How to buy cryptocurrencies privately

To achieve financial freedom and sovereignty through cryptocurrencies it is imperative to be able to buy and sell cryptocurrencies without being seen. As nearly all centralized exchanges follow AML/KYC regulations (which violate our right to do so) we must take a different approach.

en 27 Dec 2019
Reading time: 3 minutes
Privacy
DISCLAIMER: There is no affiliation between me and any service I recommend. I do so solely because I use them and I am happy with their product.

Cash is the king

If you want to achieve true anonymity, you need to use cash. Cash is the king of anonymous transactions. This is also the reason why many countries put limits on cash transactions or require reports about them.

LocalBitcoins are no longer usable because they adapted KYC policy. The only other option I know about is to buy it from a friend or use an ATM. But be aware that:

  • ATMs have usually high fees (even like 6%).
  • Limits per transaction are low.
  • SMS verification is a norm, search for SMS online receivers in advance or just buy yourself a bunch of anonymous prepaid SIM cards (if it's allowed in your jurisdiction). Also services like Hushed may be helpful, but I have never used them.
  • Watch out for cameras and use the necessary equipment 😷 to protect your privacy.

Online transactions

It is nearly impossible to achieve full anonymity while trading fiat online. The reason is that digital fiat currencies are designed to be attributable. You always expose your identity to some degree because of that.

The highest level of privacy that I was able to achieve is by using (decentralized) peer-to-peer solutions.

Bisq.network

Bisq is my favorite choice. It's fully decentralized and because of that, it is very private and censorship-resistant. They became DAO and therefore there is no single point that you can force to comply with KYC or extract information about transactions from. Bisq is an amazing piece of technology and has also very good documentation and you can read more about the technology there.

The limit on privacy is that you are exposing your identity to the peer you are trading with. The list of known limitations and risks is available in documentation as well.

The most convenient way for me is to combine the Bisq with Revolut card as sending money is really quick.

To buy, it works like this:

  1. You take the order.
  2. Bisq creates a multisignature transaction in Bitcoin blockchain. Both you and seller are required to lock some deposit in this multisignature address to secure the transaction (if you fail to send fiat to the seller, you lose your deposit).
  3. After the Bitcoin network conformation, you send fiat to the seller.
  4. Seller confirms the reception and releases Bitcoins from the multisignature address into your wallet.

As both parties have significant (usually tens of percent of the trade volume) security deposits locked in the multisignature transaction there is a huge incentive to play fair and complete the trade.

There is also a dispute process for cases when one party fails to execute the trade.

The only problem I have is that those markets are small and the liquidity is simply not great. This results in the situation that the price in this market can be even 5% higher than on the centralized exchanges.


Trades in Bisq market

HodlHodl

HodlHodl is very similar to Bisq but it works as a browser page. It may be easier for many people to use as you don't need to run specialized software.

They do not need to follow KYC/AML regulations as they do not hold any funds. I have asked them for a technical explanation of how they achieve that:

The keys are generated in the front-end and are encrypted and stored in the back-end. So there is no way we can decrypt the keys without user entering payment password. That's why we say we are non-custodial. We can't get access to users private keys because they are generated by JavaScript in the browser, encrypted by JavaScript in the browser and the send to the back-end. Which is an optional step for convinience, but there is no way we can get an access to users private keys. This is also 100% verifiable. Anyone with some knowledge of how browsers work can open up broswers console and see what is been send to the back-end, that is to our server, and verify that only encrypted private keys been sent.

The downside of the HodlHodl is the fact that data are stored centrally. This creates a possibility that a 3rd party can have access to the data. Also, because of this centralization, the service can be shut down completely by some government agency. I see this as the price of having a convenient in-browser solution.

We store data for a certain amount of time, then we delete it.

It is therefore important to use Tor or VPN to hide your metadata.

Conclusion

Thanks to those services you can reclaim your financial privacy. You can avoid AML and KYC regulations as they are highly immoral in their very nature.

You shall not violate my privacy

Sources and further readings

Exhaustive guide about Bisq at Alza:

Updates

  • 10 Jan 2021 - Removed Lamium.io (discontinued) and Lightning at HodlHodl
Found typo? Fix me!