Privacy-Preserving Payment Methods

Financial privacy is not about concealment. It is about the basic principle that your economic life — what you buy, who you pay, how much you earn — should not be automatically legible to every intermediary, advertiser, data broker, and government agency that sits between you and the person on the other end of a transaction. This was, until recently, the default. Cash was the dominant payment method for centuries, and cash is private by design. We have drifted so far from that norm that the desire for financial privacy now requires justification, as though choosing not to broadcast your purchasing history were itself suspicious.

It is not. The right to transact without surveillance is the same right that Thoreau exercised when he chose which parts of the economic system to participate in and which to decline. We are not arguing for evasion. We are arguing for the sovereignty to conduct your financial life without creating a permanent, searchable, sellable record of every transaction you make. The distinction between privacy and secrecy matters, and we will maintain it throughout this article.

Cash: The Original Private Payment

Cash remains the most private payment method available. A physical transaction between two people leaves no digital trail, requires no intermediary, and generates no data for third parties to harvest. It is instant, final, and — critically — it works without electricity, internet connectivity, or technical knowledge.

Cash usage has been declining steadily across developed economies, driven by convenience, merchant preferences, and the shift toward digital commerce . Some jurisdictions have moved toward limiting cash transactions above certain thresholds — the European Union has proposed a cap on cash payments . These trends are real, and they represent a meaningful reduction in the default privacy that most people have enjoyed without thinking about it.

For local, in-person transactions, cash remains the proportional choice. It is simple, universally accepted, and private. The sovereignty-minded person carries cash not out of paranoia but out of the same preference that leads them to grow food in their garden — because some things work better when they do not require permission from a system you do not control. Use cash where you can. It is the low-technology foundation of financial privacy, and no protocol can improve on its simplicity.

Bitcoin and CoinJoin: Breaking the Chain

Bitcoin, despite its reputation in popular media, is not private by default. The Bitcoin blockchain is a public, permanent ledger. Every transaction is visible to anyone who cares to look, and blockchain analytics firms — Chainalysis, Elliptic, CipherTrace — have built sophisticated tools to trace the flow of funds across addresses, link addresses to identities, and provide this information to law enforcement and financial institutions.

CoinJoin is the primary privacy technique for Bitcoin users. In a CoinJoin transaction, multiple participants combine their inputs and outputs into a single transaction, making it significantly harder for an outside observer to determine which inputs correspond to which outputs. The result is a breaking of the transaction graph — the chain of custody that links your bitcoin to your identity becomes ambiguous.

Wasabi Wallet and JoinMarket are the two principal implementations . Wasabi provides a relatively user-friendly interface for automated CoinJoin transactions, while JoinMarket offers a more decentralized approach where market makers earn fees for providing liquidity to CoinJoin transactions. Both require some technical comfort. Neither is as simple as sending a standard Bitcoin transaction.

The privacy that CoinJoin provides is meaningful but not absolute. A determined analyst with sufficient resources can sometimes de-anonymize CoinJoin participants through timing analysis, amount correlation, or behavioral patterns. CoinJoin is best understood as raising the cost and difficulty of surveillance, not eliminating it entirely. For most purposes — protecting your transaction history from casual observation, data brokers, and automated analytics — it is sufficient. For adversarial conditions involving state-level resources and targeted investigation, additional measures may be warranted.

Lightning Network: Privacy Through Routing

The Lightning Network, discussed in detail in our earlier article on Lightning payments, provides a different kind of privacy. Lightning transactions are not recorded on the Bitcoin blockchain. Instead, they pass through a network of payment channels using onion routing — a technique borrowed from Tor — where each intermediate node in the payment path knows only the previous hop and the next hop, not the full route from sender to receiver.

This means that Lightning payments are significantly more private than on-chain Bitcoin transactions by default. The sender and receiver know each other (or at least their nodes), but intermediate routing nodes cannot determine the origin, destination, or amount of the payment. This is structural privacy, built into the protocol rather than added on top of it.

Lightning’s privacy has limitations. Channel opening and closing transactions are recorded on-chain, and these can reveal information about your Lightning activity to a sufficiently motivated observer. Large channels between known nodes can be analyzed for patterns. And custodial Lightning wallets — which are the easiest to use — route payments through the custodian’s node, giving the custodian full visibility into your transactions.

For everyday payment privacy, Lightning strikes a practical balance. It is more private than on-chain Bitcoin, easier to use than CoinJoin, and fast enough for point-of-sale transactions. If you are already using Lightning for payments (and our earlier article explains how), you are already benefiting from a meaningful layer of financial privacy.

Monero: Privacy by Default

Monero (XMR) is the most private cryptocurrency in active use. Unlike Bitcoin, where privacy is optional and requires additional tools, Monero builds privacy into every transaction through three complementary technologies: stealth addresses (each transaction creates a one-time address, preventing linkage between transactions), ring signatures (each transaction is signed by a group of possible signers, obscuring the true sender), and RingCT (Ring Confidential Transactions, which hide the transaction amount).

The practical result is that Monero transactions are opaque by default. An outside observer — including blockchain analytics firms — cannot determine the sender, receiver, or amount of a Monero transaction from the blockchain alone. This is a fundamentally different privacy model from Bitcoin’s, where transparency is the default and privacy requires effort.

This level of privacy has consequences. Monero has been delisted from multiple major exchanges in various jurisdictions. Binance delisted XMR in several European countries; other exchanges have followed . In Japan, privacy coins have been effectively banned from exchange trading since 2018 . In the United States and European Union, Monero remains legal to hold and use, but the shrinking number of exchanges willing to list it makes acquisition and liquidation more cumbersome.

The regulatory trajectory for Monero is concerning. The Financial Action Task Force (FATF) has recommended that member countries apply enhanced scrutiny to privacy coins, and several jurisdictions have acted on this recommendation . This does not make Monero illegal. It makes it less convenient, which — for a privacy tool — is a meaningful limitation.

Zcash: Optional Privacy

Zcash (ZEC) offers privacy through a different technical approach: zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge), a form of zero-knowledge cryptographic proof that allows the network to verify transactions without revealing the sender, receiver, or amount. In theory, this provides privacy comparable to Monero’s.

In practice, the story is more complicated. Zcash privacy is optional — users can choose between “transparent” transactions (which function like Bitcoin, visible on the blockchain) and “shielded” transactions (which use zk-SNARKs and are private). The overwhelming majority of Zcash transactions are transparent . When most transactions are transparent, the shielded ones stand out by their absence of visibility, potentially reducing the anonymity set and the practical privacy they provide.

Zcash is a sophisticated technical achievement that has not translated into widespread private use. For the sovereignty-minded person evaluating payment privacy tools, this matters. A privacy tool that most users do not use for privacy is less useful than one where privacy is the default behavior.

The Proportional Response

We do not recommend that everyone begin routing their entire financial life through Monero. That would be disproportionate for most people and impractical for many. The proportional response to financial surveillance matches the tool to the need.

For daily transactions where you prefer not to create a digital record, use cash. It is simple, legal, universally accepted, and perfectly private. There is no reason to overcomplicate this.

For Bitcoin transactions where you want to break the link between your identity and your on-chain activity, use CoinJoin through Wasabi Wallet or JoinMarket. This is appropriate for anyone who holds meaningful bitcoin and prefers not to have their entire transaction history legible to blockchain analytics firms. It adds friction. The friction is the point.

For payments where you want structural privacy without additional steps, use Lightning. If you are already using Lightning for its speed and low fees, you are already receiving meaningful payment privacy as a byproduct. This is the lowest-effort privacy improvement available to Bitcoin users.

For situations that warrant stronger privacy — and you will know what those situations are in your own life — Monero provides the most robust default privacy of any cryptocurrency. Acquiring and holding it is legal in most Western jurisdictions . Using it to evade tax obligations, launder money, or facilitate illegal activity is not legal, just as using cash for those purposes is not legal. The tool is neutral. The application determines the legality.

The Legal Landscape

Using privacy tools for financial transactions is legal in the United States, the European Union, the United Kingdom, and most other Western democracies . The right to financial privacy, while not explicitly enumerated in most constitutions, is generally recognized as an extension of broader privacy rights.

What is not legal is using privacy tools to evade specific legal obligations. The IRS requires reporting of cryptocurrency transactions regardless of which cryptocurrency is used. Anti-money laundering (AML) regulations apply to all value transfer, including private cryptocurrency transactions. Using CoinJoin, Monero, or any other privacy tool does not exempt you from these obligations. It is the difference between drawing your curtains (legal, normal, your right) and operating a methamphetamine lab behind drawn curtains (illegal, regardless of the curtains).

The Tornado Cash case has introduced new uncertainty into this landscape. In August 2022, the Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, an Ethereum-based mixing protocol, and one of its developers was subsequently arrested and charged . The implications of this action for other privacy tools — including CoinJoin implementations — remain unclear and are being actively litigated. This is an area where the law is evolving in real time, and claiming certainty would be dishonest.

Civil disobedience has limits. Know where the lines are. Thoreau went to jail for one night. Plan accordingly. The use of financial privacy tools is legal and appropriate for those who value the sovereignty of their economic lives. The use of those tools to circumvent specific legal obligations is a different matter entirely, and the consequences are real. Build your privacy practices on the solid ground of legality, and they will serve you well. Build them on evasion, and they will not protect you from what follows.

This article is part of the Alternative Rails & Payment Infrastructure series at SovereignCML.

Related reading: Building Your Payment Infrastructure Stack, The Unbanked Thesis: Does Crypto Actually Help?, Cross-Border Payments: The Sovereignty Case Study