pull down to refresh

Ashigaru: Practical Privacy for Bitcoin Users

Disclaimer & DYOR
  • This post is educational and does not constitute legal, tax, or financial advice. Always check local laws on privacy tools and your exchange/bank policies.
  • You are responsible for your keys, backups, and the server you connect to. Ashigaru does not host a server for you nor collect your keys; if you use a third-party server, they can see your wallet activity. Always DYOR and prioritize your own Dojo.

What is Ashigaru and what is it for?

Ashigaru is an open-source mobile wallet focused on on-chain privacy. It was born as a fork of Samourai and keeps its focus on:
  • Coin Control (selecting/tagging/freezing UTXOs),
  • P2P Coinjoins (collaborative) and
  • Tor-based communication to reduce network leaks.
It also integrates BIP47/PayNym (reusable payment codes) to avoid address reuse when there is a frequent relationship between sender and receiver.
Recommended: connect your own Dojo and use Tor so that neither a third party nor your ISP can profile your history.

Personal Threat Model (map it before using the wallet)

  1. KYC Linkage: Do your sats come from a KYC exchange? That ties identity and “contaminates” your “public” UTXOs.
  2. Network/IP: Do you leak IP or user-agent to the coordinator/server? Always use Tor end-to-end.
  3. Chain Analysis: clustering via UTXO mixes, time horizons, and poorly handled change outputs.
  4. Device: Is there malware or insecure backups? The best policy breaks if the endpoint is compromised.
Write down 3 real scenarios (e.g., public donations, private savings, payment to a supplier) and note what data you don’t want leaked in each one.

Clean Flow: Coin Control, Labels, and Distance from “Public” UTXOs

1) Coin control as a rule (not an exception)

  • Clear labels: PUBLIC/KYC, PRIVATE, DONATIONS, PAYROLL, etc.
  • Freeze “public/KYC” UTXOs to prevent accidental mixing with private stacks.
  • Spend the minimum needed and avoid full “sweeps.”

2) Identity separation (circuits)

  • Keep separate circuits: UTXOs touched by KYC must not touch your private stack.
  • If you need to interact between circuits, use intermediate routes and different timings (avoid obvious temporal correlations).

3) Address reuse = NO

  • For recurring relationships, use BIP47/PayNym (each payment generates a new address without out-of-band coordination).

4) Change and timing

  • Do not send change back to the same identity you want to protect.
  • Temporally space sensitive operations (staggering) to misalign patterns.

Coinjoins and Integrations: What It Does and What It Doesn’t

What it does (well):
  • P2P Coinjoins (collaborative) to break blockchain observers’ heuristics.
  • Whirlpool/Terminal: dedicated client, Tor-only coordinator connections, modular deployment over Dojo.
  • Cahoots online (e.g., via QR/Soroban) for collaborative peer transactions.
Limits and realities:
  • Coordinator: there’s still a coordinating layer (non-custodial), and there has been recent debate on RSA blinding and linkage risks if the coordinator is malicious or misconfigured. Mitigations and updates are part of DYOR.
  • Not magic: if you later recombine mixed coins with “public” UTXOs, or spend with address reuse, you can undo your gained privacy.
  • Off-chain OPSEC (metadata, chats, screenshots, habits) also leaks; the wallet does not protect this.

Minimum Viable Procedure (step by step)

  1. Connect your Dojo (ideal) and verify all communication goes through Tor.
  2. Label map: mark KYC UTXOs as PUBLIC/KYC and freeze them; designate your stack as PRIVATE.
  3. Frequent relationships: set up PayNym and run a test transfer (testnet if possible).
  4. Initial Coinjoin (if it fits your model): enter with discrete amounts; manage change into an isolated circuit.
  5. Subsequent spends: use coin control to avoid mixing stacks. Space out timings and avoid repetitive patterns.

Checklist “Don’t Sabotage Your Privacy”

  • Are your “public” UTXOs labeled and frozen?
  • Do you have your own Dojo or rely on a third-party server? (conscious choice)
  • Did you go through Tor at all stages (wallet, coinjoin, server)?
  • Did you handle change and timing to avoid re-linking identities?
  • Did you document your threat model and review it quarterly?

Common Mistakes (and How to Avoid Them)

  • Mixing post-coinjoin coins with KYC UTXOs “to round up”: use coin control, no merges.
  • Reusing addresses with frequent contacts: use PayNym/BIP47.
  • Ignoring change: route change to another account/circuit and do not mix with the protected output.
  • Running in clearnet or third-party servers without understanding implications: always Tor + your own Dojo.


Closing

  • Action today: set up labels and coin control; define two “circuits” (PUBLIC/KYC vs PRIVATE), enable PayNym, and verify everything runs through Tor.
  • Question: how would you balance convenience and privacy in your daily flow (e.g., your own Dojo vs. third-party, coinjoin density, spending timings)?
Next: a playbook of Ashigaru “routines” for public donations, freelance payments, and private savings (with examples of coin control and change management).