This page presents a hard-audited scoring and ranking of seven P2P venues under a strict Bitcoin/FOSS/privacy-maximalist lens that prioritizes KYC-enforceability resistance, censorship resistance, and metadata minimization. All claims are linked inline to primary sources whenever possible.
Short-listed services: RoboSats, Mostro, Bisq, lnp2pBot, Peach Bitcoin, Vexl, Hodl Hodl.
KYC posture is normalized using KYCnot’s levels and per-service reviews
(definitions: “Guaranteed no KYC lvl. 0 … Shotgun KYC lvl. 3 … Mandatory KYC lvl. 4”).
KYC level definitions
Each venue is scored 0–100 on eight criteria, then combined via:
Composite = Σ (criterion_score × criterion_weight)| Criterion | Weight | Why it dominates |
|---|---|---|
| KYC Enforceability & ToS Posture | 20% | “No KYC today” is meaningless if the system can be flipped into KYC later. |
| Architectural Censorship Resistance | 18% | Protocol networks survive takedowns; single platforms die with domains, app stores, or hosts. |
| Metadata & Identity Exhaust | 15% | Phone numbers, contact graphs, email accounts, and platform logs are de-facto identity rails. |
| FOSS, Self-Hostability & Forkability | 12% | Verifiability and survivability require the ability to audit, fork, and self-host. |
| Custody & Escrow Design | 10% | Custody risk is existential, but many shortlisted tools are non-custodial by design. |
| Bitcoin-Only Purity | 10% | Altcoin/stablecoin/token rails add policy & technical attack surface and value-capture distortion. |
| Regulatory Path & Corporate Attack Surface | 8% | Visible regulated entities and jurisdictions introduce policy leverage. |
| Liquidity, Maturity & UX | 7% | Practical usability matters, but cannot outweigh surveillance and enforceability risk. |
Composite scores are weighted sums using the weights above. Criterion scores appear in the following section.
| Rank | Exchange | Composite | Quick identity posture | Primary choke points |
|---|---|---|---|---|
| #1 | RoboSats | 93.9 | Tor-only; no registration; random single-use avatars (KYCnot) | Coordinator instance(s); LN hold invoice coordination (GitHub) |
| #2 | Mostro | 93.7 | Nostr keypair identity; “does not require KYC procedures” (Docs) | Relay/operator metadata; thin liquidity (FAQ) |
| #3 | Bisq | 92.7 | No registration required (Bisq); KYC level 0 on KYCnot | Altcoin + BSQ governance token footprint (DAO) |
| #4 | lnp2pBot | 84.0 | Bot claims “No KYC, no registration” (site) | Telegram platform dependency + phone-linked accounts (KYCnot) |
| #5 | Peach Bitcoin | 76.9 | KYC-free up to CHF 1000/day per KYCnot (KYCnot) | Swiss AML perimeter & app-store distribution (FINMA) |
| #6 | Vexl | 67.9 | Phone number required (Vexl FAQ) | Contact-graph discovery + SIM metadata (Vexl blog) |
| #7 | Hodl Hodl | 66.0 | KYC level 3 (“Shotgun KYC”) on KYCnot (KYCnot) | Centralized web platform + ToS KYC hooks (KYCnot) |
Primary description: “simple, private P2P exchange for Bitcoin via Lightning,” Tor-only, KYC-free, random single-use robot avatars (KYCnot).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 100 | KYC level 0 (“Terms explicitly state KYC will never be requested”) and Tor-only posture (KYCnot). |
| Architectural Censorship Resistance | 87 | Coordinator-based per instance, but open source and self-hostable; GitHub describes LN hold invoices used to minimize custody and trust (repo). |
| Metadata & Identity Exhaust | 100 | No registration + Tor-only + per-session avatars (KYCnot). |
| Custody & Escrow Design | 90 | Uses Lightning hold invoices to reduce custody risk; described in the repo overview (GitHub). |
| FOSS / Self-Host / Fork | 95 | Active open repository (GitHub) and one-click StartOS listing (Start9). |
| Bitcoin-Only Purity | 100 | Positioned as Bitcoin P2P exchange for national currencies; no altcoin markets noted in core description (Learn). |
| Regulatory / Corporate Surface | 90 | No mandatory corporate platform required; specific coordinator operators can be targeted, but code can be redeployed (GitHub). |
| Liquidity / Maturity / UX | 80 | Widely used in privacy circles; KYCnot flags mature service attributes in events (KYCnot events). |
Mostro presents itself as a protocol (not merely an app) for exchanging Bitcoin P2P using Lightning and Nostr (Mostro FAQ). Its documentation explicitly states it “does not require KYC procedures” (Mostro docs).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 100 | Docs state “does not require KYC procedures” (Mostro docs); repo states “without custodial risk or KYC requirements” (GitHub). |
| Architectural Censorship Resistance | 95 | Protocol framing on FAQ (FAQ) and protocol spec presence (spec). |
| Metadata & Identity Exhaust | 92 | Identity is a Nostr keypair; relays can log metadata; protocol itself avoids phone/email layers (FAQ). |
| Custody & Escrow Design | 90 | Non-custodial posture emphasized in repo overview (GitHub). |
| FOSS / Self-Host / Fork | 100 | Open repo (GitHub) and StartOS packaging (mostro-startos). |
| Bitcoin-Only Purity | 100 | Protocol scope: “exchanging Bitcoin peer-to-peer using Lightning Network and Nostr” (FAQ). |
| Regulatory / Corporate Surface | 95 | Docs describe community-maintained open source project rather than a company (Support & contact). |
| Liquidity / Maturity / UX | 60 | Newer protocol footprint relative to Bisq/Hodl Hodl; practical depth depends on node adoption (supported by the project’s own “protocol” framing rather than an entrenched marketplace) (FAQ). |
Bisq describes itself as open-source desktop software enabling P2P trading; “No registration required” (bisq.network). The getting-started guide explains multisig escrow and security deposits (guide).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 100 | “No registration required” on official site (bisq.network); KYC level 0 on KYCnot (KYCnot). |
| Architectural Censorship Resistance | 100 | Peer-to-peer network accessed by software; not a website service (Bisq wiki). |
| Metadata & Identity Exhaust | 95 | No accounts + client-run node model reduces platform metadata; remaining exposure is trade rails and on-chain footprint (bisq.network). |
| Custody & Escrow Design | 97 | Getting started describes multisig escrow and security deposits (guide). |
| FOSS / Self-Host / Fork | 100 | Open-source desktop software (site) and StartOS packaging exists (bisq-startos). |
| Bitcoin-Only Purity | 50 | Bisq supports trading BTC for “alternative cryptocurrencies” (site) and has DAO governance using BSQ (DAO). |
| Regulatory / Corporate Surface | 95 | DAO/community governance rather than a centralized exchange entity (DAO). |
| Liquidity / Maturity / UX | 88 | Long-running and globally used; also highlighted as anti-KYC in industry summaries (Koinly). |
lnp2pBot’s official site states: “will never ask you for personal data. No KYC, no registration, no identity verification.” (lnp2pbot.com). KYCnot describes it as a Telegram bot for buying and selling bitcoin on Lightning without requiring KYC (KYCnot).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 100 | Site claims no personal data, no registration (lnp2pbot.com); KYC level 0 on KYCnot (KYCnot). |
| Architectural Censorship Resistance | 70 | Core interface is within Telegram; platform bans are a direct choke point (implied by “Telegram bot” classification on KYCnot: KYCnot). |
| Metadata & Identity Exhaust | 55 | Telegram account identity rails (often phone-linked) and centralized platform metadata; flagged as “Telegram bot” on KYCnot (KYCnot). |
| Custody & Escrow Design | 88 | Non-custodial escrow model described in project materials; “peer-to-peer” Lightning exchange posture (Learn). |
| FOSS / Self-Host / Fork | 100 | KYCnot lists it as open source (plus community contributions) (KYCnot). |
| Bitcoin-Only Purity | 100 | Described as buying/selling bitcoin on Lightning with local currency (Learn). |
| Regulatory / Corporate Surface | 85 | Non-KYC by design, but hard dependence on Telegram as substrate increases external pressure surface (KYCnot). |
| Liquidity / Maturity / UX | 80 | Established usage indicated by KYCnot listing metadata (published Jan 2026) and ecosystem presence (KYCnot). |
KYCnot describes Peach as a “Non-custodial P2P Bitcoin marketplace operated by Swiss-regulated Peach SARL,” facilitating anonymous BTC trades without KYC up to CHF 1000/day limits and complying with Swiss AMLA laws (KYCnot). FINMA has formal guidance referencing CHF 1000 thresholds and linked transactions within 30 days for anonymous crypto exchange safeguards (FINMA).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 80 | KYC-free up to CHF 1000/day per KYCnot, but within Swiss AMLA limits (KYCnot). |
| Architectural Censorship Resistance | 60 | Mobile app + centralized service surface (distribution via app stores implied by official guides: Peach guide). |
| Metadata & Identity Exhaust | 65 | Accounts + mobile telemetry; E2EE chat model in KYCnot review (KYCnot). |
| Custody & Escrow Design | 95 | Non-custodial model; KYCnot describes no fund custody or payment processing (KYCnot). |
| FOSS / Self-Host / Fork | 90 | Client open-source posture indicated on KYCnot (service notes + contribution links) (KYCnot). |
| Bitcoin-Only Purity | 100 | Explicitly “Buy Bitcoin … KYC-free” guides and BTC marketplace framing (Peach). |
| Regulatory / Corporate Surface | 60 | Swiss AMLA compliance described on KYCnot (KYCnot); FINMA CHF 1000 guidance suggests the direction of constraints (FINMA). |
| Liquidity / Maturity / UX | 75 | Strong mobile UX and regionally meaningful adoption implied by active official how-to guides (Peach). |
Vexl markets itself as “peer-to-peer and without KYC” (vexl.it), while also stating that a phone number is required (FAQ). The project explicitly frames phone numbers as identity in its own security/privacy article (Vexl blog).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 65 | KYCnot lists KYC level 2 with cooperation/future KYC risk (KYCnot). |
| Architectural Censorship Resistance | 60 | Mobile-only dependency; Vexl states it is intended for Android/iOS and not usable on PC (FAQ). |
| Metadata & Identity Exhaust | 45 | Phone number required (FAQ) and phone numbers framed as “part of identity” (blog). |
| Custody & Escrow Design | 85 | Non-custodial “no middlemen” posture in service descriptions (KYCnot), but no built-in escrow = counterparty risk. |
| FOSS / Self-Host / Fork | 95 | KYCnot describes it as open-source mobile app (KYCnot). |
| Bitcoin-Only Purity | 85 | BTC-centric, but KYCnot lists broader currencies/payment modes on the service card (KYCnot). |
| Regulatory / Corporate Surface | 55 | KYC level 2 implies authority-request cooperation and future KYC possibility (KYCnot). |
| Liquidity / Maturity / UX | 65 | Growing but geographically uneven; mobile-only “friends of friends” approach described on the site (vexl.it). |
Hodl Hodl describes itself as a global P2P platform that does not hold user funds, locking them in multisig escrow (FAQ). KYCnot assigns Hodl Hodl KYC level 3 (“Shotgun KYC: may request KYC and block funds based on automated triggers”) (KYCnot).
| Criterion | Score | Notes (linked) |
|---|---|---|
| KYC Enforceability & ToS | 55 | KYCnot: KYC level 3 “Shotgun KYC” (KYCnot). |
| Architectural Censorship Resistance | 58 | Centralized web platform (site) vs protocol network. |
| Metadata & Identity Exhaust | 60 | Account/web telemetry; KYCnot lists account required and private source code flags (KYCnot). |
| Custody & Escrow Design | 95 | Multisig escrow model and “doesn’t hold user’s funds” statement (FAQ). |
| FOSS / Self-Host / Fork | 70 | Not fully open like Bisq/RoboSats; KYCnot indicates “Source code is private” as an attribute (KYCnot). |
| Bitcoin-Only Purity | 70 | Primary platform markets BTC trades, but KYCnot service attributes and ecosystem history introduce purity dilution risk (KYCnot). |
| Regulatory / Corporate Surface | 55 | Centralized company surface + ToS hooks implied by KYCnot’s KYC 3 classification (KYCnot). |
| Liquidity / Maturity / UX | 90 | Long-running marketplace and clear trade flow described on site (hodlhodl.com). |