Privacy tools without operational security are theatre. A perfectly shielded payment from a Tor-routed Aztec deposit, then bragged about on Twitter five minutes later, is a payment with a public confession attached. The wallet ships strong primitives; the discipline is on you.
Five rules to live by.
Rule 1: Don't reuse addresses across primitives
Your XRPL mnemonic derives keys at distinct paths for each chain and each privacy primitive. Your stealth-spending key (m/44'/60'/2'/0/0) is not your mainnet EVM key (m/44'/60'/0'/0/0) is not your Aztec spending key (m/44'/60'/3'/0/0). These are intentionally separate so an observer can't correlate one with the other.
Don't undo this by manually copying funds between them on-chain. If you withdraw from Aztec to L1, do it to a fresh receiving address — not your mainnet wallet. If you receive a stealth payment, don't immediately consolidate it with your other ETH.
Rule 2: Don't combine privacy with public action
The most common deanonymisation is self-deanonymisation. Someone shields ETH via Aztec, then mints an NFT signed by their public ENS-linked wallet five blocks later. Chain analytics correlate the gas, the timing, the round amounts. Now the shielded balance is linked to the public identity.
Privacy primitives should be used for private purposes. If you're doing anything public (NFT minting, governance voting, DEX swaps from your public wallet), keep the funds public.
Rule 3: Don't post about it
A surprising fraction of deanonymisations come from the user volunteering information: "Just shielded my 10 ETH for a year!" tweets, Discord screenshots, podcast appearances. The moment a public statement is correlatable to an on-chain event, the privacy is gone.
The wallet does not stop you from talking. It just expects you to know when to.
Rule 4: Mind the timing
Even strong privacy primitives don't hide timing. If you withdraw 9.7 DAI from Aztec at 14:23 UTC, and a public 9.7 DAI shows up at your ENS-linked address at 14:31 UTC, that's a 99% correlation. Most chain-analytics tools have automated detectors for this kind of pattern.
Two mitigations:
- Round amounts. Withdraw to a fresh address, then send round-number amounts in unrelated timing.
- Delay. The longer the gap between shielded and public action, the lower the timing-correlation signal.
Rule 5: Trust your transport
The wallet's HTTPS connection protects against passive observation but doesn't hide your IP address from us, your ISP, or the EVM RPC providers we talk to. If your threat model includes ISP-level adversaries (state actors, employer-imposed surveillance), use Tor or a VPN for the wallet session.
The wallet supports Tor; the dashboard has a "Tor-only mode" toggle that refuses to make any RPC call outside the Tor circuit. This is opt-in because it slows everything down significantly.
A self-check
Before you make a privacy-relevant move, ask yourself:
- Am I using a fresh address for this? (Or a stealth/shielded equivalent?)
- Am I about to do anything public in the next 24 hours that could correlate?
- Have I posted about this anywhere?
- Is the amount distinctive enough to correlate with timing?
- Is my IP address visible to entities I'm trying to hide from?
If any answer is "yes I'm undoing my own privacy", reconsider.
End of course
You now understand:
- The difference between pseudonymity (default) and privacy (these primitives)
- Threat-model tiers and which primitive maps to which tier
- The MiCA + Travel Rule landscape and what the wallet's compliance gating does
- The three primitives the wallet ships — stealth, Aztec, Penumbra — and when to use each
- OpSec discipline — your habits matter as much as the math
The exam is 28 of 35 questions, pass at 78%. After passing, privacy.101 unlocks the read surface for the privacy primitives. To actually send with them, you need privacy.301 (The Spectre) — the next-tier cert with deeper material and a higher pass bar.
Good luck.