For a while nobody does, which is exactly how the bet feels safe right up until it isn't. "Nobody checked yet" is not a privacy model, and the odds get worse every year as chain analysis grows up. The gap between what people think a public chain hides and what it actually hides is wide enough to fall into.

**What is actually on the record**

Every input, output, value, timestamp and address relationship, written permanently to a globally replicated ledger. Not one server, not a database a judge can seal in a drawer. Every full node, in perpetuity. Your address is not your name, sure, but a name is the least useful thing an analyst needs. An address is a node in a graph, and a public chain hands the graph thousands of edges for free.

**How they read the graph**

This is sold as a product, with a sales team. Co-spend clustering: two addresses feeding one transaction probably share an owner. Timing correlation: a deposit and a withdrawal seconds apart are probably the same person, fresh addresses or not. Exchange peeling: a venue's analytics partner flags deposits on pattern alone, regardless of what you typed at sign-up. Dusting: a tiny send to your wallet purely to follow it home. None of this is speculative. Gwern walked a careful pseudonym back through graph analysis in 2013, before the institutional tooling even existed. Today's tools are a generation past that. Vitalik Buterin has said the quiet part out loud: the default state of a public chain is not pseudonymous, it is fully transparent with a thin name sticker on top.

**The withdrawal problem**

The usual point of collapse is a KYC exchange withdrawal. You verify, you withdraw to a wallet, that wallet gets labelled. Every output it ever touches is now tied to a verified identity. The KYC moment does not stay politely at the exchange. It packs a bag and travels with the funds.

**What actually changes the picture**

Monero and Zcash shielded change this at the protocol level, not by promising to be careful. Monero hides sender, receiver and amount by default: ring signatures blend each spend with decoys, stealth addresses keep the recipient off-chain, RingCT conceals amounts. FCMP++ (testnet live, mainnet pending) will widen the set toward the whole chain. Zcash shielded uses zk-SNARKs: a transfer proves it is valid without revealing which note, who, or how much. The anonymity set is every note in the pool, not a small decoy ring.

**Where this doesn't protect you**

Private Mode routes through Monero or Zcash shielded as the middle leg. The link between your source and destination is reduced at the protocol level. Meaningful, not magic. If your deposit came from a KYC withdrawal, that wallet is already labelled, and the shielded middle does not scrub the sticker off the input. Timing correlation at the edges still applies. The one-time deposit address closes one clustering point, not all of them.

**Our take**

Privacy on a public chain is not a yes or no, it is a dial of linkability. A fresh wallet with no exchange history beats a labelled one, and is still nowhere near private. The right question is not "am I private?" but "what am I reducing, against whom, and is that enough for me?" Husher routes Private Mode through the protocols that actually move the dial, and tells you precisely what they do and do not do. The analysis firms keep getting better. The architecture has to keep earning it. So far it does.

husher.io