Private crypto, explained.

Privacy versus pseudonymity — the distinction that matters

The first confusion to clear up: most "crypto" is not private. It is pseudonymous, and those are very different properties.

Pseudonymity means your legal name is not attached to a wallet address, but the address itself is a stable identifier that is linked across every transaction you make. Every BTC, ETH, SOL, or ADA transaction you have ever done, or ever will do, is visible on a public blockchain, queryable by anyone, permanently, and clustered under the identifier of the address. If someone ever links your legal name to one of your addresses — through a KYC'd exchange deposit, a receipt you posted in a forum, a tip jar you shared with a friend — they retroactively link it to your entire history.

Privacy means the relationships — who sent, who received, how much — are cryptographically hidden at the protocol level. Even if an adversary learns your wallet identifier, they cannot derive the list of transactions you have sent or received, because the protocol does not publish them in a linkable form. This is a strictly stronger property than pseudonymity, and it is the property Monero and Zcash shielded transactions actually deliver.

Everything downstream follows from this distinction. A "privacy tip" for Bitcoin — use a new address, use CoinJoin, use Lightning — is work the user must do to approximate the property a protocol like Monero delivers by default.

The three cryptographic primitives behind privacy coins

Ring signatures (Monero)

A ring signature is a proof that one of a set of N possible signers made a signature, without revealing which one. In Monero, every spend is signed by a ring of 16 members — the real sender plus 15 decoys pulled from chain history. On-chain observers see only "one of these 16 outputs was spent." They cannot tell which.

Iteration has hardened this over time. Early Monero used ring size 4 (too easy to deanonymise); modern Monero mandates 16, with uniform sampling from recent output density to defeat statistical attacks. Combined with stealth addresses (every recipient receives at a one-time address derivable only by their view key) and RingCT (Pedersen commitments hide amounts), the result is that neither sender, nor recipient, nor amount is publicly visible on any on-chain transaction.

zk-SNARKs (Zcash shielded)

Zero-knowledge proofs let a prover convince a verifier that a statement is true without revealing any information beyond the statement. In Zcash shielded transactions, the statement is "this is a valid transaction that spends funds I own, creates valid outputs, and balances correctly" — and the proof reveals nothing about the sender, receiver, or amount.

The cryptographic guarantee is stronger than ring signatures: there is no ring to correlate. The trade-off is that most Zcash volume is still transparent (t-addresses, which behave like Bitcoin pseudonymity), not shielded (z-addresses). The anonymity set inside the shielded pool is therefore smaller than Monero's, because fewer users actually use it. Privacy is a numbers game, and adoption matters.

CoinJoin and mixing (Bitcoin, Dash)

CoinJoin is a cooperative spending protocol: many users combine their inputs and outputs into a single transaction such that observers cannot reliably link which input funded which output. Done properly, with enough peers and uniform denominations, it approximates the privacy of a ring signature. Done poorly (small peer count, non-uniform amounts, toxic timing) it leaks almost everything.

Bitcoin CoinJoin lived in Wasabi Wallet, Samourai Wallet (now shut down after founder arrests), and JoinMarket. Dash implements CoinJoin natively as "PrivateSend." Neither reaches the default privacy of Monero — in both cases it is opt-in and the user must understand the trade-offs to use it safely.

Monero in depth

Monero (XMR) is the coin you pick if you want meaningful privacy with the least user-side work. Key properties:

• Private by default. There is no transparent mode. Every transaction goes through the ring-signature + stealth-address + RingCT pipeline.
• Mandatory minimum ring size. Currently 16. You cannot accidentally publish a "transparent" transaction.
• View keys. You can voluntarily share a view key with a trusted party (auditor, tax preparer) without exposing the spend key. Optional, not default.
• Mature tooling. Monero GUI, Feather Wallet, Cake Wallet all ship with sensible defaults. Tor integration in Feather is one checkbox.
• Large anonymity set. Because privacy is default, every transaction contributes. The anonymity set approaches the total transaction volume.

Weaknesses worth knowing: the ledger is larger than Bitcoin's at equivalent block height because transactions are bigger (ring signatures + commitments). Running a full node wants ~175 GB of disk as of early 2026. Scanning keys on a remote node leaks view-key-derived metadata to the node operator — mitigate with local node or Tor. See the Monero acquisition guide for the operational specifics.

Zcash in depth

Zcash (ZEC) offers the strongest cryptographic privacy guarantee in shielded mode, via zk-SNARKs. Two critical caveats keep it below Monero as a default choice:

• Shielded is opt-in. The majority of Zcash volume flows through transparent (t-address) transactions that are as public as Bitcoin. The shielded anonymity set is meaningful but smaller than Monero's.
• Wallet support is weaker. Fewer wallets handle shielded properly, and some that claim to support shielded silently fall back to transparent on edge cases. Verify your wallet actually uses shielded by checking the address format (starts with z).
• Trusted setup ceremony. Early Zcash relied on a trusted setup — a multi-party ceremony where at least one participant had to destroy their toxic-waste share for the zk-SNARK parameters to be secure. Subsequent upgrades (Sapling, Orchard) improved this, but it remains a philosophical point for cryptographers.

Zcash is the right pick if you specifically need the zk-SNARK guarantee — for instance, a very large transaction where the ring-size anonymity set of Monero would not be enough, or a specific regulator-liaison context where Zcash's optional-privacy model is politically useful. For most users, most of the time, Monero is the better default.

Dash (PrivateSend) in depth

Dash (DASH) is a Bitcoin fork with CoinJoin-based mixing marketed as PrivateSend. Privacy is opt-in and the mixing depth is configurable (the default is 8 rounds; more rounds cost more time and fees, buy more privacy).

Weaknesses: masternode-based mixing means the mixing pool operators (masternode runners) have privileged position; active adversaries who run many masternodes can weaken the mix. The Dash anonymity set is smaller than Monero's. Dash is a reasonable "better than pseudonymity" option but is not in the same class as default-private Monero.

Other privacy-adjacent surfaces

Bitcoin Lightning

Payment-channel network that adds onion routing on top of Bitcoin. Lightning itself provides meaningful network-layer privacy for the payment leg (intermediate hops don't know the full path). On-chain opening and closing transactions are still visible, so Lightning privacy depends on how the channel was funded.

Wrapped privacy tokens (renBTC, wBTC, etc.)

These are ERC-20 wrappers for Bitcoin on Ethereum. They add no privacy; they add transparency, because Ethereum is transparent and the bridge endpoints are visible. Do not confuse "wrapped" with "mixed."

Smart-contract mixers (Tornado Cash)

Tornado Cash was sanctioned by OFAC in 2022. Funds that pass through it acquire on-chain taint from most regulated venues. Not a viable privacy solution in 2026. Alternatives exist (Railgun, Aztec) but inherit similar political risk.

Cross-chain atomic swaps (BTC ↔ XMR)

Projects like COMIT, Farcaster, and Haveno implement atomic swaps between BTC and XMR with no third-party custody at any step. Cryptographically elegant; operationally higher-friction than a routing swap. The right tool for very large or threat-model-critical trades.

Threat models: which tool for which job

Threat model A: "database breach in 2030"

You do nothing illegal but do not want your trading history attached to your legal identity the next time an exchange leaks. The tool is no-KYC swap — at NoKYCSwap, Trocador, ChangeNOW, or wherever — combined with fresh addresses. Monero routing optional but useful. Low effort, high leverage.

Threat model B: "targeted by chain analytics"

Someone (a private investigator, a civil-litigation adversary, an ex-partner with resources) is actively trying to map your on-chain activity. The tool is Monero routing at minimum. Break the transaction graph by routing everything of interest through XMR. Use the Monero guide and follow the opsec checklist.

Threat model C: "state-level adversary"

You are a dissident, journalist in a hostile regime, or otherwise on the radar of a nation-state. The tool is Monero + full local node + Tor + Tails + atomic swaps for any large hop. Assume your ISP is hostile. Assume your device might be seized. Use hardware wallets, store seeds on steel, do not trust single-vendor tooling. This is beyond the scope of a swap guide; Qubes + Whonix + paper wallets + physical opsec is the starting point.

Threat model D: "compliance without surveillance"

You are legitimately tax-compliant and just want the tax authority to verify your activity via a voluntary channel rather than via third-party reporting. Monero's view-key feature is purpose-built for this: you retain full privacy on-chain, and share a view key with your tax preparer or auditor as needed. Clean, auditable, under your control.

Practical opsec for each surface

Monero

• Fresh subaddress per inbound transaction.
• Local full node if disk allows; otherwise Feather over Tor.
• Never scan balances from a KYC'd browser session.
• Back up the 25-word seed on paper, two copies, two locations.
• Use a hardware wallet (Ledger with Monero app) for larger holdings.

Zcash shielded

• Verify your wallet actually uses z-addresses, not silent fallback to transparent.
• Move funds through a shielded pool at least twice to get a meaningful anonymity set.
• Do not mix shielded and transparent in the same wallet without understanding the privacy implications.

Bitcoin (privacy-maximal mode)

• Sparrow or Electrum with coin control. Never merge UTXOs of different provenance.
• Fresh receive address for every incoming transaction.
• Lightning for payments below a few thousand dollars.
• Consider a Monero hop (BTC → XMR → BTC) to break the graph when it matters.

Frequently asked questions

Further reading and action

• How to buy Monero without KYC — the canonical acquisition path.
• Monero coin page · Zcash coin page · Dash coin page
• BTC → XMR swap · ETH → XMR · USDT → XMR
• What is no-KYC crypto — the broader primer.