• Making Bitcoin Cash-Like Again: CoinJoin on Tails with Wasabi 🔒
  • Why CoinJoin? Privacy and Fungibility
  • The Setup: Tails, Tor, and a Clean Environment
  • Getting Wasabi — and Never Trusting Blindly
  • Install and Persist
  • The One Thing You Must Never Lose: Seed and Passphrase
  • The Coordinator: Trust, but Verifiable
  • The Actual Mix — Step by Step
  • Are the Coins Safe Now?
  • Where Do Mixed Coins Belong?
  • Honest Assessment
  • Wasabi Under the Hood: Key Settings
  • Conclusion

§Making Bitcoin Cash-Like Again: CoinJoin on Tails with Wasabi 🔒

Bitcoin is not anonymous. That is the first sentence anyone should internalize who thinks a few sats will move unnoticed through the world. Bitcoin is pseudonymous — every transaction is permanently recorded on a public blockchain. The moment an address gets linked to your identity (and that happens the second you withdraw from a KYC exchange), anyone with the right tools can trace the thread forwards and backwards: where your money came from, where it went, how much you hold.

Imagine all your bank statements being public. Forever. That is the default state of transparent blockchain use. This article documents how I break that state with a CoinJoin — on an amnesic Tails system, over Tor, from first preparation to finished mix.

by Alien Investor

#Bitcoin #CoinJoin #Privacy #Tails #Wasabi #Sovereignty #OPSEC #Fungibility

────────────────

This is a documentation of my own process — not financial or legal advice. Using CoinJoin for legitimate privacy with your own, cleanly acquired coins is legal in most jurisdictions. The legal risk arises from concealing criminal proceeds, not from the tool itself.

────────────────

§Why CoinJoin? Privacy and Fungibility

CoinJoin severs the direct link between the inputs and outputs of a transaction. Multiple participants pool their coins, everything is mixed into standardized denominations, and an outside observer can no longer say which output belonged to which input. The result is two things:

Privacy — your balance, the origin of your coins, and your spending behavior are no longer visible to anyone who once knew one of your addresses.

Fungibility — your coins lose their attached history and become equivalent again. No tainted-coin stamp that discriminates against you.

The right analogy is cash. Nobody can tell who previously owned a banknote. CoinJoin recovers that cash-like property that a public ledger otherwise destroys. It is not a magic invisibility cloak — it is an anonymity set that grows strong with enough rounds.

────────────────

§The Setup: Tails, Tor, and a Clean Environment

I do not run this on my everyday machine. I use Tails — an amnesic live operating system from a USB stick that routes all traffic through Tor and leaves no traces after shutdown. That matches the principle: an isolated environment for an isolated task.

What I needed upfront:

• Persistent Storage activated and unlocked — Wasabi and the wallet need to survive a reboot
• Tor connected — a direct connection is sufficient in the EU, no bridge needed
• No admin password — Wasabi runs entirely in user space, nothing needs to be installed system-wide

────────────────

§Getting Wasabi — and Never Trusting Blindly

First step: download Wasabi. The filename contains the version number — a static name only returns an error. I download the archive and the signature:

cd ~/Persistent
VER="2.7.2"
curl -L "https://github.com/WalletWasabi/WalletWasabi/releases/download/v${VER}/Wasabi-${VER}-linux-x64.tar.gz" \
    -o "Wasabi-${VER}-linux-x64.tar.gz"
curl -L "https://github.com/WalletWasabi/WalletWasabi/releases/download/v${VER}/Wasabi-${VER}-linux-x64.tar.gz.asc" \
    -o "Wasabi-${VER}-linux-x64.tar.gz.asc"

And now the step most people skip — non-negotiable when real coins are about to flow through: verify. The signature proves provenance, exactly like I verify my hardware wallet firmware.

curl -L "https://raw.githubusercontent.com/WalletWasabi/WalletWasabi/master/PGP.txt" -o PGP.txt
gpg --import PGP.txt
gpg --verify "Wasabi-${VER}-linux-x64.tar.gz.asc" "Wasabi-${VER}-linux-x64.tar.gz"

What I want to see: “Good signature from zkSNACKs” and the matching fingerprint 6FB3 872B 5D42 292F 5992 0797 8563 4832 8949 861E. The warning that the key is not “trustfully certified” is normal — as long as the fingerprint matches, everything is fine. Verify, don’t trust.

────────────────

§Install and Persist

Unpacked with preserved permissions, moved to a clean location (the archive ships a deep CI path structure that needs cleaning up), and the wallet data symlinked into Persistent Storage so it survives reboots. The core is my launch script — it does two things: it uses Tails’ own Tor (instead of starting a second one, which would create Tor-over-Tor), and it sets the coordinator right away:

#!/bin/bash
if [ ! -L ~/.walletwasabi ]; then
    ln -s ~/Persistent/.walletwasabi ~/.walletwasabi
fi
COORDINATOR="https://coinjoin.kruw.io"
~/Persistent/Wasabi/wassabee --UseTor=EnabledOnlyRunning --CoordinatorUri="$COORDINATOR"

────────────────

§The One Thing You Must Never Lose: Seed and Passphrase

Now the wallet. “Create New Wallet”, choose a name — and then the moment things get serious: Wasabi shows the 12 words of the seed.

Immediately on paper. No photo, no screenshot, nothing digital. These 12 words are the only way to recover everything that flows through this wallet.

Then I set a passphrase — and here is what most people underestimate. In Wasabi the passphrase has a dual role. It does not just encrypt the local wallet file — it is a real key component (BIP39 passphrase). It is combined with the 12 words to derive the actual keys.

What this means in plain terms:

• 12 words + passphrase together = access. One without the other is worthless.
• If you enter a wrong passphrase when restoring, Wasabi simply loads a different, empty wallet — with no error message. You would think your money was gone.

The passphrase therefore goes onto paper with the same care as the seed, clearly labeled as separate. The password is requested fresh every session and never stored permanently — on Tails after shutdown it is completely gone. Your paper is the only source. That is exactly how it should be.

────────────────

§The Coordinator: Trust, but Verifiable

CoinJoin needs a coordinator that brings round participants together. The coordinator has no access to your coins at any point — the protocol is non-custodial. Since the original zkSNACKs coordinator shut down under regulatory pressure in 2024, you choose a third-party provider.

I went with Kruw (https://coinjoin.kruw.io): 0% fees, by far the largest volume and therefore the strongest anonymity set. I deliberately avoided coordinators that filter out “suspicious” coins via chain analysis — that is surveillance through the back door and undermines the very fungibility this is about.

Before mixing I check activity — a coordinator is only useful if rounds with many participants are currently running. On a CoinJoin explorer like wabisator.com I saw Kruw’s 24h volume at nearly 1,000 BTC while alternatives were far lower. High volume = many participants = strong anonymity set. Green light.

────────────────

§The Actual Mix — Step by Step

Now the core. I deliberately used a small test amount — ideal for a demonstration, and it reveals an important characteristic along the way.

1. Generate a receive address. In Wasabi: Receive → assign a mandatory label (I used “BitBox”, since that is where the coins come from) → Continue. Wasabi requires this label; it stays purely local and only helps with internal coin management.

2. Deposit coins. From the hardware wallet to the Wasabi address. Check the address character by character first — a Bitcoin transaction to the wrong address is irreversibly gone.

3. Wait for confirmation. Once Wasabi recognizes the coin, you are ready to go.

4. Press Play. And here came the first lesson: Wasabi does not mix automatically. By default you have to actively press Play. Wasabi also showed “Coinjoin may be uneconomical” — with small amounts, mining fees weigh disproportionately. For a demo: click through. For real savings: deposit more.

Then it ran. And it ran for a while — CoinJoin is patience work, not a quick send. I watched the phases pass:

• “Awaiting other participants” — registered, waiting for enough co-signers
• “Coinjoin in progress” — the round is active
• “Awaiting the blame round” — sounds dramatic, is routine: if a participant did not sign in the signing phase, the coordinator restarts with only the cooperative ones. The protocol is robust against dropouts.
• “Awaiting confirmed funds” — the mixed outputs wait for a blockchain confirmation before the next round can begin

Then the moment that matters: the Privacy Progress jumped from 0% upward — 88%, then 100%. In the wallet ring I could see my balance split into several anonymized parts, each with its own AnonScore. From one traceable coin, several mixed ones had emerged.

A point many people get wrong — I did too: you do not wait for an AnonScore to tick up to “50”. The AnonScore target is a setting, not a number you watch and stop at. Wasabi offers three strategies — Reduce Costs, Default Strategy, Enhance Privacy — each with its own target value. The first two aim for AnonScore 5, Enhance Privacy for a significantly higher value. You configure this under Wallet Settings → Coinjoin.

What you actually observe is the Privacy Progress: how much of your balance has reached the configured target. You set the goal upfront via the strategy — choose Enhance Privacy for stronger privacy — then wait until Privacy Progress hits 100% and Wasabi shows “Hurray! All your funds are private!”. That is the milestone, not a number ticking upward.

────────────────

§Are the Coins Safe Now?

A fair question mid-process. The answer has two layers.

Control: The coins are in my wallet the entire time, controlled by my seed and passphrase. The coordinator had no access at any point. Even if the Tails stick broke in that moment — with the 12 words and passphrase on paper I recover everything, because the coins sit on-chain at addresses derived from exactly that seed. That is what the backup was for.

Storage: During mixing the coins sit in a hot software wallet — more exposed than cold storage. The final step in the complete workflow is therefore: send the mixed coins to a fresh address on the hardware wallet, back into the cold. Never to the same address they came from — and under no circumstances back to a KYC exchange, because that would instantly destroy the privacy just gained.

────────────────

§Where Do Mixed Coins Belong?

The most common misconception: “Then I can only use the coins peer to peer.” Wrong. Mixed coins are perfectly normal Bitcoin — you can save, pay merchants, use Lightning, trade P2P. The only real friction arises at a KYC exchange whose analysis detects the mixer origin. And that is exactly where you do not want to go back as a privacy user — it would be like reopening the door you just closed.

The natural home for mixed coins is the self-custodied, non-KYC, P2P world: cold storage, direct trade, merchants, Lightning. That is the sovereignty principle — out of the surveillance financial system, toward Bitcoin as digital cash you truly control.

────────────────

§Honest Assessment

No article about privacy tools without the downsides — otherwise it would be advertising, not education.

No absolute value. CoinJoin is privacy on a probabilistic basis. Strong with enough rounds, but not a magic shield against every adversary.

Your own mistakes override everything. Merging mixed and unmixed coins, reusing addresses, sending to an identity-linked address — coin control after the mix is as important as the mix itself.

Residual trust in the coordinator. Centralized coordinators have theoretical weaknesses, and large pools inevitably attract shady actors too. That is the downside of the high activity that makes the anonymity set strong.

Clean session. If you mix anonymous coins in the same Tails session while logging in somewhere with your real identity, you re-link both. A mix session is only for the mix.

Small amounts are uneconomical. Mining fees eat proportionally large with few sats. Fine for a demonstration — for real privacy use meaningful amounts.

Do not mix your entire stack at once. KYC exchanges detect mixer origins and can reject deposits or freeze accounts. Authorities sometimes flag mixing as a money laundering indicator — even with legitimate coins. CoinJoin requires judgment: think carefully about which amounts you mix, for what purpose, and whether that fits your situation.

────────────────

§Wasabi Under the Hood: Key Settings

The defaults are already solid — Wasabi is deliberately built so most people don’t need to touch anything. But sovereignty also means knowing which controls exist. Here are the most important ones.

The two levers behind the strategies

The three strategies — Reduce Costs, Default Strategy, Enhance Privacy — are presets for two controls: the AnonScore target and non-private coin isolation. The first two target AnonScore 5, Enhance Privacy a significantly higher random value. Coin isolation prevents your not-yet-private coins from being registered together unfavorably in a round. Manual settings let you build a custom strategy.

When and how much is mixed

Auto-start is off by default — you press Play yourself. Enable it and Wasabi mixes automatically until Privacy Progress hits 100%. There is also a stop threshold (default 0.01 BTC): below this, auto-mix does not start. That is what is behind the “uneconomical” warning with small amounts.

Built-in brakes: fees and minimum size

You can set the maximum mining fee you will pay (default 150 sat/vByte) and the minimum number of inputs a round requires (default 21). Wasabi simply does not mix in too small a group — no round, no weak hiding spot. Since version 2.2.0 the client only joins rounds where it pays the normal mining fee — no coordinator fee. That is the technical meaning behind “0% fees”.

Anonymity set vs. AnonScore

Imagine ten identical marbles and ten friends. You give one to each, collect them back, shake the bag, and redistribute. The chance of correctly identifying the original marble is 1 in 10 — that is the anonymity set of 10, visible to anyone on a block explorer.

Wasabi 2.0 uses a finer measure: the AnonScore. It is calculated from the individual client’s perspective, accounts for edge cases, and is always equal to or lower than the set. Three things to know when spending:

• Multiple outputs of the same denomination in one round → lower AnonScore than a single output
• A transaction inherits the lowest AnonScore of its inputs — a chain is only as strong as its weakest link
• Spending two equal outputs from the same round together halves their anonymity — spend them in separate transactions to preserve full privacy

The automation works for you

When sending, the wallet spends private and semi-private coins first. Every address must be labeled (“who knows this address belongs to me”) — part of the coin-selection logic, not bureaucracy. Used addresses disappear so you don’t accidentally reuse them. And “safety coinjoins”: a first deposit into an empty wallet reaches at most 75% Privacy Progress in the first round — further remixes bring you to 100%. That is why it often takes one to two rounds.

Network privacy

Wasabi uses BIP-158 block filters: the client checks locally whether a filter matches one of its addresses, and only downloads the full block on a match — over a fresh Tor identity. No server learns which addresses belong to you. In the coinjoin itself, each input gets its own Tor identity (internally “Alice”), outputs run over separate identities (“Bob”) that cannot be linked to Alice. Even the coordinator cannot connect input and output.

Small extras worth knowing

Discreet Mode hides all amounts in the interface. Multi-Share Backup splits the backup into multiple 20-word sets instead of a single 12-word seed. Taproot is fully integrated: some outputs are already Taproot, receive addresses can be generated in both formats.

The defaults are deliberately simple — but every one of these controls is there the moment you want to steer deeper.

────────────────

§Conclusion

From the first terminal line to the ring showing 100% Privacy Progress, this was an entirely self-determined process: own hardware, own keys, own verification, own launcher button. No service provider holding my coins. No account that can be frozen. Just software I verified, and a paper backup only I know.

That is the core: CoinJoin gives back the cash-like privacy and fungibility that the public ledger takes from you — along with the responsibility not to squander it immediately through careless handling. Privacy is not hiding. It is the prerequisite for genuine financial sovereignty.

────────────────

[Further Reading] Full article (DE): https://alien-investor.org/coinjoin-tails-praxis.html CoinJoin — the concept: https://alien-investor.org/coinjoin-fungibilitaet.html Wasabi on Tails setup guide: https://alien-investor.org/wasabi-tails-anleitung.html

────────────────

📖 GrapheneOS: Android in the Age of Surveillance — Setup, Apps & Digital Sovereignty. The complete handbook for your Google-free Android. DRM-free. 👉 https://alien-investor.org/buecher.html · also on Amazon KDP

🔧 Alien Phone Service — GrapheneOS professionally installed and configured, delivered to your door. No flashing required. Bitcoin or Fiat. 👉 https://alien-investor.org/en/grapheneos-flash-service.html

🛡️ Privacy & Mail — Email, VPN, Cloud without Big Tech. I use Proton. 👉 https://alien-investor.org/proton

₿ Bitcoin in self-custody — Hardware wallet instead of exchange account. Code ALIENINVESTOR = 5% discount on the BitBox. 👉 https://alien-investor.org/bitbox

₿ Bitcoin DCA (Europe) — Bitcoin-only, no shitcoin noise. Code ALIENINVESTOR = permanent −0.2% fee reduction. 👉 https://alien-investor.org/21bitcoin

Disclaimer: Some links are affiliate links. Using them supports this channel at no extra cost to you.

────────────────

Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at alien-investor.org 👽