Welcome fren! Last week we released our free Beginners Guide To Bitcoin Privacy. Now everyone has $0 access to simple and straightforward expert advice when it comes to Bitcoin privacy. For a lot of you though, these basic steps aren’t really enough. You want the absolute best privacy that Bitcoin has to offer which is what we’ll be covering today in our advanced bitcoin privacy guide.
If you think mainstream medias coverage of beginner Bitcoin privacy is bad, don’t even get us started on their advanced levels! For the most part, it just doesn’t exist. At best they’ll tell you to “get a Ledger crypto wallet” which has terribly poor privacy and security and call it a day.
Many of these mainstream media sources are also centralised, KYC exchanges that don’t want you to have privacy (as then they can’t sell your data) and also regularly try and convince you to go gamble on their shitcoin casinos.
So let’s learn how to do it right.
Note: This Privacy guide is for “Advanced Levels” which are people with “Savings Account” level funds. If you’re securing larger amounts, please see our Expert Bitcoin Privacy level guides
Key Advanced Bitcoin Privacy Points
- Beginner Privacy: Ensure you do everything in our Beginners Guide To Bitcoin Privacy
- Use A Hardware Crypto Wallet: Don’t buy it with your real world identity
- Use Your Own Full Bitcoin Node: Build or buy your own node and connect all wallets to it
- Use Tor: Ensure your node and all wallets only connect over Tor or a private VPN
- Use The Lightning Network: Use a separate wallet over Lightning to purchase daily goods
- Use Coin Control & Labelling: Label and be selective about which sats you spend
Advanced Bitcoin Privacy
Firstly, you can get a full run down on what each of our levels entail and where you might fit into them by looking at our Understanding Bitcoin piece or this overview table below. For this advanced Bitcoin privacy guide we are only targeting people in the Advanced and Expert levels.
|Funds Amount||Pocket Money||Savings Account||Serious Investments|
|Wallet Type||Software (Hot) /|
|Hardware (Cold)||Hardware (Cold)|
|Signature Type||Single Signature||Single Signature||Multisig|
|Key Custody||Self Custody||Self Custody||Self Custody|
|Key Backup||Laminated Paper||Laminated Paper||Metal Seed Plate|
|Key Security||None||Fire Proof Safe||Multiple Methods|
|Own Full Node||No||Yes||Yes|
|Electrum Server||Public Electrum|
Our top priorities for this site is to help everyone learn how to safely and privately buy, use, invest and grow wealthy with Bitcoin, so also know that this piece is just the start of our privacy information. We’ll be adding and expanding on each of the below points in much more detail as time goes on.
From in depth investigations into the pros and cons of various hardware crypto wallets to step by step setup guides for wallets and node builds, we want to ensure everyone gets the best information out there.
Use A Hardware Wallet
Whether you’re in the Advanced or Expert stages of your Bitcoin journey it’s highly likely that your bitcoins are worth a reasonable amount. If you don’t want to lose them, you should absolutely be buying a dedicated hardware wallet (aka Signing Device). These are physical devices in meatspace that do one thing, generate and secure your private keys.
You never want your private keys touching that revolting, malware infested computer/phone of yours trust us. Hardware wallets are cheap ($50+ USD) and easy to setup and use. Our top recommendations include:
These are two of the top hardware Crypto Wallets out there that we highly recommend but there are many more. While you’re welcome to buy any hardware wallet you think is appropriate, we’d only advise it after considerable scrutiny. Here are a few major considerations you should weigh up before just purchasing any random device you find on the internet:
- True Randomness Generation: It should uses two independent sources of randomness (or more) for your private key generation. One of the main purposes of hardware crypto wallets is to generate your private keys, this needs to be next level grade bullet proof! A poorly generated private key is a huge security hole
- Open Source: Its code should be 100% viewable for you or any other security researcher to review and interrogate. Open source code, vetted over many years is one of the top ways to ensure a secure environment
- Verifiable Software Binaries: It should have verifiable software binaries and PGP key signature checking with easy to follow instructions on their website. This allows you to verify that the software you’re downloading from their website hasn’t been maliciously altered or tampered with
- Uses Interoperable Standards: It should use common, industry standards such as BIP39 for its seed phrase words to allow for interoperable use in case there’s any reason to migrate away from that hardware vendor (eg they go bankrupt / get taken over / start acting stupid). To help with this, check out the major software wallets out there and see which devices they integrate with
- Reasonable Company History: The company itself should have been around for at least 5 years or more and the more revisions of the hardware they have, the better (eg. COLDCARD is up to “Mk4” while BitBox is up to “02” now). This hopefully ensures (but doesn’t guarantee) that hardware level issues have been resolved at the source and that the hardware and software have had most of their main kinks sorted out. You should also review their general practices like storage of customer data, history of how they handle security breaches and how they work with the security community in general
- Works With Standard Wallets: It should work with any industry standard third party Bitcoin wallet such as Sparrow Wallet or Samourai Wallet. You should not be locked into using only their bundled software wallet program as this can be both a privacy risk and a problem if the company ever runs into troubles
- Full Bitcoin Node via Tor Support: It should fully support you connecting it to your own Full Bitcoin Node via Tor. This is vital for Advanced and Expert levels both for privacy and security
- Easy Import / Export: It should fully support importing and exporting of all required info (Including Coin / UTXO Labels) for easy backup and restore, especially across various third party wallets (eg exporting from their wallet app and importing into a third party wallet) and for Multisig wallets that require more detailed backup information than single signature ones
- Multisig Support: It should fully support Multisig Wallets as well as xPub / Watch Only wallets and this support should extend to the standardized third party wallets as well
- Labeling And Control Of Coins: It should fully support labeling of coins (UTXOs) and being able to control which coins you spend either through their own app or through a standardized third party wallet
- Purchase Only From The Supplier: It should come in a tamper evident bag directly from the supplier and no one else. Do NOT buy from other random online sellers, eBay, forums or any other source
- Consider Physical Size: When choosing a device many people prefer large screens to enable easier reading / interaction, but be aware that the larger the device is, the harder it is to store / hide. It will also likely be more expensive too
Pro Tip: Don’t buy a hardware crypto wallet with your real world identity
If the hardware wallet company gets hacked, your identity is forever linked to “this customer has so much crypto they needed to buy a hardware wallet” = huge target. A recent example of this is how Ledger had all their customer data stolen. Now all those people are forever at physical risk with criminals knowing the names, addresses, emails and more. Not cool!
That company may also link your identity and funds to that hardware wallet and monitor your device / addresses / balance / transactions via their software (eg. Ledger Live)… which they then pass on to governments, third parties etc.
Buying the device without revealing your own real world identity is a one time, highly beneficial security enhancement that ensures knowledge of your stash is never revealed no matter how many times they get rekt. For more security focused information you can also check out our Advanced Bitcoin Security guide.
Most hardware crypto wallet manufacturers will accept Bitcoin too making this a relatively easy way to protect yourself. Make up a name, create a one time Proton.me email account via Tor Browser, pay via Bitcoin you obtained via a non-KYC source and you’re set!