Privacy on Solana is less about the cryptography and more about the order you do things in. The proof system does its job automatically; the failures are almost always operational — a fresh wallet that wasn't fresh, a withdraw fired thirty seconds after a deposit, a "gas top-up" that quietly reconnected both ends. This is the one-page checklist. Each item links to the deeper write-up if you want the reasoning, but you can follow the list top to bottom and be in good shape.
If you're new to why any of this is necessary, start with /blog/what-the-blockchain-reveals-about-you and come back.
Before you deposit
- Decide what "private" you actually need. Hiding an amount and hiding a relationship are different problems. If you need the connection between sender and recipient gone, you need a shielded pool, not amount-encryption — /blog/encrypted-amounts-are-not-private explains the distinction. /learn/what-is-a-shielded-pool is the primer.
- Know what it won't fix. Read /learn/what-solmask-cannot-protect-you-from once. Network-level observation, recipient-side history, and adversaries with outside information are still on you.
- Choose an amount that resembles the crowd. An outlier amount re-identifies you even with a perfect proof. Round figures close to what others deposit are best — /blog/anonymity-sets-on-solana shows why amount bands matter as much as pool size.
When you deposit
- Deposit from your main wallet — that part is fine. Your wallet publicly shows it deposited into the pool; what stays hidden is the connection to the withdraw. Depositing is free; the full amount enters the pool (/blog/fee-model-explained, /docs/fees).
- Set a real privacy delay, not the bare minimum. The default 10 minutes is a floor, not a recommendation. The longer your deposit matures in the pool while others arrive, the larger the crowd you hide in. /blog/the-privacy-delay-explained and /learn/why-privacy-delay.
- Confirm the deposit landed before relying on it: /learn/verifying-your-deposit.
Between deposit and withdraw
- Wait. Then wait a bit more. Don't withdraw the instant your delay elapses. A deposit and a withdraw clustered in time, with no peer activity between them, correlate on timing alone — no special access required. Patience after unlock is free anonymity.
- Let pool activity accumulate. The peers who deposit after you only help if you're still in the pool when they arrive. The cost of waiting is calendar time, not effort.
When you withdraw
- Use a genuinely fresh recipient address. Zero prior history: never funded from your main wallet, never used to mint, claim, trade, or receive. This is the single most common deanonymization mistake. /learn/choosing-a-recipient-address is the most important link on this page.
- Don't fund the fresh wallet for gas. You don't need to — the relayer broadcasts and pays the network fee, so the destination needs no SOL to receive (/glossary/relayer). Topping it up from your main wallet would reconnect both ends.
- If the recipient wants a different asset, convert inside the withdraw, not in a separate swap afterward — /blog/swapping-sol-to-usdc-privately.
- Keep withdraw amounts unremarkable. Round, crowd-like figures. Split a large withdraw into rounded sub-withdraws across time if needed.
After the withdraw
- Treat the fresh wallet as single-purpose. The moment it interacts with anything tied to your public identity — an NFT buy, a known DEX position, an exchange deposit under your name — the off-chain inference can re-link it. Privacy is a pipeline; the chain is one stage.
- Don't consolidate cleaned funds back into your main wallet. Sending the withdrawn funds onward to a wallet that's already linked to you defeats the whole exercise.
- Mind the network layer. If your threat model includes someone watching your IP, use different network paths for deposit and withdraw. The relayer helps, but it's one entity (/docs/threat-model).
Use-case shortcuts
Depending on what you're doing, there's a tailored walkthrough:
- Moving SOL to a new wallet of your own → /blog/sending-sol-without-revealing-your-main-wallet
- Receiving privately to a fresh wallet → /blog/receiving-sol-privately-to-a-fresh-wallet
- Paying contractors or running payroll → /blog/private-payroll-on-solana
- Treasury and vendor payments → /blog/dao-treasury-privacy-on-solana
- Accepting donations → /blog/accepting-crypto-donations-privately
- OTC settlement → /blog/private-otc-trades-on-solana
When you're ready, start at /swap. If you'd rather learn hands-on first, the /tutorial walks the full flow with live demos.
FAQ
Q. What's the single most important item on this list? A. Use a fresh recipient address, and never fund it from a wallet linked to you. Most real-world deanonymizations are recipient-side history, not broken cryptography.
Q. Is the 10-minute default delay enough? A. For casual use, maybe. For anything you genuinely care about, choose hours or days and let your deposit mature with pool activity around it. The marginal cost is patience; the marginal gain is a bigger crowd.
Q. Do I have to hide that I deposited? A. No — the deposit is visibly from your wallet, and that's fine. The protection is that nobody can connect your deposit to the withdraw. Using a shielded pool is not itself the secret.
Q. Can I reuse one fresh wallet for several withdraws? A. Better not to. Each use adds history that links future activity together. One destination, one purpose.