How Anonymixer Keeps Your Mix Private

The operating principle

A mixer is only as private as its weakest channel. Anonymixer treats every piece of data about a user's session as radioactive — to be handled briefly, transformed for purpose, and discarded as soon as the transaction finishes. There is no marketing department's definition of privacy here. The infrastructure is set up so that, if someone with legal authority arrived tomorrow and asked which deposit produced which withdrawal, the answer would not exist in any persistent form.

Infrastructure

Anonymixer's processing nodes write transient data only to RAM. Persistent storage holds the pool ledger and the signed receipts, and nothing else relating to user sessions. IP addresses are dropped at the edge proxy before the request ever reaches the application layer. No cookie identifies a returning user, because there is no concept of a returning user — every mix is a stateless interaction sealed by the letter of guarantee.

The letter of guarantee

Before you send a single satoshi, Anonymixer issues a digitally signed letter that records the parameters of your mix: the deposit address it generated for you, your chosen output addresses, the agreed fee, and the delay window. The signature is verifiable against the published PGP key. If a withdrawal ever fails to arrive, the letter is the document you would publish to demonstrate, against the operator's own signature, that the service committed to your transaction.

This is not a customer-service convenience. It is an accountability primitive — the only one available in a non-custodial mixer that holds no other record of the user.

Tor and the onion mirror

Anonymixer publishes a Tor onion service that mirrors the clearnet site feature for feature. There is no second-class experience for Tor users. The deposit flow does not require Javascript, the dashboard renders cleanly without it, and the address bar in your browser is the only place the onion hostname ever needs to appear. Users who prefer to combine Anonymixer with a hardened browser configuration can do so without losing functionality.

What Anonymixer cannot defend against

Honesty matters more than marketing here. A mixer cannot fix bad operational hygiene downstream. If you withdraw to an address that has previously interacted with your KYC-verified exchange account, you have re-linked your funds yourself. If you reuse a receiving address across many mixes, you have created a cluster that an analyst can later separate from background noise. If you use the same identity-bound device for both the deposit and the withdrawal flow without changing network state in between, you have undone part of the privacy gain. These are user-side concerns, and the mixing guide on this site walks through them.

Trust boundaries, named plainly

What you trust Anonymixer with

That the pool will pay out on schedule, that the published fee will be the actual fee, and that the letter of guarantee will be honored. These are the three commitments the service makes, and they are the three commitments encoded into the signed receipt.

What you do not trust Anonymixer with

Your identity, your wallet, your seed phrase, your IP address as persistent data, or any record of your withdrawal address after the mix completes. The service is structured so that these never enter a long-lived store.

Periodic audits and the public protocol

The protocol description on the How it works page is the same description used internally. There is no hidden technical addendum that contradicts the public copy. Pool depth, average fee, and average delay are surfaced in the dashboard so that anyone — user, journalist, researcher — can observe whether the published parameters match the live numbers.