Bitcoin is the most transparent money that has ever existed. Every transaction you make is recorded on a public ledger, forever, for anyone with an internet connection to see. Most people have no idea how much information they hand over every time they send and receive Bitcoin.
This guide breaks Bitcoin privacy down into four distinct pillars — four different ways you leak information, and what you can do about each one. It's a high-level overview rather than a deep dive into any single point. The goal is to make you aware of every place you can leak privacy, so you know where to focus. Once you understand how people actually track you, staying private becomes far easier.
Prefer to watch? Here's the full video breakdown of the four pillars:
What Privacy Actually Means (And Why It Matters)
Privacy is not about being completely hidden. It's about choosing what you share and who you share it with. Bitcoin privacy is about reducing the unnecessary leaking of information to people you may have never met — your personal details, your finances, and how much Bitcoin you hold.
The reason this matters so much with Bitcoin comes down to two facts: it's public, and it's permanent. Anyone watching the chain can see which coins were spent, where they were sent, and which coins belong together. If you make a privacy mistake today, it can still be sitting on the blockchain years from now for someone to find. On-chain leaks don't expire — so even if privacy isn't a concern for you today, you're really protecting your future self.
I think of Bitcoin privacy as financial self-defense. Whoever controls the keys controls the Bitcoin, and transactions are irreversible. That makes Bitcoin attractive to thieves, hackers, scammers, and attackers. The fewer people who know you own Bitcoin, how much you hold, or how you store it, the fewer ways there are to target you.
One important point before we get into the pillars: privacy is a spectrum. Some people want nobody to know they own Bitcoin; others are happy to talk about it publicly. You don't have to follow every rule here. The aim is simply to make you aware of where you leak information, so you can decide consciously where you want to sit.
Pillar 1: Operational Privacy (Your Behavior)
Operational privacy is the privacy you control through your own behavior — what you say, what you do, and what you post online.
The simplest way to leak information is by talking too much. If you talk openly about how much Bitcoin you hold or how you store it, you invite interest from exactly the wrong people. And it isn't only what you say. If you're regularly at meetups and conferences with photos online, if you wear Bitcoin merch everywhere, cover your laptop in stickers, or drive around with a Bitcoin number plate, you're visually signaling that you're worth targeting. That includes physical attackers, not just online scammers and social engineers.
Simple Habits That Go a Long Way
A few practical habits make a real difference:
- Don't tell people how much you hold or how you store it. Never post balances or addresses online. The moment you link your real identity to an address in public — even once — that address is tied to you forever, and it can be traced both backwards and forwards.
- On forums like Twitter or Telegram, consider not using your real name or photo.
- When signing up for websites or mailing lists, avoid handing over your full name and phone number. Use a hide-my-email service — iCloud has one built in, and Proton offers the same. A fresh, random email for each signup keeps your real address private, so if a service is breached, your identity isn't exposed.
Ordering Hardware Safely
The same thinking applies to physical products. When you order a hardware wallet, metal backups, or a node, use a hide-my-email service and ship to somewhere other than your home, like a PO box. You don't want your name and home address sitting in a vendor's database.
We've seen exactly why this matters. The Ledger breach leaked the names and home addresses of hundreds of thousands of customers. Everyone in that leak was publicly outed as someone who owns a hardware wallet — handing attackers their identity, details, and where they live.
Pillar 2: Acquisition Privacy (How You Buy)
Acquisition privacy is about how you get your Bitcoin and what you reveal when you do. Some methods expose exactly who you are; others let you stay completely private.
Most people buy from regulated exchanges, and from a privacy standpoint that's about the worst option. Exchanges require KYC — "know your customer" — which means handing over your ID, home address, a selfie, sometimes your tax number and banking details. They also track your trades and your Bitcoin addresses, linking your entire on-chain footprint to your real identity.
Exchanges are expected to keep that private, but it all sits in a database that's a honeypot for attackers. These get breached regularly, and when one leaks, your name, your address, all your addresses, and your full transaction history end up in one place for an attacker to see.
More Private Ways to Buy
The good news is there are better options:
- Peer-to-peer exchanges where you trade directly with other bitcoiners without KYC.
- Earning Bitcoin by selling goods or services.
- Mining and having fresh coins sent straight to your wallet.
- A Bitcoin ATM for cash — just don't hand over your phone number.
- Cash trades with people in your community or at local meetups.
Any Bitcoin you acquire without handing over your ID or personal information is "no-KYC" Bitcoin. One key rule: keep coins from different sources in separate wallets or accounts. Your KYC coins should never touch your no-KYC coins, or you risk linking your private stack back to your identity.
Pillar 3: Network and Tool Privacy (Wallets, Nodes, and Browsing)
This pillar is about the tools you use and what each one reveals about you — your wallet, your node, and how you browse the web.
Your Wallet
The worst thing you can do is use a wallet that logs your addresses, transactions, and IP address. Far better to use open-source wallets that don't require your information and don't keep logs. Sparrow Wallet, for example, doesn't store logs about you, whereas some manufacturer wallets collect all sorts of information.
Your Node
Your wallet needs to connect to a Bitcoin node to know your transaction history and balances. If you don't run your own node, you're connecting to someone else's — and leaking your IP address, your addresses, your transaction history, and your entire balance to that third party.
The most private option is to run your own node and connect your wallets to it, so you're fetching everything from your own server instead of a stranger's. I run my own node on a Start9 server. You can build one from off-the-shelf parts or buy a ready-made device directly from Start9, which is what I did.
If you can't run a node yet, the next best thing is connecting to a server that doesn't keep logs. Sparrow, by default, connects to servers that claim not to log you. You still have to trust that claim, but it beats a wallet that openly logs your activity.
One more rule: never paste your public keys or addresses into third-party services. Drop a public key into a website and you've handed it a complete view of your wallet — every address and balance, past and future.
Your Browsing
Every time you visit a site or download software, you reveal information to that site and your internet provider. The site sees your IP address (and your rough location); your ISP sees every site you visit. When you're using Bitcoin websites or wallets, use a VPN where you can so you're not leaking your IP.
The same goes for block explorers like mempool.space. Look up a transaction or address there and you're handing over your IP plus an address you probably own. Self-hosting your own block explorer on a server like Start9 avoids this entirely — you search against your own node instead of a third party's. If you can't self-host and need to use a public explorer, always use Tor or a VPN.
Pillar 4: On-Chain Privacy (Your Blockchain Footprint)
On-chain privacy is the permanent footprint you leave on the blockchain itself every time you transact. It's a deep topic — worthy of its own dedicated breakdown — but here are the fundamentals.
Every transaction is a permanent public record. Anyone with an internet connection can follow your addresses and transactions to learn about you. Send Bitcoin to someone and they can trace your coins backwards; receive from someone and they can follow those coins forward. There are entire companies dedicated to surveilling the chain and tracing every transaction.
Avoid Address Reuse
The single most important thing you can do is never use the same address twice. If you've been reusing one address for everything, anyone with that address can see your entire financial history and full balance — and you leak that address every time you send or receive. This is the worst on-chain mistake you can make, and fixing it dramatically improves your privacy.
Understand the Common Ownership Heuristic
When you combine UTXOs (chunks of Bitcoin) in a single transaction, observers assume they all belong to the same owner. Say you receive coins from Bob into one address and from Alice into another. If you later spend both together, Bob and Alice can both see you owned both sets. This is the common ownership heuristic: multiple inputs in one transaction are assumed to share one owner.
This is why combining a no-KYC coin with a KYC coin in one transaction undoes the privacy of the no-KYC coin — you've just revealed they're both yours.
Segregate, Label, and Learn Coin Control
A few practices protect you here:
- Segregate wallets by use case — one for KYC Bitcoin, another for private coins, using separate accounts or separate wallets.
- Label every address with where the coins came from.
- Get familiar with coin control and UTXO management so you control exactly which coins are spent together.
Beyond the fundamentals, there are technologies like CoinJoin, PayJoin, silent payments, and reusable payment codes that take your privacy further.
Bringing the Four Pillars Together
Those are the four pillars of Bitcoin privacy: operational (what you reveal through your behavior), acquisition (what you give away when you buy), network and tool (what your wallet, node, and browsing reveal), and on-chain (the permanent footprint you leave forever).
You don't have to follow every rule to the letter. The point is awareness — once you know where you leak information, you can decide how private you want to be.
If you'd like help putting any of this into practice — whether that's setting up a hardware wallet, running your own node, or making your stack more private — I offer one-on-one consulting sessions where we work through it together. You can book a session here.