Preamble

This post analyses whether private purchases at Bitcoin ATMs are possible. There are other, better methods of acquiring bitcoin privately such as P2P trading, earning and mining.

Nonetheless, ATMs have an alure because they rarely have queues, they're ubiquitous in the US, they can be visited in-between errands, are always on, etc.

Objective

The objective is to use a Bitcoin ATM to obtain a UTXO that is KYC-free, the way Satoshi intended.

The happy path for this objective is: you have inserted your cash into the ATM, scanned your wallet receieve address, and have received your KYC-free UTXO.

However, significant hurdles stand in the way of this objective:

1. You'll need to receive a Text Message (SMS) code as part of the ATM verification process.
2. The ATM has a front-facing camera and will record a) your face and possibly b) your gait and definitely c) any audio.

The first hurdle is the largest, and the bulk of the remainder of this post will unpack it.

Receiving a Text Message Anonymously

The ideal solution here is to use a service such as TextVerified with one of the supported services: Bitcoin ATM, coinflip, coinhub, LocalCoinATM, etc.

Now, for paranoid mode, we must assume that all data from the ATM can be correlated with cell tower triangulation data. This means that your specific purchase, at this specific ATM, has an anonset of the number of people associated with the cellular devices within the cell tower triangulation radius at your location. Worst case it's down to a dozen devices or so, which is quite bad from a privacy perspective.

If this is OK for you, excellent. You can proceed to the subsequent section on biometrics. If not, you'll need to try other methods to receive the Text Message anonymously. This is discussed below.

eSims

We need an anonymous eSIM on a privacy focused mobile phone. It is important that the privacy phone's EMEI is not correlated with the movement of any of your other devices in this thought experiment.

My favorite service for using an eSim is silent.link (onion site). Using Bitcoin and LN privately require some skill, but it's possible. However even once you have acquired your eSim, there are significant challenges to activating and using it privately, and strap in this is quite the rabbit hole.

To activate the eSim you have two options: activate it on your dual-sim daily driver, or activate it on a privacy phone.

Using your daily driver is going to be a bad idea. Essentially due to the aforementioned triangulation techniques, it's safe to assume that your eSim has been deanonymized. Your residential location combined with your movement in 3D coordinates is more than enough to reduce your anonset to effectively 1.

Using a Privacy Phone (Recommended)

This takes some care but is quite doable. Here are the steps you need to take:

1. Buy the phone anonymously. Do this in-person using Craig's List / FB Marketplace and cash. Alternatively buy it for cash at a mom and pop store. You can also find phones in P2P telegram groups, however shipping that device anonymously is a significant challenge. Get it delivered to a friend's house or a P. O. Box registered under a nym.
2. Keep the phone off and charge it up at home.
3. Keeping the phone off, turn off your other cellular radios (phone, smartwatch, etc) and drive to a heavily crowded area such as a starbucks or a work office
4. Flash the phone using a privacy focused OS such as GrapheneOS
5. Register the eSim
6. Put the device into flight mode again and drive to the ATM (or home if you need to split this over two days)
7. Disable all your radios again (daily driver, smart devices, privacy phone, etc) and drive to the ATM
8. At the ATM, turn on your privacy phone
9. Use the ATM - preferrably using a saved QR image of your (unique) wallet receive address
10. Turn off the privacy phone and drive home
11. Crack a beer, that was quite the mission

Avoiding Biometric Capture

Facial Recognition

Most Bitcoin ATMs have a front facing camera, but the good news is that it's the simple CCD sensor type and nothing fancy that can scan your iris through sunglasses or whatever, although you can be certain that in a few years this will be a thing. For now though, the workaround here is simple: wear your covid mask (thankfully many of them still being worn here in the US) and sunglasses.

Gait Recognition

Depending on the location of the ATM, you will want to approach it from behind or the side, never from the front since it will have recorded your gait and deanonymized you.

Voice

Avoid saying anything while you are on camera. If someone approaches you and using voice is unavoidable, consider the trade compromised and abort.

Happy Ending

If that worked for you, you are done, nice going. Friendly reminder the above was purely hypothetical.

p.s. shoutout to @denzel on Stacker News for their input to this post