KYCnot.me Blog

Making reviews harder to game

pluja — Thu, 07 May 2026 12:00:00 GMT

User feedback on KYCnot.me matters. Admin checks help, but users often see things first: frozen funds, surprise KYC, bad support, strange terms, good experiences too. That feedback is useful, and I want to keep it visible.

Reviews are also easy to abuse. Review sites are gamed all the time. Fake praise, fake complaints, brigades, angry customers, paid comments, competitor attacks, and service owners defending themselves all get mixed together.

This is hard to handle fairly. Users should be able to warn others. Services should not get damaged by throwaway accounts or vague claims. With anonymous accounts, there is no perfect answer.

Creating an account on KYCnot.me takes almost no effort. That is intentional. We don't want email verification, phone numbers, or anything that turns a privacy site into another identity gate. But easy accounts have a cost. Over time we have seen people create accounts only to push a service, bury a complaint, attack a competitor, or win an argument in the comments.

So we changed how reviews and ratings work.

What changed

User ratings are now trust weighted. A five star review from a long-time active user should not count the same as a five star review from an account created a few minutes ago with a single comment.

Reviews from established users count more. Verified reviews and reviews with approved proof of usage count more too. New accounts, low activity accounts, suspicious comments, and service-affiliated accounts have less influence. Some ratings, like spam comments, do not count at all.

A weak or disabled rating does not always mean the comment is useless. Sometimes it means the claim is hard to verify, sometimes the user is new, sometimes the account is related to the service. Readers can still look at the comment and decide what to do with it. Each review shows its rating weight next to the stars.

The user rating should be harder to manipulate than the comment section. User scores do not affect the main service score. The main score still comes from KYCnot.me service attributes and checks. User reviews are useful context, but they are too easy to game to affect the service score.

One user, one active rating

People can post more than one review for the same service. That is normal, since you might use a service again months later and have a different experience.

Only one rating per user counts toward the score. The latest approved review is the one that counts. Older reviews remain visible, but their star rating is disabled.

The comment section also has better sorting now. Newest remains the default. You can also sort by Upvoted, Lowest, Highest, or Trusted. Upvoted appears only when comments have upvotes. Trusted sorts by review trust weight.

User badges now add simple context too. New account means the account was created recently. Single review means the user has only made that comment. Active user and Trusted user are based on account activity.

New account limits

New accounts can reply to other comments right away, but they need to wait before posting a new review. For urgent reports, contact us directly.

This is a small delay, currently 24 hours, but I may reduce or increase it in the future. It is not meant to punish real users. It is there because throwaway accounts were being used too easily and too often. If someone wants to create many accounts, drop ratings, and disappear, waiting 24 hours adds some friction.

Replies stay open because they are lower impact. A reply does not create a new service review or change the rating by itself.

Private proof

Users can add an order ID or other short text-based private proof when posting a review. Admins can see it, the public cannot.

For now this is still simple text. If the proof looks valid, the review gets more weight and a Verified customer badge. If it does not, the comment can still be judged on its public content.

Approved proof does not make the review officially verified by KYCnot.me. It means the private proof was accepted for that comment.

Moderation rules

Comments should help other users understand the service. First-hand experiences are best. Questions, corrections, and useful replies are welcome.

We reject spam, fake reviews, doxxing, threats, illegal content, clear AI-generated text, unrelated content, and personal fights that do not help anyone.

A fake review is not always easy to prove, so here is what I mean by it. A review is fake, or at least not reliable enough to affect the score, when it looks like the user did not actually use the service, when the same story is posted by several new accounts, when it reads like advertising, when it attacks a competitor without details, or when the account is clearly related to the service and does not say so.

We cannot always prove intent. That is why moderation has two levels. If the comment is useless or abusive, we reject it. If the comment might still be useful but the rating is weak, unclear, affiliated, or easy to game, we can leave the comment visible and disable only the star rating.

Ratings have an extra rule: the star rating should reflect your own experience with the service. A rating may be disabled if the review is vague, not based on first-hand use, mostly about drama, posted from an affiliated account, or made to manipulate the score.

Why this is better

The old system treated all accepted ratings too equally. That was too easy to game.

The new system keeps comments readable, shows more context, and makes the final user rating less fragile. A single new account should not be able to move a score much. A handful of throwaway accounts should not decide whether a service looks safe.

This is also why the user rating is separate from the main service score. Reviews can reveal real problems fast, but they are also the easiest part of the site to manipulate. They should inform readers, not quietly rewrite the service score.

I also hope these rules encourage users to keep their accounts and write useful reviews from the same account. Creating fresh accounts to add a single comment is now less useful.

This will not catch everything. Human moderation still matters. Users still need to read the comments and do their own research. But the score is now less naive. That is the goal.

These rules apply from now on. Older reviews will stay as they are unless a moderator reviews them later.

Compare no-KYC crypto swap rates on KYCnot.me

pluja — Sat, 25 Apr 2026 12:00:00 GMT

A lot of you have asked for this, and it makes sense: when you're picking a no-KYC exchange, the rate still matters.

KYCnot.me already collects the context that matters around services: KYC level, score, policies, ToS highlights, ratings, and verification history. Adding a rate comparison page on top of that felt like the natural next step. It's just another way to explore the listings.

The swap comparison page is now live at kycnot.me/swap.

It's launching in beta, and I'll keep improving it based on how people use it.

How it works

For the aggregation layer, we partnered with OrangeFren. They've been in this space for years, and plugging into their infrastructure made more sense than trying to turn KYCnot.me into a full-time aggregator project.

OrangeFren provides the live rate data. KYCnot.me adds the trust context that already exists on the site.

Why add this now?

The line between directories, aggregators, reviews, and comparison tools keeps getting blurrier, and users expect these things to work together.

I still want KYCnot.me focused on what it does best: the directory. So rather than building and maintaining dozens of provider integrations myself, I partnered to build this as a feature on top of the existing site.

What's next

The swap page is live and running. From here, expect improvements. If you spot something off or want to request a feature, send feedback here.

Transparency

The comparison feature is powered by a partnership with OrangeFren, limited strictly to the swap page. The rest of KYCnot.me works exactly as it always has. As always, the code is open source.

Avoid scams and frozen funds in crypto services

pluja — Sun, 15 Jun 2025 12:04:47 GMT

Jump straight to the rules

Getting services and paying with cryptocurrencies comes with some risks that every user must understand. However, there are some simple steps you can take to reduce them.

The risks

Transactions are Irreversible

Cryptocurrency transactions are final and irreversible. Once you hit send, there's no chargeback option, no bank to call, and no dispute resolution (unless the recipient voluntarily returns your funds). This creates opportunities for bad actors to exploit.

Shotgun KYC

One of the most predatory practices in the crypto space is Shotgun KYC (classified as a warning attribute here on KYCnot.me). Here's how it typically unfolds:

You send your cryptocurrency to a service
After receiving your funds, they suddenly claim your coins are "dirty" or flagged
They hold your funds hostage, demanding extensive documentation
Even after compliance, they may continue requesting more information indefinitely until you can't no longer provide what they are requesting
Your funds remain frozen with no guarantee of release

Transaction Scanning

Most crypto services use blockchain analysis to scan your coins' transaction history, assigning risk scores based on past associations. A low score doesn't mean you did anything wrong, you could have unknowingly received "tainted" coins from a simple P2P trade, inheriting a history that wasn't your fault.

Other Concerns

Limited Support: Many services operate with very small teams or even just a single person, offering minimal customer service. Even established services may ignore customer complaints or disputes.
Exit Scams: A service that was apparently trustworthy and processing orders can disappear overnight, taking users' funds with them.
No Regulatory Recourse: Very limited legal protections compared to traditional financial services

The rules

Rule #1: Batch Your Amounts

Avoid sending a large amount in a single transaction, instead, divide your trades into smaller batches. If something goes wrong with one batch, you haven't lost everything. Always remember that crypto transactions are final and irreversible.

Some services scam users selectively: they process smaller transactions normally to build trust, then freeze larger amounts when they detect high-value transfers.

Yes, batching means paying more fees, but it's almost always worth paying the extra rather than losing your entire amount to a scam or frozen trade.

A surprising number of people report losing significant funds in a single, large transaction. Start small, build confidence through successful transactions, and always maintain reasonable batch sizes even with "trusted" services.

Rule #2: Record Everything

When problems arise, services tend to mysteriously "lose" records, delete order pages, or even deny entire conversations. Keeping good records become very valuable against fraud and negligence.

Take screenshots and save them until you are satisfied with the service:

Ensure timestamps are visible when possible
Capture full pages, not just portions
Make sure the URL is always visible

You can also use websites like archive.is to take snapshots of each step of the process, or use the Single File browser extension to snapshot the entire site in a single html file. This extension will preserve exact page appearance, includes all embedded content and is easy to share and store. For email conversations, exporting the raw .eml file is best, as it retains all the original headers and metadata.

Make sure to keep all the blockchain evidence, such as transaction IDs and wallet addresses.

Remember: If it's not documented, it didn't happen in the eyes of dispute resolution. Make documentation a habit. This will grant you evidence for contacting support if there was an issue, and in the event of being scammed, effectively reporting the scam to the community.

Rule #3: Do Your Own Research

A quick investigation before operating with a service can save you from costly mistakes and frozen funds.

For service reviews, a starting point can be the KYCnot.me directory or our in-depth blog reviews like WizardSwap, Swapter, or Silent.link. It's also wise to check popular forums like BitcoinTalk, TrustPilot, or Reddit. To search on specific sites, you can use site keyword on any search engine, for example, this shows all mentions of "Bisq" on BitcoinTalk.

If you are about to use a service without existing reviews, you're taking a risk, but you could help others by documenting it. Write a detailed review and add supporting evidence to increase your credibility. Your feedback will help building a knowledge base that protects the community from bad actors and unreliable services. Leaving reviews on KYCnot.me is very easy and does not require any personal data.

Spend at least five minutes researching any new service before sending funds. This small time investment can reveal crucial information about reliability, processing times, and potential issues.

Rule #4: Ask for AML Checks

Most services will offer you a free AML score check before sending your funds, but they rarely advertise this. If you're dealing with a service known for freezing funds, requesting a pre-transaction AML check can save you from having your cryptocurrency held hostage.

Simply contact the service's support before sending any funds and explain your situation:

"I'd like to use your service but want to avoid KYC. Can you perform an AML check on my transaction before I send the funds?"

This check should always be free, if they ask for payment, consider it a red flag.

Never send funds to a third party to get an AML check. To prepare for the check, it's best to consolidate the funds into a single address in your own wallet. Then, you only need to share that public address for the analysis. Your funds should never leave your possession.

DIY AML Checking Options

You can also run these checks yourself using services like AMLBot (paid service) or the free AML scanners available in Blockchair's dApps section. These tools analyze your transaction history and provide risk scores based on various algorithms.

However, different AML services use different algorithms and metrics, so you might get varying risk scores for the same transaction. As you see in the image above, one service would flag your coins as medium-risk while another considers them clean. So to be 100% sure, it is always better to ask the service you want to interact with for the pre-trade AML check rather than checking it yourself.

Taking a few minutes to request an AML check can prevent problems like the permanent loss of your funds. A service that respects your privacy will have no problem with this reasonable request.

Rule #5: Seek fungibility

To protect yourself from arbitrary fund freezing and "dirty coin" accusations, simply use privacy coins whenever possible. While transparent blockchains expose your entire transaction history to scrutiny, privacy coins make these predatory scanning practices completely useless.

Traditional cryptocurrencies like Bitcoin and Ethereum operate on transparent blockchains where every transaction is publicly visible forever. This means not all coins are treated equally. A Bitcoin you received might be worth less than another Bitcoin simply because of its transaction history, even when you had nothing to do with that history.

Even if you try to break the history with mixers or coinjoins, you are leaving patterns that will also taint the coins. Once they are marked as "tainted" by blockchain analysis, that reputation follows them indefinitely, you can even be penalized for transactions that occurred years before you owned the cryptocurrency, creating an unfair system of inherited blame.

Monero's privacy-by-default architecture makes transaction scanning impossible. Legitimate services that respect user privacy usually welcome privacy coins. Services that discriminate against privacy coins often have ulterior motives.

Using privacy coins is often simpler because you don't need to worry about coin history or risk scores. So, any chance you get to use a privacy coin such as Monero, just do it. Browse services that accept Monero on the directory.

Conclusion

Even by following all these rules, you're still assuming a certain level of risk. However, by following these simple safety measures, you will dramatically reduce your exposure to scams, fund freezes, and predatory practices. And, if a problem occurs, having good evidence is your best defense. Records like screenshots and transaction histories are essential for resolving disputes and reporting scams to protect others.

Silent.link review: anonymous eSIM with crypto payments

pluja — Tue, 08 Apr 2025 12:04:47 GMT

Silent.link is an anonymous eSIM provider. They offer pay-as-you-go roaming in 160+ countries.

Pros

Anonymous
Private payment options
High performance
Global availability

Cons

Need to select the right networks sometimes
Latency
Data and incoming SMS & call only

Rating

★★★★★

Service website

Silent.link

eSIMs replace traditional, physical SIM cards, if you have a fairly new phone, odds are it supports them. Since most people change their mobile carrier very rarely, the most common use case for these new eSIMs is their use in travel. Although their use as a piece of a larger OPSEC puzzle to improve privacy when using the internet from your phone is increasingly popular too.

Silent.link is not the only eSIM provider out there. Yet, they’re so unique that even Twitter’s (now X) founder Jack Dorsey recommends them.

Let’s start off with a quick explanation of how Silent.link works and what pay-as-you-go means. Most other eSIM providers will sell you packages of GBs with an expiration date. For instance imagine you’re visiting France then going to the UK after a few months. With other providers you might buy a 10GB in France package valid for 7 days, then after some months a 10GB in the UK package also valid for 7 days. You likely won’t use up the full package in either country and the remaining capacity will be voided as the package expires.

Silent.link’s pay-as-you-go is different. There are no geographic packages. There are no expiration dates. You simply have a balance denominated in USD and are charged as you use up the data according to the pricing of whichever local carrier you’re connecting via.

Preparing for the same trips from the example above you’d simply top-up your Silent.link balance with $10. Then you’d use Silent.link in France paying $1.33/GB, you’d only be charged for the exact amount used, then you’d go to the UK and pay $1.54/GB from the balance you had left over from France. It doesn’t matter how much time passes between the trips, because Silent.link balances don’t expire. If you have a balance left over you can use it on a future trip, or simply use it up in your home country.

Pros

Anonymity

Silent.link is anonymous. Most other eSIM providers require some form of identification. This can be a traditional, full KYC, procedure involving your ID or passport numbers or, as seemingly innocent, as verifying your phone number with your main carrier. Regardless, a link between the eSIM you bought online and your identity is established.

In some countries you’ll be able to pick up a traditional SIM (or the new eSIM) from a local carrier without undergoing this verification. This can still be a hassle though. You’ll need to look up the laws before travelling, you’ll need to find a local store selling them, you’ll need to decide how you’ll pay privately, etc. And that’s the best case, that’s assuming the country you want to get the SIM in allows you to buy one anonymously.

Private payment methods

Silent.link only accepts cryptocurrency and according to their stats, most payments are made with Bitcoin (either onchain or using the Lightning Network) or with Monero. As such paying anonymously is not a problem. The use a self-hosted instance of BTCPay Server to process payments and operate their own LN node. The entire checkout process can be completed over Tor.

Cons

Network selection

Although you can skip the hassle of buying a new eSIM every time you travel it’s a good idea to look up the pricing of different mobile networks in the country you’re going to. The differences can be trivial, but can also be 100x. If a specific mobile network offers a much better deal, you’ll probably want to dive into your phone’s settings to make sure it only connects to that network.

High prices for some regions

Second issue can be that, especially for poorer countries, Silent.link might not have the best prices. For instance if you travel to Angola you’ll end up paying $155.44/GB. But if you search around for other providers you’ll find eSIM that offer much lower prices for that same country.

Data & incoming SMS & calls only

These eSIMs are either data-only or only offer data and inbound sms and calls. You can’t use Silent.link eSIMs to send texts or make phone calls.

Latency

For most use-cases this shouldn’t matter, but the way roaming works is that when you’re abroad your data is first sent to your home country then sent out into the internet from there. For instance if you’re a Brit on holiday in Spain wherever you open up a website your phone communicates with the Spanish network who forwards the request to your home network in the UK and only there does the request start going towards the website you’re trying to load. The response takes the same path in reverse.

The home network for the Silent.link eSIMs is Poland. To take an extreme (antipodal) example, if you’re in Chile loading a Chilean website your request will go to Poland then back from Poland to the website’s server in Chile, then the response will go from Chile to Poland to you (in Chile). All those trips add latency. In our testing, done during the recent OrangeFren.com meetup in Istanbul, the difference was an additional 73ms. The bandwidth, however, was exceptional, easily surpassing 100 Mbps.

This latency issue isn’t unique to Silent.link, other eSIM providers usually suffer from it too, though their home network may be better suited for your latency needs. If you need the best latency we recommend a SIM from a local provider (or WiFi).

This proxy behaviour isn’t all negative however. It may potentially allow you to circumvent censorship or geoblocking if you’re trying to access resources available from Poland, but unavailable elsewhere.

Besides Istanbul one of the countries we also tested Silent.link in was Northern Cyprus. This territory is mostly unrecognized. It’s a country that, depending on who you ask, is or isn’t real. Despite this unresolved geopolitical status Silent.link performed without any issues.

Installation

If you decide to give Silent.link a try, you'll need to select if you want a data-only plan or a plan with inbound SMS & calling, once you complete the payment simply scan the QR code on the order confirmation page with your phone. Make sure to save the url of that order confirmation page somewhere! You will need it to top up your eSIM and check your remaining balance.

Getting in touch

The preferred way of contacting Silent.link's support is using the website's built-in chat function. Alternative methods include X (formerly Twitter), Matrix and email.

Their support is online from 09:00 - 21:00 UTC although even when testing outside of those hours we got a reply within a minute.

NOTE: These reviews are sponsored, yet the sponsorship does not influence the outcome of the evaluations. Sponsored reviews are independent from the kycnot.me list, being only part of the blog. The reviews have no impact on the scores of the listings or their continued presence on the list. Should any issues arise, I will not hesitate to remove any listing.

Before paying any service in crypto, follow the 5 rules for safely using crypto services.

Four years

pluja — Fri, 14 Jun 2024 12:04:47 GMT

The future is there... staring back at us. Trying to make sense of the fiction we will have become.

William Gibson

This month is the 4th anniversary of kycnot.me. Thank you for being here.

Fifteen years ago, Satoshi Nakamoto introduced Bitcoin, a peer-to-peer electronic cash system: a decentralized currency free from government and institutional control. Nakamoto's whitepaper showed a vision for a financial system based on trustless transactions, secured by cryptography. Some time forward and KYC (Know Your Customer), AML (Anti-Money Laundering), and CTF (Counter-Terrorism Financing) regulations started to come into play.

What a paradox: to engage with a system designed for decentralization, privacy, and independence, we are forced to give away our personal details. Using Bitcoin in the economy requires revealing your identity, not just to the party you interact with, but also to third parties who must track and report the interaction. You are forced to give sensitive data to entities you don't, can't, and shouldn't trust. Information can never be kept 100% safe; there's always a risk. Information is power, who knows about you has control over you.

Information asymmetry creates imbalances of power. When entities have detailed knowledge about individuals, they can manipulate, influence, or exploit this information to their advantage. The accumulation of personal data by corporations and governments enables extensive surveillances.

Such practices, moreover, exclude individuals from traditional economic systems if their documentation doesn't meet arbitrary standards, reinforcing a dystopian divide. Small businesses are similarly burdened by the costs of implementing these regulations, hindering free market competition¹:

How will they keep this information safe? Why do they need my identity? Why do they force businesses to enforce such regulations? It's always for your safety, to protect you from the "bad". Your life is perpetually in danger: terrorists, money launderers, villains... so the government steps in to save us.

‟Hush now, baby, baby, don't you cry Mamma's gonna make all of your nightmares come true Mamma's gonna put all of her fears into you Mamma's gonna keep you right here, under her wing She won't let you fly, but she might let you sing Mamma's gonna keep baby cosy and warm”

Mother, Pink Floyd

We must resist any attack on our privacy and freedom. To do this, we must collaborate.

If you have a service, refuse to ask for KYC; find a way. Accept cryptocurrencies like Bitcoin and Monero. Commit to circular economies. Remove the need to go through the FIAT system. People need fiat money to use most services, but we can change that.

If you're a user, donate to and prefer using services that accept such currencies. Encourage your friends to accept cryptocurrencies as well. Boycott FIAT system to the greatest extent you possibly can.

This may sound utopian, but it can be achieved. This movement can't be stopped. Go kick the hornet's nest.

We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

Eric Hughes, A Cypherpunk's Manifesto

The anniversary

Four years ago, I began exploring ways to use crypto without KYC. I bookmarked a few favorite services and thought sharing them to the world might be useful. That was the first version of kycnot.me: a simple list of about 15 services. Since then, I've added services, rewritten it three times, and improved it to what it is now.

kycnot.me has remained 100% open source² all these years. I've received offers to buy the site, all of which I have declined and will continue to decline. It has been DDoS attacked many times, but we made it through. I have also rewritten the whole site almost once per year (three times in four years).

The code and scoring algorithm are open source (contributions are welcome) and I can't arbitrarly change a service's score without adding or removing attributes, making any arbitrary alterations obvious if they were fake. You can even see the score summary for any service's score.

I'm a one-person team, dedicating my free time to this project. I hope to keep doing so for many more years. Again, thank you for being part of this.

The full case for why this site exists is in KYC? No, thanks. For practical guides, start with the 5 rules to avoid scams and frozen funds, a DIY metal seed backup for under €20, and the history of Monero.

Swapter review: cheap and liquid, but watch for shotgun KYC

pluja — Tue, 21 May 2024 12:04:47 GMT

These reviews are sponsored, yet the sponsorship does not influence the outcome of the evaluations. Sponsored reviews are independent from the kycnot.me list, being only part of the blog. The reviews have no impact on the scores of the listings or their continued presence on the list. Should any issues arise, I will not hesitate to remove any listing. Reviews are in collaboration with Orangefren.

The review

Swapter.io is an all-purpose instant exchange. They entered the scene in the depths of the bear market about 2 years ago in June of 2022.

Pros	Cons
Low fees	Shotgun KYC with opaque triggers
Large liquidity	Relies on 3rd party liquidity
Works over Tor	Front-end not synced with back-end
Pretty UI

Rating: ★★★☆☆ Service Website: swapter.io

⚠️ There is an ongoing issue with this service: read more on Reddit.

Test Trades

During our testing we performed a trade from XMR to LTC, and then back to XMR.

Our first trade had the ID of: mpUitpGemhN8jjNAjQuo6EvQ. We were promised 0.8 LTC for sending 0.5 XMR, before we sent the Monero. When the Monero arrived we were sent 0.799 LTC.

On the return journey we performed trade with ID: yaCRb5pYcRKAZcBqg0AzEGYg. This time we were promised 0.4815 XMR for sending 0.799 LTC. After Litecoin arrived we were sent 0.4765 XMR.

As such we saw a discrepancy of ~0.1%!(MISSING) in the first trade and ~1%!(MISSING) in the second trade. Considering those trades were floating we determine the estimates presented in the UI to be highly accurate and honest.

Of course Swapter could've been imposing a large fee on their estimates, but we checked their estimates against CoinGecko and found the difference to be equivalent to a fee of just over 0.5%!(MISSING). Perfectly in line with other swapping services.

Trading

Swapter supports BTC, LTC, XMR and well over a thousand other coins. Sadly they don't support the Lightning Network. For the myriad of currencies they deal with they provide massive upper limits. You could exchange tens, or even hundreds, of thousands of dollars worth of cryptocurrency in a single trade (although we wouldn't recommend it).

The flip side to this is that Swapter relies on 3rd party liquidity. Aside from the large liqudity this also benefits the user insofar as it allows for very low fees. However, it also comes with a negative - the 3rd party gets to see all your trades. Unfortunately Swapter opted not to share where they source their liquidity in their Privacy Policy or Terms of Service.

KYC & AML policies

Swapter reserves the right to require its users to provide their full name, their date of birth, their address and government-issued ID. A practice known as "shotgun KYC". This should not happen often - in our testing it never did - however it's not clear when exactly it could happen. The AML & KYC policy provided on Swapter's website simply states they will put your trade on hold if their "risk scoring system [deems it] as suspicious".

Worse yet, if they determine that "any of the information [the] customer provided is incorrect, false, outdated, or incomplete" then Swapter may decide to terminate all of the services they provide to the user. What exactly would happen to their funds in such a case remains unclear.

The only clarity we get is that the Swapter policy outlines a designated 3rd party that will verify the information provided by the user. The third party's name is Sum & Substance Ltd, also simply known as samsub and available at sumsub.com

It's understandable that some exchanges will decide on a policy of this sort, especially when they rely on external liquidity, but we would prefer more clarity be given. When exactly is a trade suspicious?

Tor

We were pleased to discover Swapter works over Tor. However, they do not provide a Tor mirror, nor do they work without JavaScript. Additionally, we found that some small features, such as the live chat, did not work over Tor. Fortunately, other means of contacting their support are still available.

UI

We have found the Swapter UI to be very modern, straightforward and simple to use. It's available in 4 languages (English, French, Dutch and Russian), although we're unable to vouch for the quality of some of those, the ones that we used seemed perfectly serviceable.

Our only issue with the UI was that it claims the funds have been sent following the trade, when in reality it seems to take the backend a minute or so to actually broadcast the transaction.

Getting in touch

Swapter's team has a chat on their website, a support email address and a support Telegram. Their social media presence in most active on Telegram and X (formerly Twitter).

Disclaimer

None of the above should be understood as investment or financial advice. The views are our own only and constitute a faithful representation of our experience in using and investigating this exchange. This review is not a guarantee of any kind on the services rendered by the exchange. Do your own research before using any service.

Swapter's shotgun KYC policy makes the 5 rules for safely using crypto services especially relevant. For a swap with a stricter no-KYC stance, see our WizardSwap review.

DIY Cryptosteel alternative for under €20

pluja — Wed, 17 Apr 2024 12:04:47 GMT

I've been thinking about how to improve my seed backup in a cheap and cool way, mostly for fun. Until now, I had the seed written on a piece of paper in a desk drawer, and I wanted something more durable and fire-proof.

Show me the final result!

After searching online, I found two options I liked the most: the Cryptosteel Capsule and the Trezor Keep. These products are nice but quite expensive, and I didn't want to spend that much on my seed backup. Privacy is also important, and sharing details like a shipping address makes me uncomfortable. This concern has grown since the Ledger incident¹. A $5 wrench attack² seems too cheap, even if you only hold a few sats.

Upon seeing the design of Cryptosteel, I considered creating something similar at home. Although it may not be as cool as their device, it could offer almost the same in terms of robustness and durability.

Step 1: Get the materials and tools

When choosing the materials, you will want to go with stainless steel. It is durable, resistant to fire, water, and corrosion, very robust, and does not rust. Also, its price point is just right; it's not the cheapest, but it's cheap for the value you get.

I went to a material store and bought:

Two bolts
Two hex nuts and head nuts for the bolts
A bag of 30 washers

All items were made of stainless steel. The total price was around €6. This is enough for making two seed backups.

You will also need:

A set of metal letter stamps (I bought a 2mm-size letter kit since my washers were small, 6mm in diameter)
- You can find these in local stores or online marketplaces. The set I bought cost me €13.
A good hammer
A solid surface to stamp on

Total spent: 19€ for two backups

Step 2: Stamp and store

Once you have all the materials, you can start stamping your words. There are many videos on the internet that use fancy 3D-printed tools to get the letters nicely aligned, but I went with the free-hand option. The results were pretty decent.

I only stamped the first 4 letters for each word since the BIP-39 wordlist allows for this. Because my stamping kit did not include numbers, I used alphabet letters to define the order. This way, if all the washers were to fall off, I could still reassemble the seed correctly.

The final result

So this is the final result. I added two smaller washers as protection and also put the top washer reversed so the letters are not visible:

Compared to the Cryptosteel or the Trezor Keep, its size is much more compact. This makes for an easier-to-hide backup, in case you ever need to hide it inside your human body.

Some ideas

Tamper-evident seal

To enhance the security this backup, you can consider using a tamper-evident seal. This can be easily achieved by printing a unique image or using a specific day's newspaper page (just note somewhere what day it was).

Apply a thin layer of glue to the washer's surface and place the seal over it. If someone attempts to access the seed, they will be forced to destroy the seal, which will serve as an evident sign of tampering.

This simple measure will provide an additional layer of protection and allow you to quickly identify any unauthorized access attempts.

Note that this method is not resistant to outright theft. The tamper-evident seal won't stop a determined thief but it will prevent them from accessing your seed without leaving any trace.

Redundancy

Make sure to add redundancy. Make several copies of this cheap backup, and store them in separate locations.

Unique wordset

Another layer of security could be to implement your own custom mnemonic dictionary. However, this approach has the risk of permanently losing access to your funds if not implemented correctly.

If done properly, you could potentially end up with a highly secure backup, as no one else would be able to derive the seed phrase from it. To create your custom dictionary, assign a unique number from 1 to 2048 to a word of your choice. Maybe you could use a book, and index the first 2048 unique words that appear. Make sure to store this book and even get a couple copies of it (digitally and phisically).

This self-curated set of words will serve as your personal BIP-39 dictionary. When you need to translate between your custom dictionary and the official BIP-39 wordlist, simply use the index number to find the corresponding word in either list.

Never write the idex or words on your computer (Do not use Ctr+F)

A backed-up seed only matters if you also use crypto services safely. Read the 5 rules for safely using crypto services for the other half of the picture, and browse no-KYC services that accept Bitcoin when you need to acquire more.

How a leaderless community turned BitMonero into Monero

pluja — Thu, 28 Mar 2024 12:04:47 GMT

Bitcoin enthusiasts frequently and correctly remark how much value it adds to Bitcoin not to have a face, a leader, or a central authority behind it. This particularity means there isn't a single person to exert control over, or a single human point of failure who could become corrupt or harmful to the project.

Because of this, it is said that no other coin can be equally valuable as Bitcoin in terms of decentralization and trustworthiness. Bitcoin is unique not just for being first, but also because of how the events behind its inception developed. This implies that, from Bitcoin onwards, any coin created would have been created by someone, consequently having an authority behind it. For this and some other reasons, some people refer to Bitcoin as "The Immaculate Conception".

While other coins may have their own unique features and advantages, they may not be able to replicate Bitcoin's community-driven nature. However, one other cryptocurrency shares a similar story of mystery behind its creation: Monero.

History of Monero

Bytecoin and CryptoNote

In March 2014, a Bitcointalk thread titled "Bytecoin. Secure, private, untraceable since 2012" was initiated by a user under the nickname "DStrange"¹. DStrange presented Bytecoin (BCN) as a unique cryptocurrency, in operation since July 2012. Unlike Bitcoin, it employed a new algorithm known as CryptoNote.

DStrange apparently stumbled upon the Bytecoin website by chance while mining a dying bitcoin fork, and decided to create a thread on Bitcointalk¹. This sparked curiosity among some users, who wondered how could Bytecoin remain unnoticed since its alleged launch in 2012 until then² ³.

Some time after, a user brought up the "CryptoNote v2.0" whitepaper for the first time, underlining its innovative features⁴. Authored by the pseudonymous Nicolas van Saberhagen in October 2013, the CryptoNote v2 whitepaper⁵ highlighted the traceability and privacy problems in Bitcoin. Saberhagen argued that these flaws could not be quickly fixed, suggesting it would be more efficient to start a new project rather than trying to patch the original⁵, an statement simmilar to the one from Satoshi Nakamoto⁶.

Checking with Saberhagen's digital signature, the release date of the whitepaper seemed correct, which would mean that Cryptonote (v1) was created in 2012⁷ ⁸, although there's an important detail: "Signing time is from the clock on the signer's computer" ⁹.

Moreover, the whitepaper v1 contains a footnote link to a Bitcointalk post dated May 5, 2013¹⁰, making it impossible for the whitepaper to have been signed and released on December 12, 2012.

As the narrative developed, users discovered that a significant 80% portion of Bytecoin had been pre-mined¹¹ and blockchain dates seemed to be faked to make it look like it had been operating since 2012, leading to controversy surrounding the project.

The origins of CryptoNote and Bytecoin remain mysterious, leaving suspicions of a possible scam attempt, although the whitepaper had a good amount of work and thought on it.

The fork

In April 2014, the Bitcointalk user thankful_for_today, who had also participated in the Bytecoin thread¹², announced plans to launch a Bytecoin fork named Bitmonero¹³ ¹⁴.

The primary motivation behind this fork was "Because there is a number of technical and marketing issues I wanted to do differently. And also because I like ideas and technology and I want it to succeed"¹⁴. This time Bitmonero did things different from Bytecoin: there was no premine or instamine, and no portion of the block reward went to development.

However, thankful_for_today proposed controversial changes that the community disagreed with. Johnny Mnemonic relates the events surrounding Bitmonero and thankful_for_today in a Bitcointalk comment¹⁵:

When thankful_for_today launched BitMonero [...] he ignored everything that was discussed and just did what he wanted. The block reward was considerably steeper than what everyone was expecting. He also moved forward with 1-minute block times despite everyone's concerns about the increase of orphan blocks. He also didn't address the tail emission concern that should've (in my opinion) been in the code at launch time. Basically, he messed everything up. Then, he disappeared.

After disappearing for a while, thankful_for_today returned to find that the community had taken over the project. Johnny Mnemonic continues:

I, and others, started working on new forks that were closer to what everyone else was hoping for. [...] it was decided that the BitMonero project should just be taken over. There were like 9 or 10 interested parties at the time if my memory is correct. We voted on IRC to drop the "bit" from BitMonero and move forward with the project. Thankful_for_today suddenly resurfaced, and wasn't happy to learn the community had assumed control of the coin. He attempted to maintain his own fork (still calling it "BitMonero") for a while, but that quickly fell into obscurity.

The unfolding of these events show us the roots of Monero. Much like Satoshi Nakamoto, the creators behind CryptoNote/Bytecoin and thankful_for_today remain a mystery¹⁶ ¹⁷, having disappeared without a trace. This enigma only adds to Monero's value.

Since community took over development, believing in the project's potential and its ability to be guided in a better direction, Monero was given one of Bitcoin's most important qualities: a leaderless nature. With no single face or entity directing its path, Monero is safe from potential corruption or harm from a "central authority".

The community continued developing Monero until today. Since then, Monero has undergone a lot of technological improvements, migrations and achievements such as RingCT and RandomX. It also has developed its own Community Crowdfundinc System, conferences such as MoneroKon and Monerotopia are taking place every year, and has a very active community around it.

Monero continues to develop with goals of privacy and security first, ease of use and efficiency second. ¹⁸

This stands as a testament to the power of a dedicated community operating without a central figure of authority. This decentralized approach aligns with the original ethos of cryptocurrency, making Monero a prime example of community-driven innovation. For this, I thank all the people involved in Monero, that lead it to where it is today.

If you find any information that seems incorrect, unclear or any missing important events, please contact me and I will make the necessary changes.

Looking to use Monero today? Browse services that accept XMR on the directory. For the broader fight against the surveillance regime that KYC built, read KYC? No, thanks.

Sources of interest

WizardSwap review: a Tor-friendly no-KYC privacy coin swap

pluja — Sat, 02 Mar 2024 12:04:47 GMT

I'm launching a new service review section on this blog in collaboration with OrangeFren. These reviews are sponsored, yet the sponsorship does not influence the outcome of the evaluations. Reviews are done in advance, then, the service provider has the discretion to approve publication without modifications.

Sponsored reviews are independent from the kycnot.me list, being only part of the blog. The reviews have no impact on the scores of the listings or their continued presence on the list. Should any issues arise, I will not hesitate to remove any listing.

The review

WizardSwap is an instant exchange centred around privacy coins. It was launched in 2020 making it old enough to have weathered the 2021 bull run and the subsequent bearish year.

Pros	Cons
Tor-friendly	Limited liquidity
Guarantee of no KYC	Overly simplistic design
Earn by providing liquidity

Rating: ★★★★★ Service Website: wizardswap.io

Liquidity

Right off the bat, we'll start off by pointing out that WizardSwap relies on its own liquidity reserves, meaning they aren't just a reseller of Binance or another exchange. They're also committed to a no-KYC policy, when asking them, they even promised they would rather refund a user their original coins, than force them to undergo any sort of verification.

On the one hand, full control over all their infrastructure gives users the most privacy and conviction about the KYC policies remaining in place.

On the other hand, this means the liquidity available for swapping isn't huge. At the time of testing we could only purchase at most about 0.73 BTC with XMR.

It's clear the team behind WizardSwap is aware of this shortfall and so they've come up with a solution unique among instant exchanges. They let you, the user, deposit any of the currencies they support into your account and earn a profit on the trades made using your liquidity.

Trading

Fees on WizardSwap are middle-of-the-pack. The normal fee is 2.2%! (MISSING)That's more than some exchanges that reserve the right to suddenly demand you undergo verification, yet less than half the fees on some other privacy-first exchanges. However as we mentioned in the section above you can earn almost all of that fee (2%!)(MISSING) if you provide liquidity to WizardSwap.

It's good that with the current Bitcoin fee market their fees are constant regardless of how much, or how little, you send. This is in stark contrast with some of the alternative swap providers that will charge you a massive premium when attempting to swap small amounts of BTC away.

Test trades

Test trades are always performed without previous notice to the service provider.

During our testing we performed a few test trades and found that every single time WizardSwap immediately detected the incoming transaction and the amount we received was exactly what was quoted before depositing. The fees were inline with what WizardSwap advertises.

Monero payment proof
Bitcoin received
Wizardswap TX link - it's possible that this link may cease to be valid at some point in the future.

ToS and KYC

WizardSwap does not have a Terms of Service or a Privacy Policy page, at least none that can be found by users. Instead, they offer a FAQ section where they addresses some basic questions.

The site does not mention any KYC or AML practices. It also does not specify how refunds are handled in case of failure. However, based on the FAQ section "What if I send funds after the offer expires?" it can be inferred that contacting support is necessary and network fees will be deducted from any refund.

UI & Tor

WizardSwap can be visited both via your usual browser and Tor Browser. Should you decide on the latter you'll find that the website works even with the most strict settings available in the Tor Browser (meaning no JavaScript).

However, when disabling Javascript you'll miss the live support chat, as well as automatic refreshing of the trade page. The lack of the first means that you will have no way to contact support from the trade page if anything goes wrong during your swap, although you can do so by mail.

One important thing to have in mind is that if you were to accidentally close the browser during the swap, and you did not save the swap ID or your browser history is disabled, you'll have no easy way to return to the trade. For this reason we suggest when you begin a trade to copy the url or ID to someplace safe, before sending any coins to WizardSwap.

The UI you'll be greeted by is simple, minimalist, and easy to navigate. It works well not just across browsers, but also across devices. You won't have any issues using this exchange on your phone.

Getting in touch

The team behind WizardSwap appears to be most active on X (formerly Twitter): https://twitter.com/WizardSwap_io

If you have any comments or suggestions about the exchange make sure to reach out to them. In the past they've been very receptive to user feedback, for instance a few months back WizardSwap was planning on removing DeepOnion, but the community behind that project got together ¹ and after reaching out WizardSwap reversed their decision ².

You can also contact them via email at: support @ wizardswap . io

Disclaimer

Before sending crypto to any service, including WizardSwap, follow the 5 rules for safely using crypto services. For another sponsored swap review, see Swapter.

KYC? No, thanks: how identity verification harms privacy

pluja — Thu, 28 Sep 2023 12:04:47 GMT

Know Your Customer is a regulation that requires companies of all sizes to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. Such procedures fit within the broader scope of anti-money laundering (AML) and counterterrorism financing (CTF) regulations.

Banks, exchanges, online business, mail providers, domain registrars... Everyone wants to know who you are before you can even opt for their service. Your personal information is flowing around the internet in the hands of "god-knows-who" and secured by "trust-me-bro military-grade encryption". Once your account is linked to your personal (and verified) identity, tracking you is just as easy as keeping logs on all these platforms.

Rights for Illusions

KYC processes aim to combat terrorist financing, money laundering, and other illicit activities. On the surface, KYC seems like a commendable initiative. I mean, who wouldn't want to halt terrorists and criminals in their tracks?

The logic behind KYC is: "If we mandate every financial service provider to identify their users, it becomes easier to pinpoint and apprehend the malicious actors."

However, terrorists and criminals are not precisely lining up to be identified. They're crafty. They may adopt false identities or find alternative strategies to continue their operations. Far from being outwitted, many times they're several steps ahead of regulations. Realistically, KYC might deter a small fraction, perhaps 1% of these malefactors. Yet, the cost? All of us are saddled with the inconvenient process of identification just to use a service.

The numbers back this up year after year. Chainalysis found that illicit activity accounted for just 0.34% of crypto transaction volume in 2023¹. In 2024, even as illicit volumes grew in absolute terms, they still represented a small fraction of overall activity². And 2025, which Chainalysis called a record year for illicit flows with increasingly professionalized on-chain crime, still saw crypto crime account for less than 1% of all transaction volume³. KYC punishes everyone to maybe inconvenience a few.

Under the rhetoric of "ensuring our safety", governments and institutions enact regulations that seem more out of a dystopian novel, gradually taking away our right to privacy.

To illustrate, consider a city where the mayor has rolled out facial recognition cameras in every nook and cranny. A band of criminals, intent on robbing a local store, rolls in with a stolen car, their faces obscured by masks and their bodies cloaked in all-black clothes. Once they've committed the crime and exited the city's boundaries, they switch vehicles and clothes out of the cameras' watchful eyes. The high-tech surveillance? It didn’t manage to identify or trace them. Yet, for every law-abiding citizen who merely wants to drive through the city or do some shopping, their movements and identities are constantly logged. The irony? This invasive tracking impacts all of us, just to catch the 1% of less-than-careful criminals.

KYC? Not you.

KYC creates barriers to participation in normal economic activity, to supposedly stop criminals. ⁴

KYC puts barriers between many users and businesses. One of these comes from the fact that the process often requires multiple forms of identification, proof of address, and sometimes even financial records. For individuals in areas with poor record-keeping, non-recognized legal documents, or those who are unbanked, homeless or transient, obtaining these documents can be challenging, if not impossible.

For people who are not skilled with technology or just don't have access to it, there's also a barrier since KYC procedures are mostly online, leaving them inadvertently excluded.

Another barrier goes for the casual or one-time user, where they might not see the value in undergoing a rigorous KYC process, and these requirements can deter them from using the service altogether.

It also wipes some businesses out of the equation, since for smaller businesses, the costs associated with complying with KYC norms (from the actual process of gathering and submitting documents to potential delays in operations) can be prohibitive in economical and/or technical terms.

You're not welcome

Imagine a swanky new club in town with a strict "members only" sign. You hear the music, you see the lights, and you want in. You step up, ready to join, but suddenly there's a long list of criteria you must meet. After some time, you are finally checking all the boxes. But then the club rejects your membership with no clear reason why. You just weren't accepted. Frustrating, right?

This club scenario isn't too different from the fact that KYC is being used by many businesses as a convenient gatekeeping tool. A perfect excuse based on a "legal" procedure they are obliged to.

Even some exchanges may randomly use this to freeze and block funds from users, claiming these were "flagged" by a cryptic system that inspects the transactions. You are left hostage to their arbitrary decision to let you successfully pass the KYC procedure. If you choose to sidestep their invasive process, they might just hold onto your funds indefinitely.

Your identity has been stolen

KYC data has been found to be for sale on many dark net markets⁵. Exchanges may have leaks or hacks, and such leaks contain very sensitive data. We're talking about the full monty: passport or ID scans, proof of address, and even those awkward selfies where you're holding up your ID next to your face. All this data is being left to the mercy of the (mostly) "trust-me-bro" security systems of such companies. Quite scary, isn't it?

As cheap as $10 for 100 documents, with discounts applying for those who buy in bulk, the personal identities of innocent users who passed KYC procedures are for sale. ⁵

In short, if you have ever passed the KYC/AML process of a crypto exchange, your privacy is at risk of being compromised, or it might even have already been compromised.

(they) Know Your Coins

You may already know that Bitcoin and most cryptocurrencies have a transparent public blockchain, meaning that all data is shown unencrypted for everyone to see and recorded forever. If you link an address you own to your identity through KYC, for example, by sending an amount from a KYC exchange to it, your Bitcoin is no longer pseudonymous and can then be traced.

If, for instance, you send Bitcoin from such an identified address to another KYC'ed address (say, from a friend), everyone having access to that address-identity link information (exchanges, governments, hackers, etc.) will be able to associate that transaction and know who you are transacting with.

Conclusions

To sum up, KYC does not protect individuals; rather, it's a threat to our privacy, freedom, security and integrity. Sensible information flowing through the internet is thrown into chaos by dubious security measures. It puts borders between many potential customers and businesses, and it helps governments and companies track innocent users. That's the chaos KYC has stirred.

The criminals are using stolen identities from companies that gathered them thanks to these very same regulations that were supposed to combat them. Criminals always know how to circumvent such regulations. In the end, normal people are the most affected by these policies.

The threat that KYC poses to individuals in terms of privacy, security and freedom is not to be neglected. And if we don’t start challenging these systems and questioning their efficacy, we are just one step closer to the dystopian future that is now foreseeable.

KYCnot.me is the practical answer to this critique. See why this site exists, and if you choose to use crypto services, follow the 5 rules to avoid scams and frozen funds.

Edited 20/03/2024

Add reference to the 1% statement on Rights for Illusions section to an article where Chainalysis found that only 0.34% of the transaction volume with cryptocurrencies in 2023 was attributable to criminal activity ¹

Edited 12/04/2026

Updated Rights for Illusions with 2024 and 2025 Chainalysis data confirming illicit crypto activity remains below 1% of total volume, even as absolute illicit flows hit record highs ²³

KYCnot.me Blog

Making reviews harder to game

What changed

One user, one active rating

New account limits

Private proof

Moderation rules

Why this is better

Compare no-KYC crypto swap rates on KYCnot.me

How it works

Why add this now?

What's next

Transparency

Avoid scams and frozen funds in crypto services

The risks

Transactions are Irreversible

Shotgun KYC

Transaction Scanning

Other Concerns

The rules

Rule #1: Batch Your Amounts

Rule #2: Record Everything

Rule #3: Do Your Own Research

Rule #4: Ask for AML Checks

DIY AML Checking Options

Rule #5: Seek fungibility

Conclusion

Silent.link review: anonymous eSIM with crypto payments

Pros

Cons

Rating

Service website

Pros

Anonymity

Private payment methods

Cons

Network selection

High prices for some regions

Data & incoming SMS & calls only

Latency

Installation

Getting in touch

Four years

The anniversary

Footnotes

Swapter review: cheap and liquid, but watch for shotgun KYC

The review

Test Trades

Trading

KYC & AML policies

Tor

UI

Getting in touch

Disclaimer

DIY Cryptosteel alternative for under €20

Step 1: Get the materials and tools

Step 2: Stamp and store

The final result

Some ideas

Tamper-evident seal

Redundancy

Unique wordset

Footnotes

How a leaderless community turned BitMonero into Monero

History of Monero

Bytecoin and CryptoNote

The fork

Sources of interest

Footnotes

WizardSwap review: a Tor-friendly no-KYC privacy coin swap

The review

Liquidity

Trading

Test trades

ToS and KYC

UI & Tor

Getting in touch

Disclaimer

Footnotes

KYC? No, thanks: how identity verification harms privacy