Guides

KYC explained, why it matters for privacy, and what "no-KYC" actually means in practice for crypto services in 2026.

The 80/20 of crypto privacy for ordinary users. Three habits and four installs that defend against the threats most people actually face, without the operational cost of full opsec.

Quick tour of the surfaces a returning user actually wants: /ask, /stack, /picks, /tag/<slug>, /compare, /freshness, /audit, the JSON + markdown twins. The shortcuts that make the directory useful in 30 seconds.

Six common threat models from "casual ISP / employer" to "state-level adversary", and which xmr.club stack actually addresses each. Avoid the most common mistake: over-buying for a problem you don't have, or under-buying for one you do.

Step-by-step: swap any coin into native Monero without ID, email or signup. No-KYC routes vetted against the xmr.club rubric.

The seven-step checklist xmr.club curators run on every listing — privacy posture, operator track record, KYC flow tests, withdrawal tests, audit + license review. Apply it to anything we don't cover yet.

Browser hardening, onion vs clearnet trade-offs, wallet+Tor configuration, and the pitfalls (JS, fingerprinting, exit-node bias) that break the privacy you came for.

Short list of VPNs that take crypto, accept anonymous signup, and don't make you flash ID. Picks from the xmr.club rubric.

Three independent ways to confirm an onion address actually belongs to the operator — Onion-Location header, signed key fingerprint, and direct PGP-attested links.

Mobile, desktop, or hardware? Hot vs cold, view-key vs full custody. The decision tree + xmr.club picks for each path.

GPG signature check, hash verification, reproducible builds — the standard procedures for confirming a wallet download is what the project signed, not what an attacker swapped in.

Subaddresses per payee, view-key disclosure trade-offs, integrated addresses, and the receive-side mistakes that link your payments together on chain.

Paper wallets, view-only wallets, hardware wallets, multisig. Which is right for which threat model + amount, and the mistakes that quietly drain you a year later.

Why a personal node is the upgrade most XMR users skip, what hardware/bandwidth it needs, and the bootstrap, sync, and remote-access setup — including a Tor hidden service.

Set up a .onion address for your website, wiki, or app — torrc config, hostname rotation, vanity addresses, and the operational pitfalls (clock skew, leaking real-IP via headers, descriptor uptime) that quietly de-anonymize hidden services.

Cluster, taint, and dust attacks rely on a continuous chain from your address to a known cluster. Five techniques to break that — XMR detour, coin-control, CoinJoin, swap-engine isolation, hop-spacing — with the operational caveats most guides skip.

Stablecoins (USDT, USDC, DAI) are convenient but every issuer can freeze your address. The privacy-respecting swap routes, the freeze-risk profile per coin, and when an XMR detour makes sense.

Three privacy-respecting paths out of USDT: native XMR exit, fiat P2P, and prepaid-card spend. The freeze-risk profile, the chain-link breaks, and the operational order that survives the most-common analysis patterns.

Buying a Visa/Mastercard prepaid card without ID, paying in XMR/BTC. Single-use virtual vs reloadable physical, what each one costs, and the picks.

Most account signups demand a phone number. The legal grey zone of rentable SMS, eSIM, and VoIP — what works for which use case, and the trade-offs.

Lightning is fast and cheap but defaults route through KYC custodians. The no-KYC stack: non-custodial wallet, LSP choice, channel hygiene, and the XMR↔LN bridges that keep onchain identity off your route.