The No-KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary → Stack: Domain → VPS → Payments
A private web presence is a chain. If one link leaks, the stack leaks. Registrars know the domain owner, hosts know the server IP, and payment processors know who paid. This guide closes those gaps with no-KYC services in stronger jurisdictions.
Key points
- Njalla registers domains in their own name (Sweden) - your identity never appears in WHOIS. Pay with Monero for zero payment trail.
- FlokiNET (Iceland/Romania) and 1984 Hosting (Iceland) are the strongest offshore VPS options - both outside US/UK jurisdiction, both accept crypto.
- SSH into your VPS over TorThe Tor network uses onion routing to obscure IP addresses and browsing paths by relaying traffic through multiple volunteer-run nodes.Glossary → to prevent your home IP from appearing in provider access logs.
Why Every Layer Matters
If your registrar or host sits in the US, one court order can expose your identity and payment history. Hosting in Iceland raises that bar. Paying with Monero removes the payment record.
This stack will not stop a state-level adversary. It does cut routine data requests, broker harvesting, and basic provider disclosure.
Step 1 - Anonymous Domain Registration
Register through Njalla
Njalla (see provider page) uses a unique model: they register the domain in their own name, then grant you full control via a service agreement. Your name never appears in WHOIS. Even if a registrar is compelled to produce WHOIS records, those records point to Njalla - a Swedish company governed by EU law.
Njalla accepts XMR, BTC, ETH, and a handful of other coins. Pay with XMR and there is no fiat trail. Create a Njalla account using a ProtonMail or SimpleLogin alias - never your real email. Use Tor or a trusted VPNA virtual private network encrypts traffic between your device and a provider-run server, hiding activity from local networks while shifting trust to the VPN operator.Glossary → when signing up.
Alternatives: 1984 Hosting also sells domains with crypto payments, and NameSilo accepts privacy protection + crypto, though WHOIS privacyA domain registration feature that masks or proxies the registrant’s contact details in public WHOIS records to reduce direct exposure.Glossary → there is a bolt-on rather than structural. Njalla's structural approach is stronger.
Step 2 - Offshore VPS
Choose an offshore hosting provider
Iceland remains the strongest hosting jurisdiction in this list. It has strong press protections and no direct match for the old EU data-retention regime. Romania is a solid fallback outside the core Five Eyes bloc.
1984 Hosting - Based in Reykjavik, Iceland. Named after the Orwell novel on purpose. Accepts BTC and various altcoins. Shared hosting, VPS, and dedicated options. Transparent about their privacy stance. IMHO the most credible option for straightforward hosting needs.
FlokiNET - Operates in both Iceland and Romania. Accepts XMR. More infrastructure options than 1984 Hosting (colocation, bare metal). Known for hosting Tor exit nodes and privacy-focused projects without complaint.
NiceVPS - Smaller provider, accepts XMR. Good for low-traffic projects that need basic VPS functionality without a paper trail. Fewer datacenter options than FlokiNET.
Step 3 - Pay Anonymously
Use XMR, ZEC shielded, or CoinJoined BTC
Monero (XMR) is the strongest option. Ring signatures, stealth addresses, and RingCT make every transaction opaque by default. There is no "transparent mode" to accidentally use. Get XMR via a no-KYC P2P exchange (Bisq, or a swap from BTC via Trocador/Godex) and pay directly.
Zcash (ZEC) shielded is a valid second choice. Shielded ZEC transactions use zk-SNARKs and are cryptographically private. The caveat: you must explicitly use z-addresses (shielded). Many wallets default to transparent addresses - double-check.
CoinJoined BTC is a last resort. BTC is transparent by default. If the provider doesn't accept XMR, run your BTC through Wasabi Wallet's CoinJoin first, wait for sufficient anonymity setThe group of possible users or transactions that could plausibly match an observed action. Larger anonymity sets generally mean stronger privacy.Glossary →, then pay from a fresh output address. Never pay from an exchange withdrawal address directly.
Step 4 - Connect It All
DNS → VPS → TLS
Once your VPS is provisioned and your domain is registered at Njalla:
- Log into Njalla's DNS manager and set an
Arecord pointing your domain to your VPS IP address. - SSH into your VPS. Install your web server -
nginxorcaddy. - For TLS with Let's Encrypt:
sudo certbot --nginx -d yourdomain.tld(or Caddy handles this automatically with its built-in ACME client). - Test DNS propagation with
dig yourdomain.tld +short. - Set up a firewall:
ufw allow 22,80,443/tcp && ufw enable.
Caddy is recommended for solo operators - zero-config HTTPS, automatic cert renewal, simpler config than nginx. The Caddyfile for a basic site is two lines.
Operational Security
The stack above handles infrastructure. Operational security covers everything else.
- Separate device: manage this infrastructure from a device not used for personal browsing. A cheap used laptop running Tails or a dedicated Linux install is sufficient.
- Separate email aliases: use a different SimpleLogin or AnonAddy alias for every provider. If one service is breached, attackers cannot correlate accounts.
- No SMS recovery: avoid any account that requires a phone number. Use TOTP (Aegis on Android, Raivo on iOS) for 2FA.
- SSH key auth only: disable password SSH on your VPS immediately.
PasswordAuthentication noin/etc/ssh/sshd_config. - Access via Tor or VPN: connect to your VPS admin panel and SSH from behind Tor or a no-log VPN to prevent your home IP being logged in the VPS access logs.
- Don't reuse usernames: a consistent handle across your private infrastructure and public profiles is a correlation attack waiting to happen.
⚠ Your VPS IP is public by nature - anyone who resolves your domain will see it. If you need to hide the server IP (e.g., to protect against DDoS or physical datacenter pressure), consider routing through Cloudflare in proxy mode, or host a Tor hidden service (.onion) alongside the clearnet site.
Provider Comparison
| Provider | Jurisdiction | Accepts XMR | No-ID signup | Best for |
|---|---|---|---|---|
| 1984 Hosting | Iceland | BTC (no XMR) | Yes | Shared + VPS, strong values |
| FlokiNET | Iceland / Romania | Yes | Yes | Bare metal, Tor-friendly |
| NiceVPS | Varies | Yes | Yes | Low-traffic, minimal footprint |
| Njalla | Sweden (EU) | Yes | Yes | Domain registration + basic VPS |
✓ The minimum viable private stack: Njalla domain (XMR payment) + FlokiNET VPS (XMR payment) + Caddy for TLS + SSH over Tor. Everything else is refinement.
Information is provided for educational purposes. Always verify provider terms. Not financial advice. Affiliate disclosure.
Follow the Money
Domain registrars harvest WHOIS data and comply with law enforcement subpoenas by default. ICANN-accredited registrars log registrant identity and provide it on request - Njalla's model of registering in their own name exists precisely to break this chain.
- Domain registration
- ICANN registrar (GoDaddy, Namecheap) stores your name, address, email, and phone at registration.
- WHOIS database
- Public record or thin escrow model - data is queryable by anyone, including data brokers and law enforcement.
- Law enforcement subpoena
- No warrant required in the US. Registrars comply automatically and log the request.
- Njalla alternative
- Registers the domain in their own name (Sweden). XMR accepted. Your identity never appears in WHOIS.
Frequently Asked Questions
How do I register a domain anonymously?
Njalla registers the domain in their own name under a Swedish entity, then grants you full control via a service agreement. Your name never appears in WHOIS. Pay with Monero for no fiat trail. Sign up using a ProtonMail or SimpleLogin alias over Tor. This structural approach is stronger than bolt-on WHOIS privacy services that simply mask your data but still hold it.
What is the best privacy-friendly VPS hosting provider?
FlokiNET (Iceland/Romania, accepts Monero) and 1984 Hosting (Reykjavik, Iceland, accepts BTC) are the top choices. Iceland has no data retention law equivalent to the EU's former Data Retention Directive and a strong track record of protecting users from foreign data requests. FlokiNET also accepts XMR, making the payment trail non-existent.
Why use Monero instead of Bitcoin to pay for hosting?
Bitcoin transactions are publicly visible on-chain. If you pay for hosting with Bitcoin from an exchange that knows your identity, that payment is traceable and linkable to your infrastructure. Monero uses ring signatures and stealth addresses that make transactions opaque by default - there is no payment record to subpoena.
Does running a website in Iceland protect me legally?
Iceland applies Icelandic law to servers within its jurisdiction, raising the bar for compelled disclosure compared to US or UK hosting. It is not zero-risk - foreign court orders can still reach Icelandic providers via international legal mechanisms - but the combination of stronger data protection laws, no US/UK jurisdiction, and providers with a stated privacy stance significantly reduces routine surveillance exposure.
What is the minimum viable private hosting stack?
Njalla domain (paid with Monero) + FlokiNET VPS (paid with Monero) + Caddy web server (automatic TLS) + SSH access over Tor. This covers the three key identity leaks: domain registration records, hosting payment records, and admin IP logs. Additional hardening: separate email aliases per provider, TOTP-only 2FA, no password SSH.