Ashigaru: Practical Privacy for Bitcoin Users
Disclaimer & DYOR
- This post is educational and does not constitute legal, tax, or financial advice. Always check local laws on privacy tools and your exchange/bank policies.
- You are responsible for your keys, backups, and the server you connect to. Ashigaru does not host a server for you nor collect your keys; if you use a third-party server, they can see your wallet activity. Always DYOR and prioritize your own Dojo.
What is Ashigaru and what is it for?
Ashigaru is an open-source mobile wallet focused on on-chain privacy. It was born as a fork of Samourai and keeps its focus on:
- Coin Control (selecting/tagging/freezing UTXOs),
- P2P Coinjoins (collaborative) and
- Tor-based communication to reduce network leaks.
It also integrates BIP47/PayNym (reusable payment codes) to avoid address reuse when there is a frequent relationship between sender and receiver.
Recommended: connect your own Dojo and use Tor so that neither a third party nor your ISP can profile your history.
Personal Threat Model (map it before using the wallet)
- KYC Linkage: Do your sats come from a KYC exchange? That ties identity and “contaminates” your “public” UTXOs.
- Network/IP: Do you leak IP or user-agent to the coordinator/server? Always use Tor end-to-end.
- Chain Analysis: clustering via UTXO mixes, time horizons, and poorly handled change outputs.
- Device: Is there malware or insecure backups? The best policy breaks if the endpoint is compromised.
Write down 3 real scenarios (e.g., public donations, private savings, payment to a supplier) and note what data you don’t want leaked in each one.
Clean Flow: Coin Control, Labels, and Distance from “Public” UTXOs
1) Coin control as a rule (not an exception)
- Clear labels:
PUBLIC/KYC
,PRIVATE
,DONATIONS
,PAYROLL
, etc. - Freeze “public/KYC” UTXOs to prevent accidental mixing with private stacks.
- Spend the minimum needed and avoid full “sweeps.”
2) Identity separation (circuits)
- Keep separate circuits: UTXOs touched by KYC must not touch your private stack.
- If you need to interact between circuits, use intermediate routes and different timings (avoid obvious temporal correlations).
3) Address reuse = NO
- For recurring relationships, use BIP47/PayNym (each payment generates a new address without out-of-band coordination).
4) Change and timing
- Do not send change back to the same identity you want to protect.
- Temporally space sensitive operations (staggering) to misalign patterns.
Coinjoins and Integrations: What It Does and What It Doesn’t
What it does (well):
- P2P Coinjoins (collaborative) to break blockchain observers’ heuristics.
- Whirlpool/Terminal: dedicated client, Tor-only coordinator connections, modular deployment over Dojo.
- Cahoots online (e.g., via QR/Soroban) for collaborative peer transactions.
Limits and realities:
- Coordinator: there’s still a coordinating layer (non-custodial), and there has been recent debate on RSA blinding and linkage risks if the coordinator is malicious or misconfigured. Mitigations and updates are part of DYOR.
- Not magic: if you later recombine mixed coins with “public” UTXOs, or spend with address reuse, you can undo your gained privacy.
- Off-chain OPSEC (metadata, chats, screenshots, habits) also leaks; the wallet does not protect this.
Minimum Viable Procedure (step by step)
- Connect your Dojo (ideal) and verify all communication goes through Tor.
- Label map: mark KYC UTXOs as
PUBLIC/KYC
and freeze them; designate your stack asPRIVATE
. - Frequent relationships: set up PayNym and run a test transfer (testnet if possible).
- Initial Coinjoin (if it fits your model): enter with discrete amounts; manage change into an isolated circuit.
- Subsequent spends: use coin control to avoid mixing stacks. Space out timings and avoid repetitive patterns.
Checklist “Don’t Sabotage Your Privacy”
- Are your “public” UTXOs labeled and frozen?
- Do you have your own Dojo or rely on a third-party server? (conscious choice)
- Did you go through Tor at all stages (wallet, coinjoin, server)?
- Did you handle change and timing to avoid re-linking identities?
- Did you document your threat model and review it quarterly?
Common Mistakes (and How to Avoid Them)
- Mixing post-coinjoin coins with KYC UTXOs “to round up”: use coin control, no merges.
- Reusing addresses with frequent contacts: use PayNym/BIP47.
- Ignoring change: route change to another account/circuit and do not mix with the protected output.
- Running in clearnet or third-party servers without understanding implications: always Tor + your own Dojo.
Recommended Resources
- Official site (features): Ashigaru Wallet
- Docs & Dojo (installation/overview): Ashigaru Docs — Dojo
- Privacy Policy (keys and servers): Privacy Policy
- PayNym / BIP47 (how it works and why it avoids reuse): BIP47 Payment Codes
- Critical reading on Coordinators/CoinJoin (methods and risks): JoinMarket & CoinJoin Risks
Closing
- Action today: set up labels and coin control; define two “circuits” (
PUBLIC/KYC
vsPRIVATE
), enable PayNym, and verify everything runs through Tor. - Question: how would you balance convenience and privacy in your daily flow (e.g., your own Dojo vs. third-party, coinjoin density, spending timings)?
Next: a playbook of Ashigaru “routines” for public donations, freelance payments, and private savings (with examples of coin control and change management).