Privacy

Why It Matters

Every Bitcoin transaction is recorded on a public blockchain. If your identity gets linked to an address, your entire transaction history becomes visible — how much you have, where you spend, who pays you.

This isn't theoretical. KYC data from exchanges has leaked in multiple breaches (Ledger in 2020, Gemini in 2022), and chain analysis companies actively trace transactions. Exchange knows your identity + blockchain shows your transactions = your financial life is public.

Use a New Address Every Time

Never reuse a Bitcoin address. Your wallet generates a fresh receive address for every transaction automatically. Use it.

Address reuse lets anyone who paid you see all funds received at that address and where they went. Fresh addresses break this link.

Run Your Own Node

When you use someone else's Bitcoin node, they see which addresses you query and can link them to your IP. Running your own node means your wallet talks only to your own server.

Options for running a node at home:

• Umbrel — easiest setup, runs on a Raspberry Pi or old laptop
• Start9 — privacy-focused, runs Bitcoin Core + Electrs
• Bitcoin Core directly — most control, less user-friendly

Connect Sparrow to your own node via Electrs or Bitcoin Core's built-in wallet interface. This is the single biggest privacy upgrade available to you.

Use Tor or a VPN

Your IP address reveals your approximate location and identity to any service you connect to.

• Tor routes traffic through multiple relays, hiding your IP. Sparrow has built-in Tor support. COLDCARD doesn't need it — it's air-gapped.
• VPN hides your IP from the destination service, but the VPN provider sees your traffic. Better than nothing, worse than Tor.

Label Your Transactions

Tag every transaction and UTXO in your wallet app with context: "Bought on River 2026-01-15" or "Payment from client X." Labeling drives smart coin control decisions later.

If you received bitcoin from an exchange and from a private sale, spending them together links the two sources. Labels prevent that mistake.

Don't Talk About Your Holdings

Don't tell people how much bitcoin you own. Don't post about it on social media. Don't wear Bitcoin merchandise. Don't brag at meetups.

The best physical security is when nobody knows you have anything worth stealing.

Avoid Unnecessary KYC

Every exchange that verifies your identity creates a database linking your name, address, and government ID to your bitcoin purchases. These databases get hacked, subpoenaed, and sold.

When possible, acquire bitcoin without identity verification: peer-to-peer trading, earning bitcoin for work, mining. If you've already bought through KYC exchanges, the damage is done for those coins. Focus on privacy practices going forward.

Advanced: CoinJoin and PayJoin

CoinJoin mixes your transactions with others to break the chain of custody, making it much harder for observers to trace where your bitcoin came from or went.

PayJoin is a payment-time technique where both sender and receiver contribute inputs, making the transaction look normal while breaking analysis heuristics.

Both are advanced. Understand the basics first.