Privacy without paranoia — a gentle starter kit

Who this is for

• You hold some crypto and don't want the world's data brokers to have your wallet history.
• Your threat model is: ISP, employer, data-broker aggregators, occasional curious acquaintance.
• You're not (a) a journalist with sources to protect, (b) someone whose government considers you a threat, or (c) holding seven figures.

If any of those apply, this guide is too light — read threat models and step up to /stack.

The three habits (do these first)

1. Never reuse a wallet address publicly. Public donations / your X bio? Different from the one you use for receiving payroll. The cost is zero (subaddresses are free); the benefit is permanent.
2. Email-only accounts where possible. If a service offers signup with email-only (no phone, no ID), pick that. Use a throwaway-friendly email provider (see picks below). The result is no government-ID anchored to your crypto activity.
3. Don't post screenshots that contain anything you didn't intend to share. Wallet UIs leak balances, addresses, transaction history. Crop ruthlessly or take a fresh screenshot with no extra surface.

The four installs (do these next)

1. A no-KYC VPN. Cheap (~$5/mo), takes 10 minutes to set up, defends against your ISP + public WiFi. Don't pay annually until you've used it a month.
2. A non-custodial wallet. Skip the exchange wallet. Pick something from our wallet guide; for a casual user, Cake (mobile) or Feather (desktop) is fine.
3. A no-KYC email account. Skip Gmail for new privacy-relevant signups. Tuta / Proton accept signup without phone; both work fine for daily use.
4. A no-KYC swap path. Bookmark kyc.rip aggregator or SideShift. Once. The first time you need to swap without KYC, you'll be glad it's there.

What you don't need (yet)

• Tor for everything. Useful for specific privacy-critical flows, slow + suspicious-looking for daily browsing. Use the VPN for daily; step up to Tor when your threat model actually requires it.
• A hardware wallet for $200. The risk profile doesn't justify the cost + UX overhead. Use one when you're holding more than you'd be comfortable losing to malware.
• Multisig. If you're asking whether you need it, you don't yet.
• Your own Monero node. Awesome project, real ongoing cost. Vetted remote nodes (Cake's, Feather's defaults) work fine until you have a reason to upgrade.
• A no-KYC SIM. Only if you're signing up to phone-gated services. Most ordinary signups are email-only.

When to level up

Re-read this guide once a year. If any of these is now true, you're ready for the next tier:

• You publish under your name and would prefer your crypto activity not get tied to it.
• Your holdings cross five figures.
• You're in a jurisdiction that started criminalizing privacy-respecting tools recently.
• You had any kind of doxxing incident.

The next tier: /stack (the curator's actual setup) or /guides/privacy-threat-models (work backwards from the threat).

Picks for the starter kit

More guides