Bitcoin and Ethereum are pseudonymous, not private. Your address is a string of characters rather than your name — but every transaction is on a public ledger anyone can read forever. The instant your address is linked to your identity (by an exchange KYC, by you posting it in a tweet, by an analytics firm doing chain analysis), every transaction you've ever made becomes traceable to you.
Privacy is the property that an observer cannot link a transaction to you even with unlimited time and resources. Pseudonymity is the property that an observer cannot immediately link a transaction to you.
These are extremely different things.
The chain-analysis industry
Chainalysis, TRM Labs, Elliptic, and ~30 smaller firms exist specifically to de-anonymise pseudonymous chains. They cluster addresses by spending heuristics (common-input ownership, change-output detection), correlate transactions with off-chain events (exchange deposits, tweets, ENS registrations), and sell the resulting graph to law enforcement, exchanges, and lenders.
For most users on Bitcoin or Ethereum, your address graph is already partially de-anonymised. You may not know it, but a chain-analysis firm probably already has a 60-80% confidence guess about which addresses are yours.
What privacy buys you
When you use a privacy primitive (stealth address, zk-rollup, shielded chain), what an observer sees changes:
| Surface | Without privacy | With privacy (iter-H) |
|---|---|---|
| Sender address | Visible | Hidden / unlinkable |
| Recipient address | Visible | Hidden / unlinkable |
| Amount | Visible | Hidden (Aztec/Penumbra) or visible (stealth) |
| Timing | Visible | Visible |
| Asset type | Visible | Visible |
Notice that even the strongest privacy tools don't hide timing and asset type — these are emergent properties of the network. Multi-hop privacy (Tor for the transport layer + privacy primitive for the value layer + careful timing discipline) is the only way to defeat all four.
When privacy is the wrong tool
If your threat is just casual snooping (your nosy uncle, an ex looking at your wallet on Etherscan), a fresh address per relationship and a privacy-respecting block explorer is enough. You don't need zk proofs.
If your threat is regulatory non-compliance — using privacy to evade taxes or sanctions — the right answer is not stronger privacy, it's a different jurisdiction or a different business model. Privacy is not a get-out-of-jail-free card. The wallet's Travel Rule attestation system is designed precisely so users can use privacy tools while remaining defensible to BaFin and the BMF.
The wallet's stance
Gopnik treats privacy as a normal financial primitive — like savings accounts or wire transfers — that has compliance attached. We don't ship privacy tools as a way to evade reporting. We ship them because Article 70 of MiCA, paragraph 4, recognises self-hosted wallet privacy as a legitimate user right, and because financial privacy is foundational to a free society.
You should expect:
- Cert gate. Privacy primitives require privacy.301 cert. Without it, you can read but not send. The cert exists to make sure users understand what they're doing.
- Hard cap. €1000/day without the custody.301 compound cert. Above that, the regulatory bar gets higher.
- Travel Rule attestation. Every send collects an IVMS 101 attestation. The wallet signs the attestation; the regulator can verify it without trusting our DB.
- Audit trail. Every privacy event lands in the privacy_audit_log table. The wallet doesn't hide what you did from itself; we hide what you did from the network.
Next: who you're hiding from determines which tool you reach for.