Allen N.
In this KYCnot.me review, we analyze how the platform works, what kind of no-KYC crypto services it lists, and whether it is a reliable resource for privacy-focused users.
Important framing: KYCnot.me is not an exchange, aggregator, or swap service. It processes no transactions, holds no funds, and has no commercial relationship with any listed service. It is a free, open-source reference directory — a map of the no-KYC crypto landscape. This review evaluates it on those terms, not against swap platforms.
What Is KYCnot.me and Who Built It?
KYCnot.me is a free, open-source directory that catalogues cryptocurrency exchanges, wallets, VPNs, hosting providers, and other services that do not require identity verification (KYC). It was built and is maintained primarily by a single developer going by the handle pluja on GitHub, where the project’s source code is publicly available.
The project started as a simple list, went through a period of downtime, and was fully rewritten and relaunched with an automated scoring system, AI-powered ToS analysis, and a community review layer. The most recent major update launched in May 2025. The platform has no commercial relationship with any listed service — it does not accept payment for listings, does not run advertising, and does not profit from traffic referrals.
The philosophical foundation is stated plainly in the About page: KYC is, in the site’s framing, a tool that harms ordinary users while doing little to stop actual financial crime. Chainalysis data from 2023 is cited — only 0.34% of crypto transaction volume that year was attributable to criminal activity. The argument is not that crime doesn’t exist, but that the compliance burden falls almost entirely on legitimate users who have no alternative mechanism to protect their privacy. The site was built to help those users find alternatives.
This ideological clarity is both a strength and a limitation. It means the directory is genuinely useful and maintained with consistent intent. It also means it operates as a one-person passion project with the resource constraints that implies.
The Privacy & Trust Scoring System
Each service listed on KYCnot.me receives two scores on a scale of 0 to 10: a Privacy score and a Trust score. These are calculated automatically based on a set of declared properties for each service — a transparent, rule-based methodology rather than a subjective editorial judgement.
| Property | Score Type | What It Signals |
|---|---|---|
| KYC Level (0–3) | Both | 0 = KYC explicitly promised never; 3 = KYC required. The single most weighted factor. |
| No-log policy | Privacy | Service states it does not collect or retain usage logs. |
| Tor / I2P access | Privacy | Service accessible over anonymous networks — limits IP exposure. |
| No account required | Privacy | Users can transact without creating a persistent identity on the platform. |
| Monero acceptance | Privacy | Service accepts Monero, the privacy standard in the KYCnot.me community. |
| Open source code | Trust | Source code is publicly auditable — reduces information asymmetry. |
| No JavaScript required | Privacy | Interface works without JS — reduces tracking and attack surface. |
| Listing status | Trust | Whether the service has been verified by the team or is community-contributed only. |
The resulting scores are not perfect — a service can score high on Privacy because it ticks the right technical boxes while still having a troubled operational history that the scoring model does not capture. But the scores are honest about what they measure, and the property breakdown is shown per service so users can see exactly why a score is what it is. This transparency is the system’s greatest strength: it is not a black box.
KYCnot.me
One practical insight: Privacy scores and Trust scores often diverge significantly. A service may score 9/10 on Privacy (Tor access, no accounts, no logs) but only 5/10 on Trust (closed source, not independently verified, newer operator). Reading both scores together provides a more useful picture than either alone.
Listing Statuses — What Each Label Means
Every service on KYCnot.me carries a listing status that indicates how thoroughly it has been reviewed by the team. This is arguably more important than the score itself — a high-scoring community-contributed listing is less reliable than a lower-scoring verified one.
Verified
Thoroughly tested and confirmed by the KYCnot.me team. Not a guarantee of future behaviour, but the strongest endorsement available on the directory.
Checked
Everything reviewed at first glance appears correct, but not been independently tested by the team. Most established services fall in this category.
Community
Submitted by a community member and not yet reviewed by the team. Visible only via direct link — does not appear in search results. Treat with extra caution.
Defunct
Service has shut down, been acquired, or is no longer operating. Kept in the directory for historical reference. Do not transact.
Delisted
Previously listed and subsequently removed — typically following documented KYC violations or a pattern of harmful behaviour reported by community members.
Affiliated
A team member or representative of the service has registered on KYCnot.me. Allows the service to respond to reviews. Does not affect scoring.
The delisting mechanism is meaningful: services that have their terms of service reviewed and found to contradict their no-KYC claims — or that accumulate community-flagged reports of KYC enforcement — can be removed. The Intercambio case documented in the community reviews illustrates this in action: a user flagged that a similarly-named service was demanding KYC on large Monero swaps, and the distinction between the two services was publicly clarified and documented.
What Categories of Services Are Listed?
KYCnot.me covers a substantially broader range than any exchange aggregator. The directory is a comprehensive map of the no-KYC ecosystem, not just a swap comparison tool.
Instant Exchanges, P2P Exchanges, DEX / Atomic Swaps, VPN Services, Wallets, Hosting / Infrastructure, Prepaid & Gift Cards, Other (SIMs, email, misc.)
This breadth is what makes KYCnot.me genuinely useful beyond exchange comparison. A user who wants to protect their financial privacy end-to-end — exchange without KYC, host their node anonymously, access the internet through a VPN that accepts Monero, communicate via an email alias — can source all of those tools from a single, consistently scored reference. No other directory covers this combination with the same analytical rigour.
AI-Powered Terms of Service Analysis
One of the most practically useful features added in the May 2025 update is automated ToS review. For each listed service, KYCnot.me’s system reads the current Terms of Service and generates a structured summary covering: what the service explicitly promises about KYC, what data it retains, what circumstances allow it to freeze funds or suspend accounts, and any clauses that materially contradict its no-KYC positioning.
The output is displayed directly on each service’s listing page, labelled with the date the ToS was reviewed and a disclaimer that AI summaries should be treated as a reference, not a guarantee. This is an honest framing: automated ToS analysis can miss nuance, misinterpret legalese, or fail to flag subtle carve-outs. But it provides a baseline that most users would not generate on their own — and it catches obvious red flags that pure score-based evaluation would miss.
The practical implication is real. A service can display a KYC level of 0 (no KYC ever) on the basis of its public-facing claims while burying an AML compliance clause in its terms that functionally enables KYC under specific conditions. The ToS analysis is designed to surface exactly this kind of gap. How consistently it catches it in practice depends on the quality of the AI parsing and the update frequency of reviews — both of which are resource-constrained for a solo-maintained project.
ToS analysis timestamps are visible per service. Before relying on a service’s no-KYC claim for a significant transaction, check the review date — a ToS reviewed 18 months ago may not reflect current policy. Services update their terms with little fanfare, and the gap between review cycles is a real limitation.
Community Reviews and Comment Moderation
Each service listing supports user reviews (1–5 stars with text) and comments. The review system has two distinct mechanisms: standard comments visible to all readers, and flagged comments that specifically report KYC enforcement or blocked funds — a more serious category that is surfaced more prominently and triggers admin review.
Moderation works in two stages: an AI checks each submission first. If nothing is flagged, the comment publishes immediately. If something appears unusual, it is held for human review. This hybrid approach allows the community layer to stay reasonably responsive without requiring constant manual oversight from a one-person team.
Users can also attach an order ID or transaction proof to a review — visible only to admins — which provides a verification mechanism for particularly serious allegations. This is a meaningful anti-abuse feature: it raises the cost of fake negative reviews aimed at damaging a competitor.
The limitation is volume and depth. Community review counts on most services are modest — typically in the single digits to low double digits. For exchanges that process thousands of transactions monthly, a dozen reviews is a thin statistical base. The quality of the review dataset is meaningfully lower than what a dedicated review platform accumulates over years. This is not a criticism of KYCnot.me specifically — it reflects the reality that the no-KYC community, though growing, is a niche audience.
KYCnot.me’s Own Privacy Architecture
Appropriately, KYCnot.me applies its own scoring criteria to its own infrastructure. The platform requires no account to use, collects no personal data, operates without JavaScript, and provides a Tor onion address. Communication with the team is available via SimpleX — an end-to-end encrypted messaging protocol with no phone number requirement — rather than email, where server-side metadata is harder to control.
The source code is publicly available on GitHub, meaning the platform’s own architecture can be independently reviewed. This open-source status is not common for web directories and meaningfully distinguishes KYCnot.me from comparable resources. It also allows the community to identify and report discrepancies between stated functionality and actual implementation — a form of distributed accountability that closed-source platforms cannot offer.
The one significant privacy tension surfaced in 2025 was the DDoS incident. Under a sustained attack peaking at over 15 billion requests in four days, the team was forced to enable Cloudflare protection temporarily — a move that reintroduced the risk of Cloudflare logging user IP addresses. The team publicly acknowledged this tradeoff and stated they were working to remove Cloudflare as soon as server-level mitigations could handle the traffic. For a platform whose audience specifically avoids mainstream surveillance infrastructure, even a temporary Cloudflare dependency is a notable concern worth flagging.
Reliability — The DDoS Incident and Open-Source Constraints
KYCnot.me’s reliability profile is shaped by the reality of what it is: a free, open-source project maintained primarily by one developer. In August 2025, the platform came under a sustained DDoS attack that peaked at over 15 billion requests across four days. The site experienced downtime, required Cloudflare mitigation, and the team publicly documented the incident and response on the platform’s X account.
The attack is notable beyond its immediate impact. DDoS attacks of that scale against a privacy directory are not random — they suggest an adversary with a reason to want the directory offline, which is an indirect signal of the platform’s relevance and the interests it conflicts with. That framing does not mitigate the reliability concern, but it provides context.
Beyond DDoS resilience, the solo-developer maintenance model creates a structural ceiling on how quickly the platform can update listings, review new submissions, audit ToS changes, and expand coverage. The May 2025 update introduced significant improvements, but the gap between the speed of change in the no-KYC service landscape and the speed at which one maintainer can track it is real. Some listings are reviewed months after the service’s current terms have changed. Some community-submitted services wait weeks for a team review.
The platform’s uptime history and the DDoS vulnerability are relevant for users who rely on KYCnot.me as a reference tool under time-sensitive conditions. For research and due diligence done in advance, the reliability concern is manageable. For someone actively mid-transaction trying to verify a service, an outage at the wrong moment is a real inconvenience.
Structural Limitations — What the Directory Cannot Do
KYCnot.me is a reference tool, and like any reference tool, its value depends on users understanding what it can and cannot verify.
It cannot verify operational claims in real time. A service listed as KYC level 0 based on its terms may have begun enforcing KYC selectively — for large transactions, for high-risk coins, or for users in specific jurisdictions — since the last ToS review. The Trocador FixedFloat case discussed in our Trocador review is a relevant example: FixedFloat makes commitments in its terms that its operational behaviour has contradicted. KYCnot.me’s ToS analysis can flag the terms; it cannot monitor every transaction processed by every listed service.
It cannot audit the security of listed services. A service scoring highly on the Trust dimension because it is open source and Tor-accessible may still have vulnerable code, poor key management, or centralised infrastructure that creates single points of failure. The Trust score captures governance and transparency signals, not technical security auditing.
Community reviews are a thin dataset. For the most active exchanges, a user base in the hundreds of thousands is represented by a handful of community reviews. Absence of negative reviews does not indicate absence of problems — it may indicate absence of reviews.
It does not advocate for users. Unlike even limited-intervention aggregators like Trocador, KYCnot.me has no role once you leave its pages. There is no dispute channel, no escalation path, no swap guarantee. It is a directory. What happens after you click through is entirely between you and the service.
These limitations are not failures of execution — they are inherent to the model. A free, one-person directory cannot do what a funded, operationally integrated platform can. The honest use of KYCnot.me is as a research starting point: a structured, privacy-graded shortlist from which to identify candidate services, which you then independently verify before committing to meaningful transactions.
KYCnot.me Pros & Cons
Our Verdict on KYCnot.me
KYCnot.me fills a role no other platform in this review series covers: it is the reference layer that sits above the individual services. Before you use any no-KYC exchange, aggregator, VPN, or wallet, KYCnot.me is where you go to understand the landscape — who is listed, what their stated privacy posture is, what their ToS actually says, and what the community’s experience has been.
The fact that it is open source, scores services on transparent criteria, publishes automated ToS analysis, and has no commercial incentive to favour any listed service makes it the most structurally unbiased reference tool in this category. These are not small qualities. Every other aggregator and directory in this space has some commercial relationship with the services it lists. KYCnot.me does not.
Its limitations are real but honest. A solo-maintained project cannot update as fast as the services it tracks evolve. Community review volumes are thin. The DDoS attack surfaced infrastructure fragility. And the directory, by design, offers no recourse once a user engages with a listed service. Used as a starting point for research rather than a final arbiter of safety, these limitations are manageable. Used as a substitute for independent due diligence, they are not.
👍 KYCnot.me Is Essential For:
- Anyone researching no-KYC options before choosing a service
- Users comparing Privacy and Trust across multiple exchanges
- The Monero and privacy-focused crypto community
- Building a privacy stack beyond just swapping (VPN, hosting, SIM)
- Checking ToS summaries before large transactions
👎 It Is Not A Substitute For:
- Independent verification of a service’s current terms
- Real-time operational monitoring of how services behave
- Dispute resolution or fund recovery assistance
- Security auditing of listed platforms
- A swap or exchange service itself
KYCnot.me Review — Frequently Asked Questions
What exactly is KYCnot.me?
KYCnot.me is a free, open-source directory of cryptocurrency and privacy-related services that do not require KYC identity verification. It does not process transactions, does not hold funds, and has no commercial relationship with any listed service. It lists 200+ services across categories including instant exchanges, P2P platforms, DEXs, VPNs, hosting providers, wallets, and more — each scored on Privacy (0–10) and Trust (0–10).
How are Privacy and Trust scores calculated?
Scores are calculated automatically based on a set of declared properties for each service. Privacy factors include: KYC level (most heavily weighted), no-log policy, Tor/I2P access, no account requirement, Monero acceptance, and no JavaScript requirement. Trust factors include open source code, listing status (Verified vs. community-contributed), and KYC level. Each property has a defined weight, and the breakdown is visible per service — the scoring is not a black box.
What does it mean when service is “Verified” vs. “Checked”?
A Verified listing has been thoroughly tested and confirmed by the KYCnot.me team — the strongest endorsement available on the directory. A Checked listing has been reviewed at the surface level and appears accurate, but has not been independently tested. A Community listing has been submitted by a user and not yet reviewed by the team at all — it is only visible via direct link, not in search results. For any significant transaction, prioritise Verified and Checked listings over Community submissions.
Can I suggest a service to be listed on KYCnot.me?
Yes. KYCnot.me has a service suggestion form. Submissions receive a community-contributed status and are not visible in search results until reviewed by the team. To be considered, a service must have been operating for at least 6 months. Once submitted, you receive a tracking page where you can monitor the suggestion status and communicate with moderators.
Disclaimer: This KYCnot.me review is for informational purposes only and does not constitute financial advice. Always independently verify any service before transacting. Land of Crypto may earn affiliate compensation through links on this page — this does not influence our editorial ratings or methodology.
