Pseudonymous ≠ Anonymous

Bitcoin addresses aren't names — but they are identifiers.

Link an address to a person once, and every past and future transaction on that address becomes part of a permanent dossier. The rest of this talk is about understanding how — and what you can do about it.

The ledger never forgets

• Every transaction is broadcast to thousands of nodes worldwide.
• Every transaction is stored forever, by everyone.
• There is no takedown, no retraction, no expiration date.

What's public today is public in 50 years.

Your financial life, on display

What's at stake

Safety — easy to understand, hard to solve

The leak that links your identity to a Bitcoin address is usually off-chain:

• A tweet, a podcast, an NFT profile picture, a public donation address.
• A leaked exchange KYC database tying your ID to a withdrawal address.
• An IP address logged when you broadcast a transaction or queried your balance.

Once anyone links your identity to a balance, no on-chain tool can undo it:

• CoinJoin can't erase existing knowledge — the adversary already knows it's you.
• A fresh wallet doesn't help — your old coins are the target.
• Lightning doesn't help — a wrench doesn't care about channels.

Safety demands compartmentalisation at every layer: on-chain, off-chain, social, and physical. There is no tool that fixes it for you.

Freedom — censorship, direct and indirect

Direct censorship — a blacklist the rest of the world honours, applied based on who you are or what you've done:

• OFAC sanctions, 2022. Bitcoin addresses added to the U.S. Treasury list. Touch one — even via unsolicited dust — and every regulated exchange must refuse you.
• HonkHonkHodl, Canada 2022. RCMP circulated ~34 trucker-donation addresses to VASPs. Donors kept their coins, lost their cash-out.
• Wasabi / zkSNACKs, 2024. CoinJoin coordinator started refusing Chainalysis-flagged addresses. Privacy denied by a vendor's risk score.
• Silent risk-score propagation. Exchanges reject deposits based on coin lineage. No notice, no appeal.

Indirect (self-)censorship is the larger effect. Knowing you might be traced, you don't donate, don't tip, don't try the privacy tool. The chilling effect costs more freedom than the blacklist itself.

Fungibility — the property worth defending

Fungibility means every coin spends the same as any other, no questions asked about its past. It is what makes money money. Bitcoin gives us fungibility by design — but third parties keep trying to take it away.

• Chain-analysis firms sell the idea that some coins are "cleaner" than others, packaging history into a risk score.
• Exchanges and regulators use those scores to grade UTXOs — green-lighting some, quietly discounting others.
• Privacy tools get stigmatised: choosing to be private is reframed as choosing to be suspicious.
• The pressure falls on the small holder. Institutions negotiate carve-outs; the little guy with a flagged UTXO gets the frozen account — all in the name of public safety.

Fungibility is defended by behaviour, not by the protocol alone. Every fresh address, every CoinJoin, every refusal to grade coins keeps money equal for everyone.

Privacy failures are retroactive

The data you leak today can be deanonymised tomorrow.

• Better AI and heuristics keep improving — your old transactions are the training set.
• KYC databases keep leaking — each leak retroactively tags historical activity.
• Quantum computing and new cryptanalysis may break assumptions you relied on.

Privacy you don't need today is insurance for a future you can't predict.

Commercial surveillance firms

Chainalysis · Elliptic · TRM Labs · and a long tail of startups.

• Sell "chain analysis" dashboards to exchanges, banks, and governments.
• Business model: compliance theatre as a subscription service.
• Motive: profit — the more surveillance, the more seats sold.
• Customer list cuts both ways. They sell to democracies and diplomats — but also to dictators, sanctioned regimes, and (via leaks and resellers) organised crime.
• Accountability by NDA. Methods are "proprietary", contracts are sealed, error rates are trade secrets. The people they investigate have no way to audit, challenge, or even know.

State actors

Tax authorities · law enforcement · intelligence agencies

• Enforce capital controls and sanctions.
• Extract taxation; pursue unreported holdings.
• Map activists, journalists, and dissidents' financial networks.

Motive: control, revenue, and national security overreach.

Criminals & hackers

• Scrape the chain for high-balance addresses.
• Cross-reference with social media, leaked databases, and domain registrations.
• Target victims with phishing, SIM swaps, and physical extortion.

The "$5 wrench attack" is cheaper than breaking any cipher.

Data brokers & advertisers

• Fuse on-chain data with leaked KYC dumps and IP logs.
• Build financial profiles sold for marketing, credit scoring, and insurance.
• No consent, no oversight, no expiration.

Motive: monetising your financial fingerprint.

Future adversaries

• Better AI → patterns invisible today become obvious tomorrow.
• Quantum computing → threatens signature schemes and key derivation.
• Cheaper storage → every byte of today's chain is still analysable in 50 years.

You're not just hiding from who exists now — but from everyone who will.

Threat model at a glance

Common Input Ownership Heuristic

If several inputs are signed into the same transaction, assume one wallet owns them all.

One sloppy transaction can collapse dozens of addresses into a single identity cluster.
Fix: CoinJoin — spend from clean, separated outputs.

Change output detection

Of two outputs, which one is "change" coming back to the sender?

Non-round amounts, matching script types, and "optimal change" algorithms all betray which output came back home.

Address reuse

One address appearing in multiple transactions links every counterparty together.

A fresh address per payment is the cheapest privacy gain you'll ever get.

Transaction graph & taint tracking

Follow the coins forward and backward through the UTXO graph.

"Tainted" coins can be flagged, frozen, or rejected by exchanges — years after the fact.

Temporal & amount correlation

Match an external event to the on-chain record. Cryptography never has to break.

An invoice of 0.02173 BTC matched on-chain is identity leakage with zero cleverness required.
Fix: Lightning payments leave no on-chain amount or timing trace.

Peel chains

A large UTXO pays a small amount; the change becomes the next large UTXO, which pays again, and again…

The trail doesn't need a name attached — the pattern alone is enough to follow.
Fix: break the chain with a CoinJoin before the next spend.

Wallet fingerprinting

Different wallets build transactions differently. Those differences are signatures.

Analysts can often name the wallet software from a single transaction.
Fix: Taproot + a mainstream wallet makes you one of millions.

Network-layer surveillance

"Spy nodes" connect to as much of the P2P network as possible and log who first announced each transaction.

On-chain privacy means nothing if the network layer leaks your IP.

Cross-chain analysis

Atomic swaps and bridges don't break the trail — they just spread it across more ledgers.

More hops, more chains, same trail — and most swap services keep logs. Shapeshift's own FAQ admitted they logged the link between your addresses and your IP by design.

Shapeshift, in their own words

No account required ≠ private. “The only things logged… are the link between addresses… and standard IP logging.”

Machine learning classification

Every heuristic in this deck is being automated. Feed unlabelled transactions in; get predicted identities out.

Subset-sum analysis unmixes CoinJoins. Graph neural networks cluster wallets across millions of transactions at once.

The deanonymisation toolkit

These techniques compose. Each narrows the search; together they converge on identity.
Fix: CoinJoin makes clustering probabilistic, not certain.

Channel opens are on-chain events

Every Lightning channel starts with a funding transaction — visible, attributable, and datable.

A 2-of-2 multisig (or P2TR) output funded from a named cluster is an entry event: "this wallet just put 2 BTC into Lightning."

Nuance: public channels are announced in gossip within seconds. Private P2WSH channels are probabilistically flagged. Private Taproot channels look like any other P2TR spend — near-invisible until a force-close.

Channel closes reveal the final split

When a channel closes, the settlement transaction shows exactly how the balance ended up.

Observers learn the net change in your balance over the channel's life (income, spending, fees, and routing all fold into the settlement) — and force-closes leak even more (pending HTLCs, script templates).

The gossip network: a public map

Public Lightning channels are broadcast to every node — capacity, endpoints, fee policies, and often IP addresses.

Your node_id, your channel sizes, your peers — all queryable. Run over Tor, or your IP joins the map too.

Channel balance probing

An attacker sends deliberately-failing payments of varying sizes and watches where they bounce.

Binary search converges fast. Repeated over time, it reveals how much you spent and when — without ever completing a payment.

Invoices pin the destination

A classic BOLT 11 invoice embeds the recipient's node_id. The payer always knows who they paid.

Private channels used as route hints are semi-public: the moment you accept a payment through one, the payer learns it exists.

CoinJoin → Lightning

The strongest practical stack: break the graph with CoinJoin, then move off-chain into a channel.

Sender wins: source hidden, spending off-chain, no amount/timing correlation, no "clean coin" tax at the merchant.

Receiver wins: even if a sender learns your node_id (previous slide), the channel's funding tx dead-ends at a CoinJoin — they can't walk the chain back to your KYC identity.

Nuances: a mixed UTXO flowing straight into a channel-open is a behavioural fingerprint (few users do this). Use Taproot channels, private, over Tor — and assume the channel-open itself is visible.

Custodians & LSPs see everything

If your wallet runs on someone else's node, they see what a chain analyst can only dream of.

Wallet of Satoshi, Strike, LNbits-hosted, and most "it just works" Lightning apps are full-visibility observers.

Nuance: even custodial wallets preserve sender privacy against merchants — the custodian sees everything, but the recipient learns nothing about who sent the payment.

Splicing: ambiguity, not transparency

Splicing edits an open channel in place. On-chain, every splice is visible — but who initiated it and why is ambiguous.

Bad pattern: repeatedly splicing in from the same wallet — that's address reuse in disguise and collapses back to peel-chain linking.

Good pattern: rotate sources (fresh CoinJoin outputs, separate wallets), accept counterparty-funded splices as free noise, vary amounts and timing, and never close — keep the intra-channel balance permanently hidden.

Threat-model first

You can't defend against everything. Start by naming who you're trying to be private from.

Most people need to beat the first two, not the third. Aim for proportional privacy — not paranoid.

Principles of hygiene

The cheap wins — things that cost nothing and help against every adversary.

• Minimum viable linkage. Never link more than the transaction requires.
• Fresh addresses always. One address, one payment. No exceptions.
• Know what each UTXO knows. If you can't remember where a coin came from, assume your adversary can.
• Assume public. Every on-chain action is visible forever unless you've actively done something to hide it.

None of these require new tools — just new habits. This is Tier 1, and it's free.

Labelling & coin control

Your wallet shows balances. A privacy-aware wallet shows stories.

If you can't answer "what does this coin know about me?" before you spend it, the answer is "more than you wanted."

Sparrow, Wasabi, BlueWallet and others support labels and coin control. Use them.

Selective consolidation

Combining UTXOs is how wallets fingerprint you. But sometimes you have to — do it within a story, never across.

Consolidation is fine — but it's a one-way operation. Every merge locks stories together permanently.

Nyms — identity compartments

Instead of one "you" on the chain, maintain several. Each nym has its own wallet, its own coins, and its own story.

A blacklist can only target a named identity. Compartments don't make you invisible — they make the target smaller.

CoinJoin: what it actually does

Many people pool inputs into one transaction with equal-value outputs. Afterwards, no observer can say which output belongs to which input.

CoinJoin breaks the graph probabilistically. Bigger pools, consistent denominations, and diverse counterparties matter more than fancy tooling.

"Can I CoinJoin 10 chunks then combine 3 BTC for one payment?" Yes — that's the intended use. Just don't merge with non-mixed coins on the way.

CoinJoin rounds: diminishing returns

Each round adds some uncertainty — but the curve flattens fast. Pool size matters more than round count.

Round 1 gives you most of the win. Rounds 2–3 polish it. Round 20 in a tiny pool gives less than round 1 in a big one.

PayJoin — the invisible privacy tool

The recipient contributes an input to your payment. The result looks like any other transaction — but breaks the common-input heuristic at the source.

PayJoin transactions look identical to normal ones. Surveillance tools actively mis-cluster them — poisoning the wider graph, for free.

Silent Payments (BIP 352)

Publish one static identifier. Every payer derives a unique, unlinkable address to pay you — no coordination, no reuse.

No linkable invoice. No address reuse. No on-chain cluster to grow. Receive publicly and privately at the same time.

Network layer — don't leak from your pipes

If your transactions escape through your home IP and a stranger's server, nothing above matters.

What no tool fixes

The most dangerous leaks aren't on the chain at all.

• The tweet. "Just received payment 🎉" with a screenshot of the amount.
• The KYC photo. Once an exchange knows your face, no mixer unknows it.
• The retroactive leak. Perfect privacy today doesn't undo yesterday's reused address.
• The physical threat. The wrench attack doesn't care about your anonset.
• The nym that slipped. One cross-post is all it takes to merge two compartments.

Behaviour beats tooling here. The defence is discipline, not software.

The ladder — find your rung

You don't need to do everything. You need to do the next thing.

Pick the rung above yours. Climb one. That's the win.

Start tonight: know your exposure

The most useful thing you can do right now is see what a stranger already sees.

• Pick one Bitcoin address you've used. Any one.
• Over Tor Browser, paste it into mempool.space (or any block explorer).
• Read the story a stranger would read: balances, counterparties, timing, clusters.
• Ask yourself: what does this reveal about me that I didn't mean to share?

It takes more than a minute, but it makes the whole thing real — and it's the cheapest Tier-1 upgrade you'll ever get.

Privacy is a herd property

You're not just defending yourself. You're defending everyone who needs privacy more than you do.

• Every careless transaction makes the next one harder — for you and for everyone.
• Every CoinJoin you join makes every other participant's anonset bigger.
• Every PayJoin you send poisons the surveillance graph for the whole network.
• Every Silent Payment you receive starves the address-reuse heuristic.
• Every nym you keep separate proves compartmentalisation works.

Fungibility is defended by behaviour — by yours.