Ashigaru: Practical Privacy for Bitcoin Users

Disclaimer & DYOR

This post is educational and does not constitute legal, tax, or financial advice. Always check local laws on privacy tools and your exchange/bank policies.

You are responsible for your keys, backups, and the server you connect to. Ashigaru does not host a server for you nor collect your keys; if you use a third-party server, they can see your wallet activity. Always DYOR and prioritize your own Dojo.

What is Ashigaru and what is it for?

Ashigaru is an open-source mobile wallet focused on on-chain privacy. It was born as a fork of Samourai and keeps its focus on:

Coin Control (selecting/tagging/freezing UTXOs),
P2P Coinjoins (collaborative) and
Tor-based communication to reduce network leaks.

It also integrates BIP47/PayNym (reusable payment codes) to avoid address reuse when there is a frequent relationship between sender and receiver.

Recommended: connect your own Dojo and use Tor so that neither a third party nor your ISP can profile your history.

Personal Threat Model (map it before using the wallet)

KYC Linkage: Do your sats come from a KYC exchange? That ties identity and “contaminates” your “public” UTXOs.
Network/IP: Do you leak IP or user-agent to the coordinator/server? Always use Tor end-to-end.
Chain Analysis: clustering via UTXO mixes, time horizons, and poorly handled change outputs.
Device: Is there malware or insecure backups? The best policy breaks if the endpoint is compromised.

Write down 3 real scenarios (e.g., public donations, private savings, payment to a supplier) and note what data you don’t want leaked in each one.

Clean Flow: Coin Control, Labels, and Distance from “Public” UTXOs

1) Coin control as a rule (not an exception)

Clear labels: PUBLIC/KYC, PRIVATE, DONATIONS, PAYROLL, etc.
Freeze “public/KYC” UTXOs to prevent accidental mixing with private stacks.
Spend the minimum needed and avoid full “sweeps.”

2) Identity separation (circuits)

Keep separate circuits: UTXOs touched by KYC must not touch your private stack.
If you need to interact between circuits, use intermediate routes and different timings (avoid obvious temporal correlations).

3) Address reuse = NO

For recurring relationships, use BIP47/PayNym (each payment generates a new address without out-of-band coordination).

4) Change and timing

Do not send change back to the same identity you want to protect.
Temporally space sensitive operations (staggering) to misalign patterns.

Coinjoins and Integrations: What It Does and What It Doesn’t

What it does (well):

P2P Coinjoins (collaborative) to break blockchain observers’ heuristics.
Whirlpool/Terminal: dedicated client, Tor-only coordinator connections, modular deployment over Dojo.
Cahoots online (e.g., via QR/Soroban) for collaborative peer transactions.

Limits and realities:

Coordinator: there’s still a coordinating layer (non-custodial), and there has been recent debate on RSA blinding and linkage risks if the coordinator is malicious or misconfigured. Mitigations and updates are part of DYOR.
Not magic: if you later recombine mixed coins with “public” UTXOs, or spend with address reuse, you can undo your gained privacy.
Off-chain OPSEC (metadata, chats, screenshots, habits) also leaks; the wallet does not protect this.

Minimum Viable Procedure (step by step)

Connect your Dojo (ideal) and verify all communication goes through Tor.
Label map: mark KYC UTXOs as PUBLIC/KYC and freeze them; designate your stack as PRIVATE.
Frequent relationships: set up PayNym and run a test transfer (testnet if possible).
Initial Coinjoin (if it fits your model): enter with discrete amounts; manage change into an isolated circuit.
Subsequent spends: use coin control to avoid mixing stacks. Space out timings and avoid repetitive patterns.

Checklist “Don’t Sabotage Your Privacy”

Are your “public” UTXOs labeled and frozen?
Do you have your own Dojo or rely on a third-party server? (conscious choice)
Did you go through Tor at all stages (wallet, coinjoin, server)?
Did you handle change and timing to avoid re-linking identities?
Did you document your threat model and review it quarterly?

Common Mistakes (and How to Avoid Them)

Mixing post-coinjoin coins with KYC UTXOs “to round up”: use coin control, no merges.
Reusing addresses with frequent contacts: use PayNym/BIP47.
Ignoring change: route change to another account/circuit and do not mix with the protected output.
Running in clearnet or third-party servers without understanding implications: always Tor + your own Dojo.

Recommended Resources

Official site (features): Ashigaru Wallet
Docs & Dojo (installation/overview): Ashigaru Docs — Dojo
Privacy Policy (keys and servers): Privacy Policy
PayNym / BIP47 (how it works and why it avoids reuse): BIP47 Payment Codes
Critical reading on Coordinators/CoinJoin (methods and risks): JoinMarket & CoinJoin Risks

Closing

Action today: set up labels and coin control; define two “circuits” (PUBLIC/KYC vs PRIVATE), enable PayNym, and verify everything runs through Tor.
Question: how would you balance convenience and privacy in your daily flow (e.g., your own Dojo vs. third-party, coinjoin density, spending timings)?

Next: a playbook of Ashigaru “routines” for public donations, freelance payments, and private savings (with examples of coin control and change management).