Bitcoin Privacy Guide
Techniques, tools, and best practices for maintaining Bitcoin privacy. All the educational content from am-i.exposed in one reference.
Privacy techniques
On-chain privacy tools like CoinJoin are just one layer. The strongest privacy comes from combining multiple techniques across different networks.
On-chain spending techniques
Off-chain and cross-chain pathways
Combined strategies
Wallet comparison
Recommended wallets - low on-chain footprint
| Wallet | Type | nSeq | Anti-snip | CoinJoin | PayJoin | BIP47 | SP | Own Node | Tor |
|---|---|---|---|---|---|---|---|---|---|
 Sparrow | Desktop | ✓ | ✓ | ✓ | v1 only | ✓ | ✗ | ✓ | ✓ |
 Bitcoin Core | Desktop | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ | Is the node | ✓ |
 Electrum | DesktopMobile | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ | ✓ |
 Ashigaru | Mobile | ✓ | ✓ | ✓ | Stowaway | ✓ | ✗ | ✓ | Native |
 Trezor Suite | Hardware | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ | Partial |
 Blockstream Green | DesktopMobile | ✓ | ✓ | ✗ | ✗ | ✗ | Send only | ✓ | ✓ |
 Nunchuk | DesktopMobile | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ | ✓ | Partial |
 Wasabi | Desktop | ✗ | ✗ | ✓ | ✗ | ✗ | Send only | ✓ | Native |
 Cake Wallet | Mobile | ✓ | ✓ | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ |
 Bull Bitcoin | Mobile | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ | ✓ | Partial |
 Blue Wallet | DesktopMobile | ✓ | ✓ | ✗ | ✗ | ✓ | Send only | ✓ | ✗ |
Wallets to avoid for privacy
Exodus - Clear fingerprint (nVersion=1, nLockTime=0), no coin control, no Tor, centralized servers- Trust Wallet - No coin control, no Tor support, sends all queries through centralized infrastructure
- Coinbase Wallet - Integrated with Coinbase exchange, queries go through Coinbase servers, no privacy features
- Exchange wallets - Custodial - the exchange controls your keys and sees all your transactions
What makes a wallet good or bad for privacy
| Criteria | Good | Bad |
|---|---|---|
| nSequence | 0xFFFFFFFE (signals locktime support) | 0xFFFFFFFF (no locktime, no RBF) |
| nLockTime | Current block height (anti-fee-sniping) | Always 0 (no anti-fee-sniping) |
| RBF | Signaled or configurable | No support |
| Addresses | Always new (BIP44/84 HD derivation) | Reused or manually managed |
| Connection | Own node or Tor | Centralized server only |
Why recommend wallets that have fingerprints?
Every wallet leaves a fingerprint - that is unavoidable. The goal is not to be invisible, but to be indistinguishable from millions of other users.
A Bitcoin Core fingerprint is shared by millions of transactions. Knowing someone uses Bitcoin Core reveals almost nothing useful. An Exodus fingerprint, on the other hand, reveals poor privacy practices (no coin control, no Tor, centralized servers) and belongs to a much smaller set.
Choose wallets where the fingerprint says "one of millions" rather than "one of a few with poor habits."
Common mistakes to avoid
CoinJoin then consolidate all outputs
Combining CoinJoin outputs in a single transaction re-links them via common input ownership heuristic (CIOH), undoing the entire mix.
Mix or redirect KYC exchange funds
Exchange withdrawal addresses are in chain analysis databases. Exchanges now require signing or declaring destination addresses. Keep KYC funds in a clean lifecycle: exchange to cold wallet to exchange when selling. Mixing breaks the trace but not the history - the exchange still has your KYC record and could trigger compliance issues.
Mix with Wasabi then send immediately
Wasabi's nVersion=1 fingerprint identifies the pre-CoinJoin transaction. Spending immediately after creates a timing correlation. Wait several blocks and use a different wallet for the spend.
Change wallet but reuse the receiver's address
Switching wallets improves fingerprinting, but if you reuse the same receiving address, all prior transaction history is still linked.
Use Tor only without changing on-chain behavior
Tor protects your IP address, not your blockchain footprint. If your transactions still have round amounts, address reuse, and identifiable fingerprints, Tor alone does not help.
Open Lightning channel directly from exchange withdrawal
This links your Lightning identity to your exchange account. Keep KYC funds separate - send to cold storage only. If you need Lightning for private spending, fund channels from non-KYC sources (P2P, ATM, mining, earning).
Rely on a single Lightning channel with one LSP
If your Lightning wallet has only one channel (e.g., Phoenix with ACINQ), the LSP knows every payment destination, amount, and timing. Mitigate by running your own node or maintaining multiple channels with different peers.
Fee bump a privacy-sensitive transaction
Both RBF and CPFP reveal information about change outputs. RBF replacement shows which output value decreased (change), while CPFP reveals change by spending it as a child input. For privacy-sensitive transactions, set an adequate fee upfront to avoid fee bumping entirely.
Consolidate UTXOs from different privacy contexts
Merging KYC exchange withdrawals with P2P or CoinJoin outputs links all those identities via CIOH. Only consolidate UTXOs from the same privacy category.
Use the same swap service for both entry and exit
Using the same service (e.g., Boltz) for both Liquid peg-in and peg-out, or for both BTC-to-XMR and XMR-to-BTC swaps, gives that service full visibility of your flow. Use different services for each direction.
Recovery playbook
Follow these steps to improve your privacy score from Critical/F to Healthy/A:
Move funds to a privacy-focused wallet
Transfer your compromised UTXOs to Sparrow Wallet or Ashigaru. These wallets give you coin control and proper change address management.
CoinJoin your UTXOs
Run your funds through Whirlpool (Sparrow/Ashigaru) or JoinMarket to break the transaction graph. Each CoinJoin cycle adds anonymity set members.
Wait several blocks before spending
After CoinJoin, let the outputs sit for at least 10-20 blocks. Spending immediately after mixing is a timing correlation signal that weakens your privacy.
Spend with coin control - one UTXO per transaction
Select individual UTXOs for each payment using coin control. Never combine multiple post-mix UTXOs in a single transaction - that undoes the CoinJoin.
Send to a fresh address
Always send to a fresh, never-used address from the receiver. If you control the receiving wallet, generate a new address for each receive.
Maintaining your privacy
Good privacy is not a one-time achievement - it requires ongoing discipline. These practices help maintain the privacy gains detected in this analysis.
UTXO hygiene
- -Label every UTXO by source (exchange, P2P, CoinJoin, mining, payment). Never merge UTXOs from different sources.
- -Segregate KYC-sourced UTXOs from non-KYC. Treat them as separate wallets with separate spending strategies.
- -Freeze dust outputs (under 1,000 sats). Spending them costs more in fees than they are worth and can link your addresses.
- -Consolidation is generally bad for privacy. Same-source consolidation (e.g., multiple withdrawals from the same exchange) is acceptable during low-fee periods. Different-source consolidation reveals more to observers of each UTXO - if unavoidable, keep amounts small. Ideal: maintain UTXOs of varied sizes (not too small, not too large) to handle any payment without forced consolidation.
- -Label every UTXO by source (e.g., 'KYC-exchange', 'P2P-cash', 'CoinJoin-mixed'). Use BIP329 label export when migrating wallets. Labels prevent accidental cross-contamination of privacy contexts.
- -When consolidation is necessary, prioritize combining UTXOs from the same source or entity (e.g., multiple withdrawals from the same exchange). Same-source consolidation does not create new linkage between different identities.
Post-spend discipline
- -Spend one UTXO per transaction whenever possible. Multiple inputs link addresses via Common Input Ownership.
- -Avoid consolidating CoinJoin outputs. Each mixed output is an independent privacy unit. Consolidating all of them can link input to output, undoing the mix. If partial consolidation is unavoidable (e.g., within the same denomination), do it knowingly, or use spending tools like PayJoin or Stonewall instead of raw consolidation.
- -After CoinJoin, wait at least a few blocks before spending. Immediate post-mix spending creates timing correlation.
Network privacy
- -Connect your wallet through Tor to hide which addresses you query from the node operator.
- -Run your own Bitcoin node and mempool instance. This eliminates all third-party address queries.
- -Use a VPN or Tor when accessing block explorers in a web browser.
Wallet consistency
- -Stick with one wallet family to avoid mixing fingerprints. Switching wallets mid-UTXO-lifetime creates detectable patterns.
- -Ensure your wallet uses anti-fee-sniping (nLockTime = current block height) and standard nSequence values.
Spending strategy
- -If a UTXO exactly covers the payment plus fee, spend that single UTXO - no change output is created. When no single UTXO matches, choose inputs carefully: prefer coins from the same source. Bitcoin Core automates this via Branch-and-Bound (BnB) selection.
- -Match input and output script types (all P2WPKH or all P2TR). Mixed script types fingerprint the change output.
- -If you need to speed up a transaction, prefer CPFP - it can be applied by either the payer or receiver. RBF can only be applied by the sender and reveals which output is change (the output whose value decreases in the replacement). For privacy-sensitive payments, set an adequate fee upfront to avoid needing either.
- -Batching multiple payments into one transaction increases ambiguity for change detection, but all recipients can see each other's outputs and amounts. This may reveal more about your economic activity than sending individually. Use batching only when the privacy gain (entropy) outweighs the information shared with recipients.
- -Use Sparrow's 'Spending Privately' feature to construct Stonewall-like transactions that mimic CoinJoin structure using only your own UTXOs.