Lightning: you'll need a lightning wallet for this task.
You send your funds, on-chain to the lightning wallet, then your lightning wallet uses this unspent output to create an on-chain transaction opening a lightning channel with an other node. From this point on, you can pay lightning invoices offchain using this channel. Once no more funds are left on your side of the channel, you can either leave it open or close it using an on-chain transaction. This closing transaction will distribute the funds between you and the node you had an open channel with, how much each partner gets depends on the state the offchain transactions left the channel in.
I've used zap wallet in the past, and on my mobile i use eclair. To be 100% honest, i found eclair more user-friendly than zap.
I'd urge you to use zap or eclair on the TESTnet before trying it out on the mainnet... Eclair defenately has a testnet version, there are testnet lightning nodes, and even a testnet lightning store.
Wasabi & CoinJoinWasabi is a wallet that has built-in support for coinjoining. Coinjoining is usually fine privacy and security-wise. Other options are mixing or exchanging your BTC for a privacy-centered coin, and after moving those funds around for a bit back to BTC.
Each of these methods has pro's and con's, but they depend on your point of view... If you really want the highest level of anonimity, you'll probably need more than one method.
To be honest, i've never had my deposit flagged (so far), but i've heared horror stories aswell. Apparently, some companies actually do some data mining and follow the unspent-outputs-trace several transactions deep. So, if you want to be certain your deposit won't get flagged, you might even move it around several times before spending it... I'm not an expert about this tough, somebody else might have something more usefull to say.
Using Bitcoin Core offline:yes, you can create an address while being offline. An address is a hash of a public key belonging to the private key stored in your wallet. Your address is not "registered" with a central authority. If you create a private key, you can derive a public key, and you can hash this public key to generate an address. This address exists because you created a private key, not because it was broadcasted or registered.
It is possible to create 2 exactly thesame private keys, this is called key collision... The odds of creating a key collising when using a proper RNG are incredibly, incredibly small (allmost nonexistant).
When i say: "allmost nonexistant", i actually mean "allmost nonexistant"... Not like: you have 1% chance of having a key collision in your lifetime... No, those odds are waaaaaay smaller.
I actually did the math a while back:
https://bitcointalksearch.org/topic/m.54220088The actual discussion was about generating a private key whose public key hash was a predetermined address that was funded by somebody else, and this was the end conclusion:
--snip--
Even if you want to scan only 1% (so you have a 1% chance of finding a funded address'es private key) and you own 1 million GPU's, it'll still take the lifetime of 210654149562246 suns
--snip--