“Bitcoin exists to remove intermediaries from the movement of money online. Without privacy, if someone can see how money is moving, they don't like someone you paid, they can discriminate based on that.” — Dan Gould

Dan Gould builds PayJoin, the privacy protocol that breaks Bitcoin surveillance while cutting transaction fees up to 25%. Satoshi flagged Bitcoin's privacy problem in the white paper—PayJoin solves it without mixing, turning surveillance assumptions into dead ends. When privacy becomes an economic benefit rather than a cost, adoption follows.

Episode Summary

Dan Gould reveals how PayJoin breaks the core assumption that chain surveillance companies use to track Bitcoin users across the network. By allowing both sender and receiver to contribute inputs to a transaction, PayJoin shatters the multi-input heuristic—the dragnet surveillance tool that assumes all inputs come from the same person. This isn't just privacy theater: PayJoin delivers up to 25% fee savings while protecting financial activity from arbitrary discrimination. Gould explains why Bitcoin's Fourth Amendment moment hasn't arrived yet, how interactive batching supercharges both privacy and efficiency, and why merchant adoption creates network-wide privacy improvements even for users who aren't running PayJoin. The protocol requires no trust in third parties, no heavy dependencies like Tor, and works asynchronously so participants don't need to be online simultaneously. With integrations rolling out across wallets and exchanges, PayJoin shifts privacy from an expensive add-on to a default cost reduction. Privacy, cost savings, censorship resistance—or you can keep broadcasting your transaction history to chain surveillance firms.

About the Guest

Dan Gould is maintainer of PayJoin Dev Kit, a privacy-focused Bitcoin development toolkit supported by OpenSats and Spiral. He launched PayJoin Foundation with eight independent contributors and a volunteer board to eliminate the server requirement that blocked widespread adoption of privacy-preserving Bitcoin transactions. Gould's work on serverless PayJoin (BIP 77) enables asynchronous transaction coordination through encrypted messages, removing the barrier that prevented mobile wallets and merchants from implementing the protocol. His approach treats privacy as infrastructure rather than luxury—breaking surveillance heuristics while reducing fees makes adoption inevitable rather than aspirational.

Social Links:

• X/Twitter: https://twitter.com/bitgould
• GitHub: https://github.com/DanGould
• Website: https://bitgould.com
• Substack: Privacy sans Mixing
• Email: [email protected]

Key Quotes

• “Bitcoin exists to remove intermediaries from the movement of money online. Without privacy, if someone can see how money is moving, they don't like someone you paid, they can discriminate based on that.” — Dan Gould
• “Satoshi said all the inputs necessarily come from the same person. That assumption—the multi-input heuristic—is used to dragnet surveil everyone on Bitcoin. PayJoin is the simplest way to break that privacy problem.” — Dan Gould
• “Where else do you get to increase or improve privacy and pay less for it? Anytime you're using a custodian, assuming you trust that custodian completely with your privacy, you are getting fee scaling benefits. But the problem is you have to trust that custodian.” — Dan Gould

Key Takeaways

• Surveillance companies exploit the multi-input heuristic: Chain analysis firms assume all inputs in a Bitcoin transaction come from the same person—PayJoin breaks this assumption by letting sender and receiver both contribute inputs, rendering surveillance attempts unreliable across the entire network.
• Privacy delivers economic benefit, not cost: PayJoin reduces transaction fees up to 25% through interactive batching and cross-input signature aggregation while simultaneously protecting financial activity—making privacy adoption a cost-saving measure rather than an expensive trade-off.
• Asynchronous coordination eliminates server requirements: Serverless PayJoin uses encrypted mailbox messages allowing participants to transact without being online simultaneously, removing the infrastructure barrier that prevented merchant and mobile wallet adoption.
• Network-wide privacy improves even for non-users: When PayJoin transactions look identical to standard transactions, surveillance firms can't safely apply their heuristics—meaning increased adoption creates privacy improvements for all Bitcoin users regardless of individual PayJoin use.

Timestamps

[00:00] Why PayJoin works like HTTPS—making surveillance unreliable across the network

[02:11] PayJoin Foundation launch: Eight contributors building privacy infrastructure

[04:30] How exchanges batch withdrawals to reduce fees without sacrificing privacy

[08:32] Bitcoin's Fourth Amendment gap—why digital cash has less protection than physical

[14:42] Breaking the multi-input heuristic that enables dragnet Bitcoin surveillance

[20:15] Interactive batching supercharges Bitcoin transactions with privacy and cost savings

[27:45] Why merchants get fee benefits while improving customer privacy

[35:20] Cross-input signature aggregation delivers 25% fee reduction with privacy

[42:18] Serverless PayJoin removes infrastructure barriers through encrypted mailboxes

[48:30] Lightning integration: PayJoin for channel opening and splicing

[52:26] Essential privacy hygiene for self-custody Bitcoin users

[54:27] How developers integrate PayJoin into wallets and e-commerce platforms

[56:17] Six-month roadmap: Production integrations and multi-party PayJoin advances

Resources & Links

Projects & Organizations:

• PayJoin.org - Protocol documentation and education
• PayJoin Dev Kit - Developer toolkit with Rust, Python, Kotlin, Swift, and WebAssembly bindings
• PayJoin Foundation - Nonprofit coordinating development and adoption
• OpenSats - Funding source for PayJoin development
• Spiral - Additional development funding

Referenced Technologies:

• BIP 77 (Async PayJoin) - Serverless payjoin specification
• BIP 78 - Original payjoin protocol
• HPKE (Hybrid Public Key Encryption) - Encryption without Tor dependencies
• Cross-Input Signature Aggregation - Fee reduction through signature compression

Mentioned Organizations & Projects:

• BTCPay Server - Early PayJoin implementation
• Bull Bitcoin - First mobile wallet with integrated PayJoin send/receive
• Cake Wallet - Recent PayJoin V2 integration
• Liana - Wallet with time-locked recovery exploring PayJoin integration
• Bolts Exchange - Integration proof of concept from MIT Bitcoin Expo

Podcast:

• Subscribe: https://podcast.trustrevolution.co
• Music: More Ghost Than Man