What does an A grade mean?

A = strong evidence + signup tested end-to-end in the last 12 months. No KYC at the tested volume. Onion mirror published when offered. Operator is responsive to corrections. B = mostly good but one notable caveat (e.g. KYC triggers on certain volumes). C = listed for completeness but we do not recommend it as a primary tool. D = retained for historical reference; do not use. A- / B- / C- (half-step grades) signal a listing that is one bar away from the next tier — used most often when the publishable surface looks strong but the service is too new for full tenure validation in high-loss-asymmetric categories (exchanges, casinos, custodial mixers).

Does sponsorship buy a better grade?

No. Sponsorship moves placement (bubble-to-top within a category) and adds a SPONSORED chip. It never changes the grade, KYC tagging, or removal decisions. See the editorial firewall in /sponsor.

How often are entries re-verified?

At minimum yearly. Entries older than 18 months are downgraded by one letter until re-tested. A daily uptime probe of each canonical URL drives the live status badges; that is separate from grade.

How do you make money?

Affiliate links via /go/ , plus paid sponsorships. We do not add markups on aggregator quotes (kyc.rip itself). Affiliate status does not influence grade or position — disclosed via 1ST PARTY / AFFILIATE chips.

How do I submit a correction?

Use /submit (form) or DM @xmrclub_bot on Telegram. Every accepted edit lands in the public /audit log with the reason.

Methodology · xmr.club

Grade rubricA · B · C · D · F

Grade	What it means	Examples
A	Strong privacy posture. Anonymous signup or audited no-logs. Operator track record. Active maintenance.	Mullvad · Proton Mail · Njalla
B	Good privacy posture with one trade-off — light email at signup, smaller server fleet, less-audited claims.	IVPN · Wasabi · Tutanota
C	Usable but compromised — KYC at the payment edge, fork that hasn't stabilized, narrow feature set.	Windscribe
D	Listed for completeness or comparison only. Heavy KYC, weak privacy claims, or unproven operator.	(rarely listed)
F	Reserved for providers we have evidence have stolen funds, leaked customer data, or knowingly cooperated with mass deanonymization. Listed only as warnings.	(currently empty)

KYC tagspick one per listing

NO-KYC — no identity collected at any stage. Cash by mail counts. Crypto-only is necessary but not sufficient.
ANON — anonymous account creation (account-ID or random handle) but optional KYC for some features.
LIGHT KYC — email required, no government ID. Throwaway-email-acceptable.
KYC — government ID, address proof, or selfie required. Listed for comparison, never recommended.

Feature tagsmulti-select, not exclusive

Free-combine labels that describe properties of the service. Used for the click-to-filter chips on category pages.

open_source · non_custodial · self_hosted · cli_supported
tor_mirror · i2p_mirror · xmr_native · lightning_native
atomic_swap · audited · port_forwarding · ram_only_servers
transparent_fees · hidden_fees

Fee transparency

We grade on transparency of fees, not on the absolute fee level. A 5% exchange that names the 5% upfront beats a 3% exchange that surfaces 1% in marketing and pockets the other 2% as silent spread.

transparent_fees — the quote shown before deposit equals what the user receives (minus destination-network fees, surfaced separately). No silent spread, no post-deposit slippage adjustment.
hidden_fees — the visible quote understates what the provider keeps. Typical patterns: spread baked into the rate, withdrawal markup beyond actual network cost, partner slippage absorbed and not refunded. Fails the transparent_fees test and auto-caps grade at C.

Third-party recourse

When a routing-style swap operator goes rogue, direct legal recourse is often impossible. Some operators post a guarantee with a peer directory (e.g. OrangeFren) — a pool of funds that pays users out if the operator misbehaves, up to a published amount.

Strongest single external trust signal a routing-style swap can carry. Listed on the provider record as data.guarantees.<peer>.{amount_usd, source_url}; available programmatically via /api/v1/guarantees.
Verify the amount on the peer's site before relying on it — pools can be drawn down by other claimants.

Wagering addendumcasinos + prediction markets

Casinos and prediction markets carry risks the rest of the directory doesn't: house-edge games can be rigged, and prediction-market resolutions can be disputed. We hold them to additional checks on top of the standard rubric.

For RNG / house-edge games (`/wagering/casinos`)

Provably-fair scheme — operator must publish the RNG construction (typically sha256(server_seed + client_seed + nonce) or equivalent) and let the user rotate their client seed. Reviewer verifies one bet end-to-end on-chain when applicable.
House edge disclosed — must be quoted per game type. We don't grade based on whether the edge is high or low, only whether it's documented.
Withdrawal cycle — curator funds, plays, withdraws. Withdrawal latency + on-chain confirmation logged. Any KYC trigger at this stage drops the listing's KYC tag immediately.
Custody disclosure — house-edge games are necessarily custodial during a session. We require the operator to state where deposits sit and what happens if the operator goes offline mid-bet.

For prediction markets (`/wagering/prediction-markets`)

Orderbook integrity — at least 24h of public order/trade history available via API.
Resolution oracle — how is market outcome determined? Crypto-pricefeed oracle (Hyperliquid, Pyth, Chainlink), human arbiter, multi-sig committee? Single point of failure flagged in caveats.
Dispute path — what recourse if a market resolves wrongly? Written, public, no-KYC.
Volume sanity — wash-trading is easy on thin books. We note total volume + unique trader count from public stats and flag if the ratio looks artificial.
Custody / settlement — when winnings credit and how. Same standards as the casino subcategory.

⚠ Gambling is restricted in some jurisdictions. Listing does not imply endorsement; verify your local law before participating.

Verification cadence

Every listing carries last_verified. We re-test the signup + checkout flow on each entry at minimum once per year. Live status: /freshness.
If a listing's last_verified is more than 18 months old we down-grade by one letter until re-verified.
Every listing also carries operating_since — the year the current operator has been continuously serving users. Operators with 5+ years (a full crypto cycle) get an implicit trust bump; fresh launches under 2 years are listed with extra caveats. Full ranking: /tenure.
Sponsorships do not extend the verification clock. A paid listing whose grade decays loses placement until re-graded.

Removal policy

Evidence of theft — funds taken from users that the operator can't credibly account for: immediate removal, kept as a public F-warning for 24 months.
Mass KYC overnight — operator pivots from no-KYC to required-KYC without grandfathering existing users: re-graded; usually drops from A to C/D.
Acquisition by hostile entity — sold to / merged into a compliance-heavy parent: re-reviewed; relisting depends on whether the privacy promises survive.
Dead links / unmaintained — removed from the listing, kept in the audit log.

Corrections + disputes

Spot a mistake? File via /submit or DM @xmrclub_bot. Every accepted correction lands in the public audit log with the reason. Disputes about grade or removal are documented; we don't quietly delete inconvenient context.

Conflict-of-interest disclosure

The curator team operates other privacy / crypto products. When any of those appear as listings here, they carry the CURATOR-BUILT chip so the relationship is explicit. Same rubric applies — see /transparency.
Affiliate links earn us a commission via /go/<slug>. They do not change a listing's grade or position.
Sponsorship moves a listing up the page and adds a SPONSORED chip. It does not influence grade or KYC tagging — see editorial firewall.

Worked examplehow an A is decided

Discovery — Operator or community submission via /submit. Curator confirms the operator runs the service, not a re-seller.
Signup test — Real account created from a clean Tor session. No phone, no email tied to identity. If signup demands SMS or government ID → automatic NO-KYC fail.
Deposit test — Small XMR or BTC deposit (often < $20). Funds must arrive at the address the UI provided and no extra KYC prompt fires after deposit.
Withdrawal test — Funds withdrawn to a fresh address. Withdrawal-time KYC = immediate downgrade from A.
Posture review — Privacy policy + ToS read end-to-end. Operator track record cross-checked against /audit + /incidents.
Grade lock — Curator records grade + chips + last_verified timestamp. Entry lands in /audit with a rationale.
Yearly re-test — Same flow repeated. If any step now fails, grade is downgraded and the change is audit-logged.