Never give the same Monero address to two different people. If Alice and Bob both know your address, they can correlate that they're paying the same person. Use your wallet's "New Subaddress" feature for each contact, each merchant, each platform.
Your main address (starting with 4) should be private. If you need a donation address on a website or forum, create a dedicated subaddress. If that address gets compromised, you can stop using it without affecting your other subaddresses.
Write your 25-word seed phrase on paper. Never store it digitally — not in a text file, not in a password manager, not in a photo, not in the cloud. If someone gets your seed, they have all your XMR. If you lose your seed, you lose all your XMR.
When you use a remote node, the node operator sees your IP and which transactions you broadcast. They can't see amounts or recipients, but they know you sent something. Run your own full node to eliminate this leak entirely. Even a pruned node on a Raspberry Pi is better than a remote node.
Without Tor, your ISP sees you connecting to Monero nodes. They can't see transaction details, but they know you use Monero. Feather Wallet has built-in Tor. For maximum privacy, use Tails or Whonix (all traffic through Tor).
RingCT hides amounts on-chain. But if you tell someone "I sent you exactly 1.23456 XMR at 3:15 PM," they could narrow down which transaction is yours. Share only what's necessary: "I sent the payment, here's the tx proof."
If you receive XMR and immediately send it elsewhere, timing analysis could link the two transactions. Wait at least 30-60 minutes (ideally hours) between receiving and spending. The more time passes, the more other transactions create noise.
If you buy XMR on a KYC exchange and immediately send it to a darknet market, the exchange knows your identity and the timing of your withdrawal. Intermediate wallets, time delays, and subaddresses add separation. Better: buy without KYC in the first place.
Separate your savings, daily spending, and trading wallets. If one wallet's privacy is compromised, the others remain isolated. Different seed phrases, different purposes.
Each update may include privacy improvements (ring size increases, new features, bug fixes). Use the latest version of your wallet. Download from official sources only and verify GPG signatures.
Telling people how much XMR you own makes you a target for social engineering, phishing, or physical theft ($5 wrench attack). Nobody needs to know your balance. Privacy starts with what you don't say.
Dandelion++ routes your transaction through a random chain of nodes before broadcasting. This prevents the first node from learning your IP. It's enabled by default in modern Monero software — just make sure you're running an up-to-date node.
Clipboard malware can replace Monero addresses. Always double-check the first and last characters of any address before sending. When receiving, share your address via encrypted channels (Signal, Session, encrypted email).
A view key lets you monitor incoming transactions without having spending capability. Use a view-only wallet on your daily device and keep your full wallet on a secure machine. If your daily device is compromised, your funds are still safe.
Churning means sending XMR to yourself (a fresh subaddress in the same wallet). Each churn adds another layer of ring signatures. For large amounts received from a known source, 1-2 churns with time delays significantly increases privacy. Not strictly necessary for most users.
Monero gives you the tools. These 15 rules help you use them correctly. The biggest threat to your privacy isn't blockchain analysis — it's human error. Metadata leaks, timing correlation, and social engineering are how privacy fails in practice.
Trade XMR privately. Cash by Mail EU-wide, Face-to-Face SW Germany. 683 trades, 454 partners, 100% feedback. Contact me on Telegram.