your transactional data and wallet balances are being served by someone else and they can theoretically eavesdrop on your on-chain activity. However, most users aren't likely to run a node **before** they even hold their own keys, the natural learning progression doesn't work that way. If you feel confident in setting up your own node first then skip ahead to the [scrutinise](https://bitcoinprivacy.guide/scrutinise.html) section and then come back here to continue with the guide. 76 | 77 | But if that sounds a bit too much for you right now don't panic, we will fix that later in the guide. 78 | 79 | Holding your own keys is a big responsibility, there are no refunds in Bitcoin. 80 | 81 | *** 82 | 83 | Now you know how to obtain secure privately, let's [segregate it](https://bitcoinprivacy.guide/segregate.html). 84 | -------------------------------------------------------------------------------- /segregate.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | [](https://bitcoinprivacy.guide) 6 | 7 |
8 | 9 | # Segregating your Bitcoin 10 | 11 | ### Table of Contents 12 | 13 | 1. [What is segregation?](#what-is-segregation) 14 | 2. [Address re-use](#address-re-use) 15 | 3. [Android](#android) 16 | 4. [iOS](#ios) 17 | 5. [Trade-offs](#trade-offs) 18 | 19 | 20 | ### What is segregation? 21 | 22 | Segregation simply means having the ability to keep your different 'chunks' of bitcoin separate from one another. These chunks of bitcoin are known as unspent transaction outputs (UTXOs). Why would we want to keep them separate? Let's imagine that your wallet holds 1 BTC split between 2 UTXOs that are 0.5 BTC each and you want to send me 0.6 BTC. This transaction would result in your wallet combining those two UTXO's together to create an output that pays me 0.6 BTC and you would have a change output of around 0.4 BTC less any fees. 23 | 24 | So what? Well now let's imagine that one of your 0.5 BTC was a change output from a 'frowned upon' service or source and the person you're paying is a regulated entity that is actively performing chain analysis. They could refuse access to their service, block your account, or even report you to the authorities. This is just one example designed to demonstrate that one transaction could leak a lot of information about you and your transactional history - not good for your privacy! 25 | 26 | So how do we mitigate against such a privacy leak? By using a [wallet](https://bitcoinprivacy.guide/secure.html) that offers coin control and labelling. Coin cointrol is a simply the ability to select which UTXOs are used to construct any given transaction. Ensuring that your UTXO's are effectively labelled will enable you to decide which UTXOs you want to include in future transactions. You can label any way you'd like but it is generally good practice to include the source of the funds in a format that suits you. 27 | 28 | Samourai Wallet and Fully Noded are two of very few mobile wallets that enable this all important feature. Desktop wallets like [Specter](https://github.com/cryptoadvance/specter-desktop) or [Bitcoin Core](https://bitcoin.org/en/download) generally offer more in this regard but are obviously not a portable solution. 29 | 30 | ### Address re-use 31 | 32 | 99% of bitcoin wallets that exist today will automatically serve you a new receive address every time the previous one receives any funds. All you need to be aware of is not sharing the same one twice with different entities as you can leak some privacy for the same reason as outlined in the example above. Remember, addresses are free and infinite. 33 | 34 | ### Android 35 | 36 | #### Samourai - Coin Control 37 | 38 | 1. Press the 3 dots in the top right corner 39 | 2. Show unspent outputs 40 | 3. Long press on the UTXO(s) you want to use to create the transaction 41 | 4. Press the send arrow in the top right 42 | 5. Enter the recipient address and amount 43 | 6. Send 44 | 45 | #### Samourai - Labelling 46 | 47 | 1. Press the 3 dots in the top right corner 48 | 2. Show unspent outputs 49 | 3. Double tap the UTXO(s) you want to label 50 | 4. Press add note 51 | 52 | Your labels in Samourai Wallet are saved automatically in the encrypted backup file that is stored on your phone. If you need to restore your wallet ensure you used this method rather than using your seed words to retain your labels. 53 | 54 | ### iOS 55 | 56 | #### Fully Noded - Coin Control 57 | 58 | 1. Tap the active wallet tab 59 | 2. Tap the "utxo's" button 60 | 3. Tap a utxo(s) to select it for a spend 61 | 4. Tap the 🔗 button to create the transaction 62 | 5. Enter the amount 63 | 6. FN will check if you have an address copied to clipboard, if not you can scan a QR to select the recipient address 64 | 7. Send 65 | 66 | #### Fully Noded - Labelling 67 | 68 | *FN does labelling via addresses and not UTXOs so you should avoid address manual address reuse* 69 | 70 | 1. Tap the active wallet tab 71 | 2. Press advanced 72 | 3. Hit import address 73 | 4. You can now add or overwrite and address label 74 | 75 | The labels you create in Fully Noded are stored on your node. Create a secure copy of your `wallet.dat` file to back these up. 76 | 77 | ### Trade-offs 78 | 79 | The only real tradeoff with labelling your UTXO's and practicing coin control is the minimal extra steps required to do each one. Just remember, if you do not specify which UTXOs to spend in a transaction, your wallet will do it for you with no regard for each chunk of bitcoin's previous history. 80 | 81 | 82 | *** 83 | 84 | Now you have obtained, secured, segregated and labelled your bitcoin to maximise your privacy, let's work on [scrutinising](https://bitcoinprivacy.guide/scrutinise.html) your transactions. 85 | -------------------------------------------------------------------------------- /separate.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | [](https://bitcoinprivacy.guide) 6 | 7 |
8 | 9 | ## Separating your Bitcoin from it's past 10 | 11 | ### Table of Contents 12 | 13 | 1. [What are we separating?](#what-are-we-separating) 14 | 2. [Coinjoin considerations](#coinjoin-considerations) 15 | 3. [Android](#android) 16 | 4. [Other options](#other-options) 17 | 5. [Trade-offs](#trade-offs) 18 | 19 | 20 | ### What are we separating? 21 | 22 | The Bitcoin blockchain is completely public, anyone can hop onto a block explorer and look up any transaction from the last hour or the last 10 years. Depending on the tools available and their level of expertise they could analyse and follow any one of these transactions to build up a picture of an entity's spending habits. Chain surveillance firms do exactly this, and using heuristics (*assumptions*) they can cluster transactions together to follow a given entity accross the chain. Aside from this being an invasion of your privacy it also poses the risks we covered in [sourcing](https://bitcoinprivacy.guide/get.html) your bitcoin. 23 | 24 | Coinjoin is a privacy tool that prevents this and there are different types of implementations, each with their own take on the same basic idea. Two or more users pool their UTXOs together into a collaborative transaction that is formed in a unique way. The way the transaction is constructed makes it very difficult for surveillance firms to know exactly which transaction output belongs to which of the input owners. 25 | 26 | This is where the separation part comes in... A proper coinjoin implementation will completely break all deterministic links with the coins 'pre coinjoin' past. At best anyone looking at the transaction can come up with a number of possible scenarios as to who owns which piece of bitcoin but they can never be 100% sure. Now imagine you carry out multiple rounds of coinjoin one after the other, the transaction graph quickly becomes very confusing and impossible to track. 27 | 28 | [Here](https://www.bit-buy-bit.com/podcast-1/episode/2a64f9e1/ep43-bitcoin-podcast-with-bitcoin-qa-coinjoin) is a podcast episode where I talk through the basics of coinjoin. 29 | 30 | ### Coinjoin considerations 31 | 32 | * There are fees involved with coinjoins, ensure you understand them fully before starting out 33 | * Your spending habits after you coinjoin are very important. We will cover those [later](https://bitcoinprivacy.guide/spend.html) 34 | * Avoid centralised 'mixers' as they actually take control of your bitcoin for a short period of time 35 | * You should run your own Dojo before using Whirlpool for maximum privacy. *All of the node implementations (apart from core) mentioned on the previous page come packaged with Dojo.* 36 | 37 | 38 | ### Android 39 | 40 | Samourai Wallet offers the easiest and most effective coinjoin implementation, Whirlpool. Below is a simple walkthrough but to read a more in-depth look at it's features see [here](https://www.bitcoinqna.com/post/whirlpool-faq) 41 | 42 | 1. Calculate your Whirlpool [fees](https://www.whirlpoolfees.com/) based on your chosen amounts and pool sizes 43 | 1. Send some bitcoin into your wallet as outlined [earlier](https://bitcoinprivacy.guide/secure.html#android) 44 | 2. Click the blue + and press Whirlpool 45 | 3. Once Whirlpool loads, press the icon in the bottom right corner 46 | 4. Press mix UTXOs 47 | 5. Select which UTXOs you want to mix 48 | 6. Pick how quickly you would like the mix to be initiated 49 | 7. Review the transaction details 50 | 8. Begin cycle 51 | 9. Press yes to the box asking if you want to mark your change as 'Do not Spend' 52 | 10. Your mix is now underway and you will see your mixed sats in the postmix section of your wallet after a short wait 53 | 11. If you leave your funds in postmix you will be eligible for free and unlimited remixes (*chosen at random*) 54 | 55 | **Bonus** 56 | 57 | * For easier mix management and 24/7 remixing you can pair your Samourai Wallet with Whirlpool GUI (a desktop app) and Whirlpool CLI that come packaged with myNode, Nodl and RoninDojo. The graphic below is an example of how it all fits together. 58 | 59 |
60 | 
61 |
8 | 9 | ## Spending your Bitcoin 10 | 11 | ### Table of Contents 12 | 13 | 1. [Spending considerations](#spending-considerations) 14 | 2. [Android](#android) 15 | 3. [iOS](#ios) 16 | 17 | ### Spending considerations 18 | 19 | Spending your bitcoin can be a tricky task to get right from a privacy perspective. Fortunately if you have followed the previous steps you are in a perfect position to nail it. We have already covered off many of the pitfalls such as merging UTXOs, particularly those from 'conflicting' sources such as KYC and no-KYC but here is a brief rundown of things to consider when spending bitcoin (even to yourself). 20 | 21 | * Check your labels before spending 22 | * Avoid merging UTXOs where possible 23 | * Label your change outputs 24 | * Make every spend a coinjoin (*see below*) 25 | 26 | 27 | ### Android 28 | 29 | **Samourai Wallet Postmix Tools** 30 | 31 | * Stonewall 32 | 33 | Stonewall builds your transaction in a unique way to increase the deniability of links between the sender and recipient. Once the spending conditions are met the wallet will create this type of transaction automatically and will display the level of entropy the proposed transaction will have. Stonewall is actually a 'fake' mini coin join using only your own UTXOs. STONEWALL can be created from your deposit or postmix accounts, but the algorithm will never mix UTXOs from those accounts together. 34 | 35 | **Useful for** - Any type of spend 36 | 37 | * Stonewall X2 38 | 39 | Stonewall X2 creates a mini coin join with another Samourai user. It mixes some of both Samourai users UTXOs when paying to any third party to create a high entropy transaction. You don't even need to be in the same room as your fellow Samourai user to create a Stonewall X2 as you can simply share QR codes via encrypted chat. 40 | 41 | **Useful for** - Any type of spend 42 | 43 | * Stowaway 44 | 45 | Stowaway is Samourai's implementation of Payjoin. When paying another trusted Samourai user it creates a transaction that looks just like any other Bitcoin transaction on chain but it's actually a form of mini coin join. The most powerful thing about Stowaway is that the amount being sent will never actually be visible to anyone looking at the blockchain. Stowaway also uses sender AND recipient UTXOs on the input side of the transaction which completely destroys the common-input ownership heuristic for chain analysis firms. Just like Stonewall X2, Stowaway can be constructed in person or remotely. 46 | 47 | **Useful for** - Spending to another Samourai user 48 | 49 | 50 | * Ricochet 51 | 52 | Ricochet creates additional 'hops' or 'distance' between your Samourai wallet activity and the recipient address. This can be beneficial if you are sending to a service such as an exchange who may want to pry into the history of your UTXO’s. 53 | 54 | **Useful for** - Spending to centralised entities that may be using chain analysis 55 | 56 | 57 | ### iOS 58 | 59 | There are currently no iOS wallets that have privacy preserving spend tools. This section will be updated if that changes. 60 | 61 | Recommended course of action is to follow the basic steps outlined [here](#spending-considerations). 62 | 63 | Or... 64 | 65 | * Buy a cheap android phone 66 | * Install Samourai Wallet 67 | * Follow steps above 68 | 69 | *** 70 | 71 | Now you have obtained, secured, segregated, labelled and coinjoined your bitcoin into both mobile and hardware wallets that are backed by your own node and learned how to spend in a privacy focused way. Let's look at some of the [supplementary](https://bitcoinprivacy.guide/supplementary.html) tools available to further lock down your Bitcoin related privacy. 72 | -------------------------------------------------------------------------------- /supplementary.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | [](https://bitcoinprivacy.guide) 6 | 7 |
8 | 9 | ## Supplementary Tools 10 | 11 | ### Table of Contents 12 | 13 | 1. [Tor](#tor-browser) 14 | 2. [VPN](vpn-services) 15 | 2. [Messaging](#messaging) 16 | 3. [E-mail](#email) 17 | 3. [Phones](#phones) 18 | 4. [Password managers](#password-managers) 19 | 3. [Other](#other) 20 | 21 |
22 | 23 | ### Tor browser 24 | 25 | [Tor](https://www.torproject.org/download/) is a web broswer that runs on the Tor network. It masks your IP address and gives you much greater online privacy. All of the tools mentioned in this guide also run natively over Tor. 26 | 27 | ### VPN services 28 | 29 | A VPN provides privacy by 'tunneling' your web traffic to a different server which is generally located somewhere in a different country. Whilst this does prevent your ISP from spying on your online activity, you do place some trust in the VPN server you are connecting to. 30 | 31 | * [Mullvad](https://mullvad.net/en/) 32 | * [ProtonVPN](https://protonvpn.com/) 33 | 34 | ### Messaging 35 | 36 | Communication services that use encryption to avoid spying. 37 | 38 | * [Signal](https://signal.org/en/) 39 | * [Keybase](https://keybase.io/) 40 | * [Session](https://getsession.org/) 41 | * [Telegram](https://telegram.org/) (*Use secret chats*) 42 | * [Matrix](https://matrix.org/) 43 | * [Threema](https://threema.ch/en) 44 | * [Wire](https://wire.com/en/) 45 | 46 | 47 | ### E-mail 48 | 49 | E-mail services that use encryption to avoid spying. 50 | 51 | * [Proton Mail](https://protonmail.com/) 52 | * [Tutanota](https://tutanota.com/) 53 | * [Ctemplar](https://ctemplar.com) 54 | 55 | E-mail forwarding/alias services to avoid sharing your real email: 56 | 57 | * [Simple Login](https://simplelogin.io) 58 | * [Nullbox](https://nullbox.co) 59 | 60 | 61 | ### Phones 62 | 63 | Privacy focused forks of Android with google services removed. 64 | 65 | * [Graphene OS](https://grapheneos.org/) 66 | * [Guide](https://www.youtube.com/watch?v=oO0UFZjuotg) 67 | 68 | * [Copperhead OS](https://copperhead.co/android/) 69 | * [Purchase](https://mamushi.io/) 70 | 71 | * [Calyx OS](https://calyxos.org/) 72 | * [Explainer](https://www.youtube.com/watch?v=heVNcdq2MKA) 73 | 74 | ### Password managers 75 | 76 | * [Bitwarden](https://bitwarden.com/) 77 | * [KeePass](https://keepass.info/) 78 | 79 | ### Other 80 | 81 | * [Standard Notes](https://standardnotes.org/) - Cross platform notes app that uses encryption 82 | * [Tails OS](https://tails.boum.org/) - Portable OS that boots from a USB stick 83 | * [Open Keychain](https://www.openkeychain.org/) - PGP key manager and encryption tool 84 | 85 | *** 86 | 87 |
88 | Guide by Bitcoin Q+A |
89 | Support
90 |
91 |