What does an A grade mean?

A = strong evidence + signup tested end-to-end in the last 12 months. No KYC at the tested volume. Onion mirror published when offered. Operator is responsive to corrections. B = mostly good but one notable caveat (e.g. KYC triggers on certain volumes). C = listed for completeness but we do not recommend it as a primary tool. D = retained for historical reference; do not use.

Does sponsorship buy a better grade?

No. Sponsorship moves placement (bubble-to-top within a category) and adds a SPONSORED chip. It never changes the grade, KYC tagging, or removal decisions. See the editorial firewall in /sponsor.

How often are entries re-verified?

At minimum yearly. Entries older than 18 months are downgraded by one letter until re-tested. A daily uptime probe of each canonical URL drives the live status badges; that is separate from grade.

How do you make money?

Affiliate links via /go/ , plus paid sponsorships. We do not add markups on aggregator quotes (kyc.rip itself). Affiliate status does not influence grade or position — disclosed via 1ST PARTY / AFFILIATE chips.

How do I submit a correction?

Use /submit (form) or DM @xbtoshi on Telegram. Every accepted edit lands in the public /audit log with the reason.

xmr.club ask search guides

← back home

How we curate

A directory only matters if its judgement matters. This page documents how we grade, tag, accept, reject, and remove listings. It's terse on purpose so it stays honest.

Grade rubric (A · B · C · D · F)

Grade	What it means	Examples
A	Strong privacy posture. Anonymous signup or audited no-logs. Operator track record. Active maintenance.	Mullvad · Proton Mail · Njalla · Monero protocol itself
B	Good privacy posture with one trade-off — light email at signup, smaller server fleet, less-audited claims.	IVPN · Wasabi · Tutanota
C	Usable but compromised — KYC at the payment edge, fork that hasn't stabilized, narrow feature set.	Windscribe · experimental CoinJoin forks
D	Listed for completeness or comparison only. Heavy KYC, weak privacy claims, or unproven operator.	(rarely listed)
F	Reserved for providers we have evidence have stolen funds, leaked customer data, or knowingly cooperated with mass deanonymization. Listed only as warnings.	(currently empty)

KYC tags (pick one per listing)

NO-KYC — no identity collected at any stage. Cash by mail counts. Crypto-only is necessary but not sufficient (still need no name/email).
ANON — anonymous account creation (account-ID or random handle) but optional KYC for some features.
LIGHT KYC — email required, no government ID. Throwaway-email-acceptable.
KYC — government ID, address proof, or selfie required. Listed for comparison, never recommended.

Feature tags (multi-select, not exclusive)

Free-combine labels that describe properties of the service. Used for the click-to-filter chips on category pages.

open_source · non_custodial · self_hosted · cli_supported
tor_mirror · i2p_mirror · xmr_native · lightning_native
atomic_swap · audited · port_forwarding · ram_only_servers

Verification cadence

Every listing carries last_verified. We re-test the signup + checkout flow on each entry at minimum once per year.
If a listing's last_verified is more than 18 months old we down-grade by one letter until re-verified.
Sponsorships do not extend the verification clock. A paid listing whose grade decays loses placement until re-graded.

Removal policy

Evidence of theft — funds taken from users that the operator can't credibly account for: immediate removal, kept as a public F-warning for 24 months.
Mass KYC overnight — operator pivots from no-KYC to required-KYC without grandfathering existing users: re-graded; usually drops from A to C/D.
Acquisition by hostile entity — sold to / merged into a compliance-heavy parent: re-reviewed; relisting depends on whether the privacy promises survive.
Dead links / unmaintained — removed from the listing, kept in the audit log.

Conflict-of-interest disclosure

The curator team operates other privacy / crypto products independently. When any of those products appear as listings in this directory, they carry the 1ST PARTY chip so the relationship is explicit.
Affiliate links earn us a commission via /go/<slug>. They do not change a listing's grade or position. Non-monetized listings sit alongside affiliated ones with no UI distinction.
Sponsorship moves a listing up the page and adds a SPONSORED chip. It does not influence grade or KYC tagging — see editorial firewall.

Worked example — how an A is decided

Real walkthrough of one A-grade listing. Most listings follow the same shape; failures usually mean step 2 (signup) or step 4 (withdrawal) didn't end cleanly.

Discovery → Operator (or community submission) pitches via /submit. Curator confirms the operator runs the service, not a re-seller.
Signup test → Real account created from a clean Tor session. No phone, no email tied to identity. Failure modes: signup form mandates SMS or government ID → automatic NO-KYC fail.
Deposit test → Small XMR (or BTC) deposit, often < $20. Curator confirms funds arrive at the address the UI provided and no extra KYC prompt fires after deposit (a known anti-pattern).
Withdrawal test → Funds withdrawn back to a fresh address. Curator notes turnaround time + any holds. Withdrawal-time KYC = immediate downgrade from A.
Posture review → Privacy policy + ToS read end-to-end. Operator track record cross-checked against /audit incident log + community sources (forums, X, prior incidents). Open-source bonus.
Grade lock → Curator records grade + chips + last_verified timestamp. Entry lands in /audit with a rationale.
Yearly re-test → Same flow repeated. If any step now fails (KYC creep, withdrawal blocked, posture deteriorated), grade is downgraded and the change is audit-logged.

A-grade does not mean perfect — it means we tested the user-visible privacy claim and it holds at retail volume. Higher amounts may trigger ad-hoc compliance review at any provider; this rubric does not extend to whale-volume use cases.

When A drops to B (real examples)

Email becomes mandatory. Operator adds "email required" at signup without warning. We move to LIGHT-KYC and demote one grade.
Sponsorship without disclosure. Operator is found to have paid for a placement chip and tried to suppress an unrelated grade discussion → immediate posture review, SPONSORED chip added, may also downgrade if integrity concerns are present.
Audit gap. Last_verified more than 18 months old — automatic downgrade by one letter until re-verified (regardless of operator activity).
Withdrawal hold. A user-confirmed withdrawal hold > 72h for legitimate flows → C-grade until process improves.

Glossary

Every chip, grade, and tag has a canonical definition. See the glossary (also /api/v1/glossary for the JSON version).

Corrections / disputes

If a listing is wrong — wrong grade, wrong tag, outdated price — DM @xbtoshi on Telegram with evidence. We log every change to the audit table; corrections show up in the public audit feed.