> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt. These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.
So, it seems that it is prohibited for US persons to send tokens to these smart contracts, or to withdraw tokens from these smart contracts.
What about miners running in the United States? Are US-based miners also prohibited from producing blocks that include transactions that interact with these smart contracts?
And what about blocks that are produced by non-US miners, and which contain transactions that interact with these smart contracts? Might US-based miners be prohibited from validating and building upon such blocks?
Does US law effectively now mandate a fork of Ethereum so that US persons can safely interact with a blockchain that excludes all interactions with Tornado smart contracts? It seems like an extreme implication, but can the possibility be excluded?
In terms of mining transactions, the Ethereum proof of stake system will financially punish anyone who fails to attest to honest transactions, and there's no escaping that just because "sanctions". See this post for details: https://0xfoobar.substack.com/p/ethereum-proof-of-stake
I believe we'll likely see other actions taken by US companies, such as Twitter banning the Tornado Cash account, Microsoft deleting its github repositories, the registrar of its current domain name disabling it, Discord kicking it off, and so forth. Perhaps large RPC providers refusing calls involving the sanctioned addresses, though I think that's less likely.
We will also see an escalation of fiat enabled exchanges refusing to do business with users who bring assets from Tornado Cash connected accounts, however there are other developments in the pipeline that will mitigate this, and increased aggression by proponents of financial exclusion will drive adoption as they are a real pain for legitimate actors too, and also these systems are necessary to increase transaction throughput anyway. (eg. rollup protocols on Ethereum, lightning network protocols on Bitcoin)
> Twitter banning the Tornado Cash account, Microsoft deleting its github repositories, the registrar of its current domain name disabling it, Discord kicking it off, and so forth
Perfectly happy to see all the centralized support crutches kicked out from under another poster child for fake decentralization rhetoric. Let's see how they do after they have to eat that dogfood for breakfast, lunch, and dinner, not just for dessert.
What do you expect to happen? Centralized service have better ux, so it makes sense for most people to use them - but nothing about ethereum or tornado requires them. People will only use their own nodes, tor and/or ipfs if that's the only solution that works - but as long as public rpcs like infura and normal domains aren't censored there's really no reason to (for a normal user, not a dev etc).
What's important is to keep that potential open, of course.
As far as I can see, there is a big assumption in your assertion about proof of stake: that the stakeholders who want to comply with sanctions will be a minority.
Because defi exchanges are also smart contracts. Unless you have an automated system that watches all tokens coming out of tornado and then immediately modifies the the exchange smart contracts to blacklist them it’s not feasible.
I'm sure the smart contact language is powerful enough to specify that tokens from Tornado Cash will not be handled. You talk about it in terms of self-modifying code but that should not be necessary.
That tokens from "something like" Tornado should not be handled, though, seems like it would be harder to specify.
Just another tool for sweeping discretionary prosecution. Rest assured the government can get pretty much anyone on something civil rights destroying if they like.
Less than a month ago, Vitalik Buterin deposited 220 ETH into Tornado Cash.
source, 4 transactions:
100 ETH - https://etherscan.io/tx/0xd8d586ad33434be0f51c5c9d6996b1c8b208b04155683eee377849b67a0b13cd
100 ETH - https://etherscan.io/tx/0xfeb399764590a7c1ca321492b4634ceba530093d43d814aa1c5afdf3fa03b092
10 ETH - https://etherscan.io/tx/0x0f82d42f6d455f3b745be670a04d37a254d02a4b1ae35af967ed7d90de34ffdc
10 ETH - https://etherscan.io/tx/0x98c40bdde8edd84ba4c483bfca447bb3209957c1be90582d5fbf8630845df814
More generally, see https://news.sky.com/story/us-cryptocurrency-developer-jaile... ; it was inevitable that as the value involved in cryptocurrency increased, it would reach the threshold where "no you are not allowed to provide aid to enemies of the United States" became a serious consideration.
This seems like a strong signal that mixers work as intended. I don't see sanctions being effective as it's a lot easier for someone to create a new mixer than it is for the feds to investigate and sanction one. In either case it'll be entertaining to watch this unfold.
> it's a lot easier for someone to create a new mixer
A secondary effect of sanctions is indicating what the regulators do and do not consider illegal. Up until now, it was at least marginally possible to state "But I didn't know it was illegal. TornadoCash was doing the exact same thing for years and never got into trouble". After this ruling, that excuse no longer applies and that might dissuade a lot of people who might otherwise be tempted to run a mixer of their own.
Also, reputation counts for a lot when it comes to mixers. A mixer that has existed for years is probably legit, a mixer that started up yesterday is a lot more likely to be a rugpull. Even if it will come down to whack-a-mole with the Treasury sanctioning new mixers as they pop up, it might be very difficult for any individual mixer to build up enough reputation to attract significant business.
> After this ruling, that excuse no longer applies and that might dissuade a lot of people who might otherwise be tempted to run a mixer of their own.
What is interesting here, though, is that Tornado Cash doesn't run anything: they may as well not exist as an entity anymore. It also isn't a blockchain and doesn't have nodes: third parties thereby also don't run Tornado Cash.
Tornado Cash, instead, is one of many random contracts executing on Ethereum (as well as third-party Ethereum-like constructs; some/many of those are pretty damned centralized, with servers that process and store transactions, so I am gong to concentrate on Ethereum itself as it is the most interesting).
So, with the smart contract of Tornado Cash -- as Tornado Cash isn't a group of people or a company: it is just code -- having been sanctioned, if you are a miner and mine a block on Ethereum that includes a transaction that touches Tornado Cash, is that now illegal? I feel like this is how the concept of sanctions would normally play out in meat space with real people, to prevent the sanctioned services from being utilized.
If so, and I think this is where it "gets good": let's say 99% of miners care about the sanctions, and 1% don't... when you mine a block, you choose a parent for that block; arguably now, if you actively chose to accept a parent block that includes a Tornado Cash transaction, that should also be illegal (due to being sanctioned).
I can think of a few ways that more specific regulations could address this:
- It will not be legal for miners to run/"execute code on behalf of" smart contracts from the sanctioned list, which can be downloaded from the Treasury web site and is updated regularly. This is very akin to how the sanctioned people list works currently.
- The treasury will maintain a list of blockchain addresses that are known to contain tainted coins and all businesses need to verify they don't accept business when the payment comes from one of those. A little bit more tricky since you can send money from any wallet to any other one, but still this is how a lot of the current sanctions already work. You could imagine this being only applicable for companies with a banking or exchange license or something like that. Perhaps it would become a part of regular auditing done by accountancy companies.
- (Possibly the most likely depending on how much lobbying the crypto industry manages to get in) Miners don't have to do anything, but all crypto exchanges with users in the USA (in this case, I'd expect the EU and other big jurisdictions to develop similar rules over time) are forbidden from transacting with a list of addresses belonging to contracts available from the Treasury.
Options 2 and 3 are very similar, but 3 is scoped only to exchanges. Since the majority of users is not sophisticated enough to transact without exchanges, this seems like it would give the most bang for the buck for the Treasury. More sophisticated launderers could be tracked on a case-by-case basis if needed.
One thing I think is not very likely to happen is for the Treasury to say: "Oh well! Those crypto rascals outsmarted us by running their money laundering smart contracts on the Eth VM, so we guess money laundering is fine now".
I think an appropriate endgame would be an extension of #3: any regulated entity (e.g. an exchange) may not accept cryptocurrency which, anywhere in its history since the last time it came from a regulated entity, went through something sanctioned. This, of course, would mean that Monero would be right out.
In general, most of the supposed value of cryptocurrency seems to be that everyone looks the other way when parties do things that look like or are illegal but take the money anyway. Functionality, cryptocurrency is very similar to e-gold, and I see no reason it should be allowed to do the same things just because it’s somewhat decentralized.
> It will not be legal for miners to run/"execute code on behalf of" smart contracts from the sanctioned list, which can be downloaded from the Treasury web site and is updated regularly. This is very akin to how the sanctioned people list works currently.
This has come up in other contexts before, most famously the idea of using OP_RETURN to embed child pornography into the Bitcoin blockchain.
An Ethereum client must download and execute all transactions in each block in order to determine if that block is valid, and thus learn current state of the system. The client can't know if this "illegal" transaction has been executed until it actually executes it. As an operator you don't have any choice, other than simply turning everything off and "rugging" all your customers.
So let's say you're Coinbase. You have billions of dollars of other people's money, innocent people's money, in your custody. If you refuse to process blocks that contain transactions involving sanctioned entities, or that contain illegal child pornography, you destroy those billions of dollars of assets.
You're not going to make billions of dollars of assets unspendable. Not a snowball's chance in hell. You will process those blocks as the protocol requires. Doing otherwise would be as ridiculous as Google turning off its entire search engine merely because some of its automated actions technically violate laws from time to time. It would be like Intel razing a whole semiconductor fab to the ground because it learned that some of the sand used in creating some wafers was sold by a sanctioned country.
There is absolutely no way the US government is going to demand that kind of destruction of value as a matter of compliance.
If the government so desired, it could essentially seize all assets represented by the chain, establish an exchange rate, and open the window of the Federal Reserve to redeem tokens when a person provides enough identifying information to redeem their Ethereum for fiat. Essentially making everyone whole for some definition of whole to be determined. It's been done before, in fact, back when the country was fresh out of the Revolution and getting it's feet under it, and disparate currencies consolidated.
This is, in fact, exactly the kind of thing Governments tend to exist for.
This is a great example of where the law hasn't caught up to smart contracts.
We don't have a good framework in place for sanctioning contracts by address, contract itself, or by effect.
I'm expecting a push toward laws will evolve to make calling mixers illegal, but that will likely hit some 1st amendment push back. If money is speech, then is it free if it has no privacy?
> If money is speech, then is it free if it has no privacy?
I'm not a lawyer, but I don't think it follows that every financial transaction is a 1st amendment issue, just because spending money to promote a message is protected.
Anything that exists and is uniquely distinguishable from other things is an entity. I didn't mean a corporate entity or government entity, I meant an entity on the Ethereum network in the form of a smart contract.
TC mixer is different though, it’s smart contract/zero proof based. Once it’s deployed, it just continues to work. Owners can’t steal funds. If you believe that smart contract is implemented correctly, you can continue to use it.
TC utility is diminished by other fact - TC is blocked on exchange level, exchanges do not accept funds coming from TC smart contract.
On a tangent, are smart contracts automatically “open source” - as in anyone can see the source or is there a way to obfuscate what’s on the blockchain?
Smart contract’s binary code is visible to anyone once it’s deployed. (And it’s pretty simple to disassemble).
For most contracts they link actual source code to make inspection even easier - large part of trust in the system comes from the fact that contracts are inspectable.
You can obfuscate source code also--see what people do with JavaScript on websites--so the answer is "no" under any case. (In specific, though, contracts are implemented in a bytecode, so by more basic definitions of "open source" the answer is still "no".)
Just because you don't have the source code does not mean you cannot inspect what a binary does by disassembling it.
(And as any programmer will tell you, just because you have the source code available does not automatically mean you can see where it has a tricky edge case with massive security implications. The obfuscated C contests are proof of that)
Just because contracts can exist whose code you don't have doesn't mean you don't know how anything works: not only can you build something on Ethereum that is open source and with verifiable behavior, that is currently the norm and obfuscated contracts are not taken seriously.
> Up until now, it was at least marginally possible to state "But I didn't know it was illegal. TornadoCash was doing the exact same thing for years and never got into trouble".
Oh I totally get that, but...
I reasonably believe in good-faith that it hasn't been categorically proven to be illegal. The reasons for this may seem obvious to many, but just it's not for anybody else then I'll give at least one persuasive argument. Illicit activity happens through legitimate financial transactions. For example, if I trade somebody a pizza for $10, how am I to know that $10 wasn't used in a criminal activity, ever, in the total existence of those note's circulation? And further, by using cash at all, as a concept insofar that cash is not rigorously tracked while in circulation, that the whole cash money system is illegal... Cash based economies to a great extent protect the privacy of participants. Those machines that make change, I suppose that's money laundering, and I would suppose they are laundering money for someone, but also... they be making legitimate 20x quarters from a $5 bill in a coin operated business setting. The quarter change making machine is the physical analog of a crypto mixer, but it's perhaps a bad example. Because making change for the sake of privacy is an unlikely activity, albeit a reasonable legitimate (if you ask me) activity.
I honestly would love to see more court precedence set on some of these so-called "structuring" laws where somebody intentionally "structure" or "laundered" money for the honest-to-goodness sake of legitimate privacy, or even for somehow being a form of free speech, something like that... to strike away some of these absurd regulatory powers before a panel of jurors.
> I honestly would love to see more court precedence set on some of these so-called "structuring" laws where somebody intentionally "structure" or "laundered" money for the honest-to-goodness sake of legitimate privacy
There's lots of court precedent for this. Courts have overwhelmingly found that the goverment's desire to access transactional data for tax compliance outweighs any right to privacy.
Courts generally find that just because there might be legitimate reasons to do something with money that doesn't override the requirement to keep records for for tax purposes.
>A secondary effect of sanctions is indicating what the regulators do and do not consider illegal.
No, it shows the exact opposite - that mixers are legal and the government has to utilize a completely arbitrary executive power to ban particular mixers.
It’s all fun and games until you can’t transit the airspace or soil of the US or one of their allies. Sanctions need not have immediate effect, only eventual consistency.
There's a bit more to the analysis that you have to consider. Two points
1. The amount of money you can mix depends on the scale of the mixing operation
2. It's easy to build something that looks like a mixer but at some point steals the deposited money.
The feds don't have to prevent all mixers from operating. They just have to kill the biggest, most trusted players.
It might also be as simple as them seeing more cases where someone used a mixer at all that this is now on their radar.
It’s actually not easy to create a new mixer because the whole idea is that you need a fair volume of legitimate traffic. If you set one up and nobody uses it, you see no benefit. If only criminals use it, you’ve created a great lead generator for the authorities. If you’re sufficiently conspiratorial in mind, blocking the best known mixer would be a great way to drive traffic to new mixers which they secretly run.
1. They setup another project either by forking some existing code or writing their own - statistically nobody in the cryptocurrency world does real-world diligence so you’re talking, what, a web page, a few GitHub profiles and some people talking it up? That’s tiny by the standards of most national police or intelligence budgets.
2. Compromising someone’s project - want to bet someone wouldn’t agree to “accidentally” make a bug in exchange for a shorter sentence? (I’m not saying everyone who works on these are drug dealers or something but I’d bet there are a lot of cases for tax evasion threats given the ideology)
3. Mixers are critically dependent on having enough volume to meet demand but using one adds cost and persecution risk so most people don’t use them. If you knew someone like the DPRK was trying to launder a large amount of money, they’d be limited based the number of other participants – especially as news like today’s tells everyone that using a mixer means a non-trivial risk of permanently tainting the tokens you launder. If you started submitting transactions to and from your own wallets, you could make the analysis problem easier by ensuring that most of the participants are secretly known to you.
Leaving aside the liquidity problem with that statement, it's also a lot easier to insider trade than for the feds to investigate it. That's why the penalty is so high.
Eventually, they'll just KYC the whole chain to your wallet because it's much cheaper to do. If you can't prove that your chaincoins are clean, you can't convert them to usable money.
As in, deploy contract, yes. As in, have enough liquidity to both “mix” (aka launder) money and provide sufficient anonymity, no, that’s a network effect which is largely winner-take-all. The largest mixers will be the safest and most effective but then also the biggest targets. As you go down the list, they get less likely to be sanctioned but more likely to be unsafe/honeypots/ineffective.
> it's a lot easier for someone to create a new mixer than it is for the feds to investigate and sanction one
Sanctions enforcement tends to pay for itself. It's hard to create new mixers from prison or when your bank accounts keep getting frozen. (It's easy to set up a cash business and launder money. Most people don't do it. It's still a thriving industry.)
It's a question of scale. Laundering a small amount of money via a business entity that accepts cash isn't hard, but people get caught when they get greedy and start trying to launder implausible amounts.
TC clones can probably fly under the radar with a small transaction volume, but any attempt to launder large sums would get caught pretty quickly (with standard forensic accounting techniques used to trace the beneficiaries).
TornadoCash is a smart contract, so there is not really a way to enforce the sanction.
Plus, there is not really a way to tell who creates a smart contract if you cover your tracks well enough.
This sanctions stuff is smoke and mirrors for the government to try and convince themselves they are capable of doing something.
The most realistic approach is for major chains to go POS and the major validators and other important pieces of the puzzle to need a lot of resources to the point where they become businesses and are on the governments radar (and by extension they would need to comply with regulations).
But because everyone knows that is a natural consequence of POS, it is exactly why no reasonable person would be on board with a transition to it.
>other important pieces of the puzzle to need a lot of resources to the point where they become businesses and are on the governments radar (and by extension they would need to comply with regulations).
>But because everyone knows that is a natural consequence of POS, it is exactly why no reasonable person would be on board with a transition to it.
You described mining - public companies operating big industrial warehouses with miners. PoS is the opposite - it needs next to zero physical resources. No reasonable person can support PoW unless they support totalitarianism. There's no way to make PoW resistant to government interference.
Isn't mixing a thing of the past now? Most darknet sites now only use XMR which is inherently privaty focussed. So this banning will help limit the ease of hacked fund mixing, but less about purchasing on darkweb.
I can only imagine what a round table discussion with the Joint Chiefs of Staff sounds like.
"Sir, the hacker groups seem to love this thing we've only recently identified as 'FOSS.' It's surfacing to be an existential threat to our CONOPs. I'm requesting your approval to authorize immediate sanctions against the FOSS threat."
'Oh, shucks, there's no rule that says a dog can't play baseball, or that you can't use open source to do financial crime, I guess we can't sanction people who use it for money laundering!'
Laura Shin’s recent book about the old Ethereum DAO hack claims that by means of some kind of chain analysis the feds were able to point to a guilty person.
But no details have been published on the mechanics of this “de-mixing”.
Possible it has to do with sloppy change address reuse in Wasabi?
Curious to see how the crypto world will respond. They'll probably take a minute to realise that being sanctioned is unlike being indicted: if someone is indicted, they have a problem but you can technically keep doing business with them.
If an entity is sanctioned, anyone doing business with them (such as handling BTC downstream from Tornado) will face a criminal liability. You will have a problem, and a nasty one.
This should elicit a response from every one who believes in Constitutional rights and internet freedoms. It is now illegal to send transactions to a particular smart contract. Sending a transaction is an act of publishing information, so this means publishing certain information is illegal for Americans.
Moreover, the sanctions law empowers the USG to sanction people, and the entities they run, but with this measure, is being misappropriated to prohibit Americans from using neutral privacy tools that no one runs. This marks a significant expansion in the scope of discretionary power wielded by the state, without any legislation authorizing this escalation in powers.
Finally, in reaction to the sanctioning of a smart contract address, Github has now removed all code for the Tornado Cash smart contract, and banned any user who has contributed code to it, which further reinforces the argument that this measure is an assault on free speech.
> Sending a transaction is an act of publishing information, so this means publishing certain information is illegal for Americans.
Try sending money to Al Qaeda and you'll find out this not exactly a new thing.
The argument you're making is that the laws made by a democratic government should not apply to a part of the world, because it uses fancy language like "smart contract". That's an extraordinary claim.
The idea that "no-one runs" them is also bogus: every Ethereum node runs them. Having a public-access virtual machine becomes a weird legal matter once the North Koreans start using that for proliferation.
>>Try sending money to Al Qaeda and you'll find out this not exactly a new thing.
Sending money to al-Qaeda involves the intent to aid al-Qaeda. Increasing the anonymity set of cash, by using cash, or the anonymity set of tornado cash, by using tornado cash, and inadvertedly helping a select group of criminals avoid financial surveillance (among a huge number of inadvertent effects), is not in the same category of actions as acting with the intent of helping a criminal.
>>The argument you're making is that the laws made by a democratic government should not apply to a part of the world,
The argument I'm making is that the laws violate human rights, because privacy is a human right, even if the CCP or the US Treasury disagrees. Something being a law does not automatically make it just.
Moreover, there is no law prohibiting the use of privacy technology. All the privacy violating laws were designed around the reliance of people on financial intermediaries, which don't exist on a public ledger with direct write access for end-users. The current US Treasury measure is a misapplication of the sanctions laws. The law wasn't designed to allow software to be sanctioned.
>>The idea that "no-one runs" them is also bogus: every Ethereum node runs them.
We may as well act as if "no one runs it" for the purposes of deciding on the appropriate legal treatment of privacy protected transactions, since the idea of forcing every one in the world to not run some popular node software, or creating an American firewall to prevent people in the US from connecting to those nodes, is such an affront to liberal democratic principles - including the right to use strong encryption - that it's not even worth addressing.
I like how they made absolutely no attempt to clarify what it means to sanction a smart contract. So many questions...
> As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
My understanding is that it is now illegal for U.S. people to use the Tornado Cash smart contract. Given that Ethereum is pseudonymous, I'm not sure how they plan to enforce that, but I guess they could catch people who use it directly through a KYCed account (e.g. Coinbase).
> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt.
This is also not clear. Are people who use or have used Tornado Cash now designated/blocked persons? Or is the smart contract itself the "blocked person"?
If the former, how is that even possible to enforce? U.S. persons are no longer allowed to accept coins that can can be traced back to Tornado Cash usage in the past? What are they supposed to do with the "tainted" coins? Send them to the U.S. Treasury? Destroy them? Or are you supposed to ask your customers if they have used Tornado Cash in the past? What if they lie? etc.
If the latter[0], it would mean that it's illegal for U.S. persons to accept transactions originating from the Tornado Cash smart contract. But that can be bypassed trivially by going through an intermediary address before sending the ETH.
Perhaps it will make it harder to do things like pay for the tornado.cash domain name and hader to pay for hosting. In that case the website would need to move to something like IPFS, which would make it less accessible and reduce the anonymity pool.
The issue here is that essentially nobody who has used/uses Tornado Cash is technologically inept enough to not know how to use something spun up as an onion service or eepsite (would help lessen the severity of the reduced anonymity issue), if the tornado cash folks don't just use IPFS to host.
Regardless, the website is merely a GUI to make things easier and not necessary for functionality in this case... or is it somehow necessary?
It is worth noting that the Treasury clearly indicates that the concept of a mixer while inherently risky, could be fine designed such that it can't easily be used for illegal money laundering.
For example, if a smart contract mixer was designed to hold incoming funds in abeyance until the submitter contacts the operator, provides proof of identity, proof of source of funds, etc, and once everything is checked out was finally given some signed token that they can send to the mixer to release the funds from abeyance, at which point it starts getting mixed with other transactions, that might potentially be acceptable.
The checking needed is to stay on the treasuries good side is probably slow and complex (and require the operator to take a substantial fee), possibly to the point where no such mixer could get enough transaction volume to actually function, but it is in principal possible. Note this works even when the contract's design is such that the operator cannot possibly determine which output comes from which inputs.
But Tornado Cash by design cannot do anything to even attempt to prevent criminals from using it, which is why it got sanctioned.
Anything aiding privacy such as privacy coins, mixers, etc will be banned by the exchanges, authorities and other centralized entities which can detect that the coins have been through a mixer.
Given that many regulators have already banned and delisted some privacy coins from being exchanged, it is not a surprise to see Tornado.cash and other mixers also being banned by exchanges.
Wonder when they will attempt to go after the biggest mixer of all: Monero itself, I often wonder if that's the sole reason CoinBase refuses to add it to their exchange, to avoid the legal hell that would ensue.
Tornado is a straight up money laundering (specifically, layering [1]) service. Monero can be that. But it's also other things, which makes it at the very least defensible in a way someone interacting with Tornado is not.
A weakness of Ethereum is that it's difficult to obscure how much money you have, but Tornado can untraceably separate your cold wallet from your hot wallet. That's a totally legitimate use. While it's used a lot for money laundering, TC is morally agnostic, just like real cash.
This is an important use case. I suppose according to these new rules, in the long run you'll be only allowed to use the government's mixer. Which would provide some anonymity at least until the logs are hacked or the service is privatized.
I don't think it's fair to say it's exclusively used for money laundering, it surely can be used to obscure the origin of funds but I think 'money laundering' label requires that the motive be financial profit. If you just want to preserve privacy while interacting with ethereum network without financial gain, tornado is a great tool to accomplish that.
I assume by my downvotes that the sarcasm was missed.
Funnily enough, Congress already passed a mandatory kill switch law for automobile manufacturers. Supposedly for stopping drunk drivers. You already know it'll be used for any purpose the police see fit. Once they have the ability, there's no reason not to.
Generally when this happens, I assume services allowed/permitted by the fed are backdoored to the fed's advantage. Monero could be an excellent example.
It's the tech they they haven't backdoored that poses a threat to their surveillance/control model. Tech like Tornado.
Another possibility is they want to keep eyes off tech that people would go to in droves if they outright banned it. They want to avoid the Streisand effect. Part of that play is indeed making people think it's already backdoored. There is a big push to promote that narrative. Whether it's true or not, who knows!
Exactly. Monero's ringct model is easy to break statistically given some resources. Fees aren't that high. It's practical for a state to know 75+% of spent outputs by a combination of exchange info exchange and spamming. In addition there's zero output privacy (meaning honeypot->suspect->exchange creates extremely strong links when repeated).
The anonymity set is the best theoretically possible - everyone in the shielded set. It's the same for zk.money and tornado - the difference compared to tornado is that tornado has fixed amounts.
There's no possible attack to deanonymize the full zero-knowledge model beyond the utilization of always existing metadata - which needs separate solutions for every such system. In practice, zcash doesn't have that many users, so the anonymity set isn't big, but that's a separate issue to technology.
The question which one is better in practice right now is a more complex one. Even a perfect solution like zcash/zk.money is useless if (just a random number) only 3 people use it, and ringct with (again a random number) 100k separate people with roughly equal tx count would obviously win. My estimate is that tornado.cash is the most anonymous. Monero is hard to estimate because there's no way to know how many spent outputs are known to the American government and/or cooperating chain analysis companies. Is it <1%? Then it's probably second best. Is it 90%? Run away.
Last but not least monero can be deanonymized retroactively by quantum computers. Tornado, zk.money and zcash can't - they can be robbed (monero can be robbed too, obviously) but that's a much better failure mode.
Monero is not a mixer. It uses ring signatures: a transaction may have been signed by any number of signatures, there's no way to determine which key was responsible.
We will continue to aggressively pursue actions against currency mixers laundering virtual currency for criminals. Today, @USTreasury sanctioned virtual currency mixer Tornado Cash, which is a U.S.-sanctioned, DPRK state-sponsored hacking group, used by the DPRK to launder money.
You'll note that, in the first paragraph of the US Treasury announcement that this thread is about, it says:
>This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date.
There's nothing preventing one country from supporting or using a hacker group in another country.
I'm not, like, against the idea of sanctioning North Korean hacking groups. But the regulators here aren't really prepared for the crypto endgame.
I could clone Tornado.Cash's contract code in half an hour; would my new deployment also be sanctioned?
What about if Ethereum migrated to some kind of ZK-EVM and _all_ of the transactions are suddenly private and untraceable? Other chains already have some of these properties.
I dunno. I don't think I particularly want to live in a world where it's essentially impossible to regulate money. But I don't really see how to avoid it anymore.
>I could clone Tornado.Cash's contract code in half an hour; would my new deployment also be sanctioned?
You'll find yourself on the business end of a "constructive possession" or "readily convertible" style regulatory situation, the only variable is how long it takes until cases are frequent enough for the Feds to look your way. If you're American, you could run into trouble for operating an unlicensed money transmitter, accessible by individuals on the OFAC list, which as soon as OFAC became aware of going on, gets you on the list til you can prove you have process in place to not do that. Hell, they'll probably crank out a static analysis tool for smart contracts matching and or similar to what they've sanctioned, do some digging on the hits to determine if it is structurally equivalent, then on the list it goes.
We're talking OFAC here. The executive is tasked with full discretion to regulate how foreign entities interact with money transmitters operating under the jurisdiction of the United States. They don't have to prove squat. You have to prove to them you are legit.
How am I _operating_ it? I deployed a smart contract and walked away. If I don't leave myself a backdoor, there's literally nothing I can do to prevent anyone in the world from interacting with the contract.
Everyone that runs an Ethereum full node; they're the ones operating the laundering service. They run servers that store all the transaction records on their hard drives and do the processing of the ZK proofs allowing funds to be redeemed. Those are the people you have to stop if you want the service to go away. In this scenario, I as the contract deployer can do nothing whatsoever to stop them.
Private transactions are not illegal and neither is creating or cloning a tool which facilitates them.
Failing to disclose the commercial effects of those transactions on your own tax liability to the IRS is illegal. But that's orthogonal to cloning or using a tool which facilitates transaction privacy.
They aren’t. But anyone using an open tumbler like Tornado is choosing to live a life of continuous arrest and asset freezing. Because while private transacting isn’t illegal, using a money laundering service will continuously put you on overlapping law enforcement radars, and all it takes for a mixer to become a money launderer is the wrong person to use it, something users can’t control. (If you’re the one deploying these services, lol, good luck.)
>>I dunno. I don't think I particularly want to live in a world where it's essentially impossible to regulate money. But I don't really see how to avoid it anymore.
I've long said that cryptocurrency will force people to decide whether they want a world where we have internet freedoms like free speech and access to strong encryption, or we want to be able to tax income and regulate finance.
By turning finance into published information, cryptocurrency reveals the authoritarian core of modern left wing political ideology. The idea that those on the left are liberal will be exposed as hollow by cryptocurrency.
I can cite many examples of how cryptocurrency reveals the pervasive harm done by the centralization of finance (financial regulations).
In any case, unless you ban public access to strong encryption, people will use cryptocurrency with increasing frequency. A set of permissionless tools offers the potential for lower friction in finance and payments than tools permissioned by a centralized entity.
The question cryptocurrency forces you to answer is: how far are you willing to take centralization? You can no longer leave free speech and encryption communication alone, while centralizing finance under regulatory authorities.
>people will use cryptocurrency with increasing frequency.
For what? "Value storage" and grey/black market purchases and laundering? Because the dream of crypto being used as money for real everyday transactions looks more and more preposterous with each passing day.
>>For what? "Value storage" and grey/black market purchases and laundering?
For everything:
International remittance: no need to go the bank. Just send the USDC/DAI/RAI from my hardware wallet.
Community treasuries: if me and a few other people in an online community want to create a jointly controlled fund, we can easily do that by creating a DAO, complete with a multisignature wallet. This doesn't require us to live in the same country, to register a corporation or a corporate controlled bank account, or reveal our real identities to each other. It makes casual financial collaboration orders of magnitude easier.
Registration-free electronic cash payments. If I have a MetaMask browser wallet, and layer 2s finally solve the problem of extremely constrained Ethereum scalability, I'll be able to visit a website and when I encounter a paywall, I'll be able to pay $0.01 to read the article, instead of having to choose between buying a subscription or simply not reading the article (more likely). This is the kind of casual transaction between parties without an existing relationship that becomes far more practical with a well-developed cryptocurrency sector.
Cryptocurrency becomes better than traditional finance for a significant fraction of payment applications if when scalability and privacy is solved. Relevant:
The problem with the 'mixer' approach to this is that the US Gov knows the bad money went into the mixer. They also know that it's harder to determine where the bad money came out to. This means that money that all of society has a valid vested interest in tracking and seizing is in the mixer. Part of having that freedom, privacy, and control is having to live with the consequences of doing business with people who land you in circumstances like this.
I don't buy any argument that hinges on:
* Someone stole my money.
* But they used a privacy enhancing service to hide it.
* So the authorities have no recourse.
If someone uses that service for legitimate reasons knowing that the people who steal money are also using then they just have to live with the fact that their privacy means they can't prove they weren't the ones who stole it.
To have freedom and privacy, we need due process. If a Gov agency investigating a crime wants information, they can get a warrant.
A lot of illegal activities happen over email. That doesn't mean the government can require everyone to give them access to their email so they can monitor it just in case crimes are committed.
What you're advocating for is the surveillance system China has setup where the government has a back door to access every social media post, every mobile app, every security camera, etc. Any companies that don't comply (Facebook, Google, Twitter, ...) are banned. They make the same claims that you did that "it's in society's interest" for individuals to give some of their privacy and freedom because the society has a vested interest in this information.
We aren't talking about criminal conviction though. We are talking about something entirely different. We are talking about people freely transacting with people who the government already knows and has convicted of illegal activity. And those people who are freely transacting now have their funds difficult to spend, because because they are inextricably mixed up with illegal funds.
It's very hard to argue that you didn't know your funds were inextricably mixed up with those illegal funds because that is the a major purpose of a mixer. Choices like those have consequences. Falling under sanctions is one of them.
By that logic everyone with two brain cells who has worked on an interstate road crew should be imprisoned.
Of course you may consider one _knows_ launderers will be helped but have no _intent_ to help them, which may be true of the interstate road crew, bank tellers, or a user of Tornado Cash.
I don't think you can actually say you have no intent to help them. All of the other uses you mention other than a mixer have perfectly valid uses that don't involve committing a crime. But mixing your money in with illicitly obtained funds with the intention of making it so no one can tell your money apart from the illicit funds is the very definition of money laundering.
Of course you can say you have no intent. Plenty of people use Tornado Cash to separate one wallet from another without any intention whatsoever to aid in any way illicit activity. Just like the road crew, they know the service will be used for illegal purposes but can have zero intent for it to happen.
This is ridiculous. The reality of the situation is that the law does make a distinction between activities/venues/products that have a significant non-criminal usage (cash/retail stores/hammers) vs. ones that have mostly criminal usage (mixers/crackhouses/lockpicks).
The only reason cash has significant non-criminal usage is that it has had time to gain a foothold in society.
If all communication apps had a backdoor for government surveillance, and one was introduced with E2E encryption, at first, criminals would disproportionaly flock to it, and you could very well argue for it to be banned under the principle you espouse. Thus you would strangle every privacy solution in its cradle before it has had a chance to become mainstream.
Ridiculous. Money laundering leads to a loss of freedom, privacy, and control because it empowers exactly the kind of people who want to take those things away from you.
Not all users of Tornado Cash are money laundering. The US government positions Tornado Cash as a system for money laundering but it is more accurately described as a system for privatizing your transactions. A user with an identifiable ENS name might want to hold and trade some ETH without broadcasting every action to the entire world - this becomes a personal security risk - and Tornado Cash is a way to do this that is decentralized and cryptographically secure.
Ridiculous. E2E encryption leads to a loss of freedom, privacy, and control because it empowers exactly the kind of people who want to take those things away from you.
I don’t want to pay them from my primary account with (potentially) millions in crypto visible thus subjecting me to a $5 wrench attack
So instead I have a “payments” hot wallet and use Tornado cash to disburse funds from my cold wallet for paying things while obscuring my total net worth/lifetime transaction history.
This is perfectly legal and moral.
Edit: incase this wasn’t clear the above is purely hypothetical.
So how does sanctioning defi work? Isn’t the whole point of it being decentralized to make it unsanctionable? If the government forces exchanges to reject any coin that has ever touched a mixer won’t we just end up in a situation where every coin is unnaccessable given enough time?
They can track all funds that exit the mixer. They may not know how those funds got in the mixer but they can require all exchanges that have a legal presence under their jurisdication to reject any funds who's history originates from the mixer.
And yes, taken to an extreme it does indeed mean that every coin becomes inaccessible given enough time. Welcome to the real world consequences of interacting with systems that are counter to wider societies aims.
> Welcome to the real world consequences of interacting with systems that are counter to wider societies aims.
I don't think there's good evidence that this is counter to broader society's aims, just that it's counter to the power of the US state (which always wants its power to grow).
I'm quite sure what the outcome of a poll in the US and EU would be that asked:
Should it be legal to offer, or use, a service that masks the origin and destination of currency transactions from law enforcement who have obtained a proper court order.
Don't kid yourself, the tech/crypto crowd is not anywhere near average sentiment.
That’s just one frame on the question at hand, that tilts the poll in one direction.
The principle at hand here is if online transactions ought to have a floor on visibility by law enforcement higher than using cash. So there are other versions of the question that would get you different answers.
A mixer doesn't fit that definition. Even if they obtained a court order they may not be able to provide the information. You are moving the goal posts.
Some laws state things you must not do, and others state things you must do. Financial regulations tend to fall into the latter. Thus a service that cannot comply with these things is illegal.
It's not moving the goal posts. It's just the real world.
The people have voted that they would rather have KYC than criminal organizations operating at scale and foreign governments stealing from Americans. You may disagree, but your position is against that of society at large. You are perfectly free to exit society and transact only outside it.
There has never been a vote on KYC/AML policies and my research does not turn up any neutral sources suggesting the population strongly supports these rules.
In fact history shows that these rules are almost all dictated by a small group of people with little to no public input. Over a hundred years ago none of these laws existed and society survived. 100 years from now I doubt these concepts will be widespread and society will still function well.
Without these laws, the wealthy don't pay taxes, criminal organizations grow without bound, and foreign governments easily avoid sanctions. As money movement became easier, so governments couldn't stop that movement by issuing letters of marque, these laws became essential.
So basically these laws perpetuate the status quo while consolidating power in the more evil and violent organizations that dodge these sanctions while subjugating the privacy conscious.
These organizations follow the law and are therefore easily in our control. North Korea and large criminal organizations do not and are not. It makes no sense to say that some organizations are behaving badly, so we should give up trying to regulate all organizations.
If you're really trying to argue that, you should argue that tradfi banks should be unregulated. Then you can get your money-laundering done even more cheaply than inefficient decentralized protocols can manage.
>If you're really trying to argue that, you should argue that tradfi banks should be unregulated.
Precisely, I do think tradfi banks should be unregulated, with full knowledge that will enable more efficient "money laundering" for some (of course for many of the consolidated powers that be that suck up power when the small guys are blocked, it's no different at all)
>It makes no sense to say that some organizations are behaving badly, so we should give up trying to regulate all organizations.
Blocking all users of Tornado Cash because of some organizations that behave badly is exactly the kind of logic you're impugning with your statement here. We shouldn't give up on all Tornado Cash transactions because some are bad. You contradict yourself.
That's a strange interpretation of my words. TornadoCash allows DPRK to steal from Americans and use that money. We shouldn't throw our hands up in the air and say there is nothing we can do about it. We should instead prevent anybody from transacting with funds laundered through TornadoCash via regulation. This removes DPRK's profit and affects normal people by some amount approximating 0.
This won't remove DPRK's profit and the amount of additional suffering DPRK is going to feel is a lot closer to "zero" than the American who uses Tornado Cash to firewall their hot wallet from their cold wallet.
>If nobody will accept their laundered coins, how do they profit?
I don't think there's any evidence sanctioning Tornado Cash closes off laundering options for DPRK. Washing through privacy coins come to mind as an alternative. Very easy for DPRK's government mechanism to learn while being much more a hassle for the average American who barely has time after work/kids/training etc.
>That provides no benefit to society and causes plenty of harms. Working as intended.
Privacy definitely provides benefit to society, including not letting everyone know how much money you have to spend in your cold wallet every time you spend from your hot wallet. In fact I'd argue more violence could ensue if criminals could easily discover who had large cold wallets through lack of privacy, as many would choose to simply go on targetted knee-cap breaking operations until the key is given up.
> I don't think there's any evidence sanctioning Tornado Cash closes off laundering options for DPRK
Those other methods can be shut off too. That isn't an argument to leave known laundering options available.
> Privacy definitely provides benefit to society, including not letting everyone know how much money you have to spend in your cold wallet every time you spend from your hot wallet.
Don't use technologies that have no advantages and only disadvantages. When I spend with my credit card, the merchant doesn't know how much money I have, and my transaction goes through nearly instantly with negligible energy usage.
>Those other methods can be shut off too. That isn't an argument to leave known laundering options available.
But that wasn't the argument you made. Now you're moving the goal posts. Sanctioning Tornado cash doesn't remove DPRKs profits as you claimed. I also doubt all methods can be shut off, or that it makes sense to cut off all "US Persons" just because DPRK uses it the way we don't like.
>Don't use technologies that have no advantages and only disadvantages. When I spend with my credit card, the merchant doesn't know how much money I have, and my transaction goes through nearly instantly with negligible energy usage.
When I use my credit card to buy say metal bullion online, I'm charged a huge markup if I pay with credit card. There are times when I don't want to pay the credit card markup and things like cash aren't always easily usable online. I don't even like spending crypto but I've paid for bullion with crypto online merely because it happened to be the lowest fee option for me with fast clearing. You don't know that for everyone crypto always has no advantages in their options.
How is it not? TornadoCash is used for laundering DPRK's ill-gotten gains, so we sanction it. Now anything they sent through TornadoCash is not usable. If anything else is used to launder their gains, we should sanction that too.
> When I use my credit card to buy say metal bullion online, I'm charged a huge markup if I pay with credit card.
Bitcoin does not remove the reason (fraud risk) you are charged that markup. As soon as regulations apply, everything that causes that markup to exist also applies to Bitcoin. On top of that, you have Bitcoin's high transaction costs, and completely public transactions.
You stated we removed their profit by sanctioning Tornado Cash. For one I don't think you have evidence sanctioning Tornado Cash eliminates profits of North Korea. There's also quite a few other ways, and only by moving the goal posts of saying we also shut off all those other ways of gathering profits could they be shut off. Which of course is both arguably infeasible, and not what you said.
>On top of that, you have Bitcoin's high transaction costs, and completely public transactions.
I didn't pay with bitcoin, I paid with LTC where my transaction costs a penny, plus or minus a penny.
>Bitcoin does not remove the reason (fraud risk) you are charged that markup.
That's nice that credit card premiums include fraud protection, but I'm not interested in paying for that with this vendor. It is one I very much trust, and even though I may even benefit from fraud protection I prefer not to have it. The vendor and I am in mutual agreement that I agree to give up my crypto with little chance of recourse, and I trust they will provide me the product. Sure, they may not make good and I may not have any good recourse, but the vendor and I have consensually made that agreement together with our own benefits in mind. In this case no fraud protection is a great benefit for me personally as I don't pay premiums for a service I don't want.
> You stated we removed their profit by sanctioning Tornado Cash. For one I don't think you have evidence sanctioning Tornado Cash eliminates profits of North Korea
The profit from the crypto that they stole or received as ransom payment. I thought that was very clearly implied.
> I paid with LTC where my transaction costs a penny, plus or minus a penny
That addresses one of the two problems with paying with BTC, remaining worse than tradfi payments.
> That's nice that credit card premiums include fraud protection, but I'm not interested in paying for that with this vendor. It is one I very much trust,
That's nice that you trust the vendor, but fraud costs are about whether vendor trusts you. If you pay them in stolen goods, those will be seized, and the vendor will be out bullion plus transaction costs.
>The profit from the crypto that they stole or received as ransom payment. I thought that was very clearly implied.
Tornado Cash is not the only way to launder ransom payments, so wrong again.
>That addresses one of the two problems with paying with BTC, remaining worse than tradfi payments.
Worse for some conditions, and not for others.
>That's nice that you trust the vendor, but fraud costs are about whether vendor trusts you. If you pay them in stolen goods, those will be seized, and the vendor will be out bullion plus transaction costs.
The vendor chose to charge me a lower fee for crypto than for credit. Perhaps the vendor failed to charge the appropriate amount to cover their fraud risk, but nevertheless in the transaction I found crypto advantageous. If you think they're wrong, feel free to offer your consulting services to APMEX and your expertise on selling bullion.
>You are perfectly free to exit society and transact only outside it.
Except I'm not because it applies to 'US Persons' which for US citizens applies to them anywhere they are on earth or even on another planet. Also to not be a US citizen requires paying what is for many people a prohibitive exit tax of thousands of dollars to renounce. That is, you can exit society and still run afoul of the law.
US voters, at least, have voted in representatives at all levels of government based on campaigns centered around a “tough on drugs” message, especially during the crack cocaine moral panic of the early 90s. It’s not much of a stretch to say the people have voted for the war on drugs, even if those policies would not survive a referendum or plebiscite today.
To me this feels similar to how most paper cash has traces of cocaine.[1] LEO will seize the cash, but if they re-enter it into circulation the cash becomes legitimate again. You're not liable if you spend the same contaminated dollar bill that a drug dealer once used, but you would be liable if you did business with that drug dealer.
Except this isn't currency. This is property (a definition given by the SEC) which has a completely different legal standard. There is no excuse of ignorance for receiving and selling stolen property or property used in service of a crime. It's an open secret that crypto is being used for illegal activity because it is not being enforced currently.
> There is no excuse of ignorance for receiving and selling stolen property or property used in service of a crime
Let's say your public address is public, all your net worth is there. A tainted account can send a small amount to you, nothing you can do about it. Is your account now tainted as well? If yes then bad actors now have a powerful tool of wealth destruction.
> Isn’t the whole point of it being decentralized to make it unsanctionable?
No. Guns and bullets are decentralized, but murder is still illegal. Law enforcement agents can investigate crime committed using crypto just like they can investigate crime committed using any other instrument.
Cash itself has never been sanctioned though? If the government said “we’re now keeping a database of cash serial numbers that are hereby banned” would everyone need to install the “cash checker” app and scan each bill they receive?
Ethereum isn't being sanctioned. Tornado is. If you transact with Tornado, you're in violation of the law. If you don't, you're not, whether you use Ether or not.
> if the government said “we’re now keeping a database of cash serial numbers that are hereby banned” would everyone need to install the “cash checker” app and scan each bill they receive?
Law enforcement has long used marked bills [1]. The cash isn't "cancelled." If you randomly end up with one, you're fine, in the same way that if you unknowingly end up transacting with a wallet that transacted with a wallet that touched Tornado, you're also probably fine. But if your garage has a box of marked bills, or if your wallet did a big transaction with another wallet that does lots of Tornado activity, you're going to be on law enforcement's radar.
I just don’t see how the government can go about proving you received the money because you sent to it a mixer vs receiving it from a seemingly legal transaction with someone else who mixed it. Especially with defi exchanges that I doubt will check if coins have been mixed.
Flip that around the other way: you are identified having received a transaction at the end of a chain from some crime with serious consequences. Do you want to have to prove to their satisfaction that you had no knowledge of this and aren’t part of some cartel’s money laundering operation? Can you keep doing that each time you use a mixer or does that start to look like a pattern where they stop believing you? Is there anything in your life that is innocent but could be strung together by an ambitious investigator? (e.g. your roommate’s boyfriend is Colombian, now you’re both getting questions and I hope he’s not self-employed)
It’s that grind which is fatal for mixers, not unlike Tor exit nodes. Nobody _needs_ to use them except money launderers but they depend on benign traffic for concealment. Even most privacy-minded people are going to hesitate if it taints their ability to make transactions with regulated businesses and the less innocent traffic there is, the more likely it is that using one will attract scrutiny, accelerating that feedback loop since most people don’t want to deal with the risk even if they are totally innocent.
The other level to consider: this mentions DPRK. That means all of the intelligence agencies could be involved and that increases the odds that a mixer is compromised or even run by them as a honeypot. Think about how you can decide whether to trust one, and whether the odds are that you’re signing up for additional privacy invasion like the people who’ve used certain messaging systems or VPNs.
US law isn't universal, but it does apply to anyone who wants to interact with the US financial system. Which is most people doing business outside their country of residence, including most people using crypto.
Cash has to be physically sent somewhere else. There are already restrictions on large amounts of cash (> $10000) where large transactions must be reported to the government, and it must be declared entering or exiting the country. This is why smuggling cash out of the USA from drug proceeds is a very challenging issue for cartels.
But crypto cannot be physically inspected at international borders. So for the government, just like wire transfers, they want to know the source and recipient of such funds. If there were a service where you could bring a large amount of cash, obfuscate the origin, then wire it to a bunch of bank accounts under criminal control, that would be the definition of money laundering and also cracked down on.
In this case if Coinbase took some BTC that went through Tornado it would be equivalent to taking a wire transfer from a bank known to be laundering money.
If you're taking 10k or more in cash out of the country and fail to file a fincen-105 you can have all of the cash sized with no recourse. CBP regularly uses cash sniffing dogs for this purpose.
CBP has an alert on my passport and I'm flagged as being a bad-boy with insane amount of grilling (and illegal jailing, strip-search, ~16 hour detainment, the works) every time I enter the country. Even I have never been searched leaving the country. I'm sure it happens but I think it is quite rare. I repeat myself, there is effectively no customs leaving the country even if you are flagged as most-high-risk as I am.
>CBP regularly uses cash sniffing dogs for this purpose.
The dogs are just probable cause generating machines. Had one of these dogs "sniff my asshole" and the agents got a warrant for me to forcibly be taken to the hospital to be "internally examined." (and I was sent the bill by the hospital, both ERs they took me to ~60 miles apart even though I never consented to any of it) The dog never alerted. It's just cover so they can get a warrant whenever they want.
Yeah I'm aware it's illegal to not report on the way out, I'm only saying it seems unlikely criminals doing that are going to get caught.
> If the government said “we’re now keeping a database of cash serial numbers that are hereby banned” would everyone need to install the “cash checker” app and scan each bill they receive?
This database exists, but only banks and police evidence clerks check cash against it.
> Cash itself has never been sanctioned though?
Most countries have a strict limit on the amount of cash you're allowed to carry over the border.
It's never been sanctioned but it is tracked. Every single time cash (the physical printed bills) flows through a federal reserve branch or even some mainline banks the serial is noted and reported to a database. They do this in case money known to be tainted (stolen, counterfeit etc.) shows up. So if a bill with a flagged serial number comes up that info is forwarded to the FBI/Secret service. That doesn't mean they'll come knocking on your door if you deposit a single tainted note, it just tells them that the note somehow made it to your locality. But if you deposited a ton of them all at once? Yes you'd probably get a visit and some very pointed questions on where you got them and how. This has happened a few times when people found cash from robberies (the D.B cooper case being one). https://en.wikipedia.org/wiki/D._B._Cooper#Recovered_ransom_...
Most people have probably deposited a counterfeit bill and never known it too. Again singular bills are not a problem. They just tell the secret service to keep an eye on that locality and potentially contact businesses that saw the counterfeits come in assuming those businesses didn't flag it themselves.
> If the government said “we’re now keeping a database of cash serial numbers that are hereby banned” would everyone need to install the “cash checker” app and scan each bill they receive?
I recall something like that happening when I was younger. This was long ago, in the pre-Internet days, so unfortunately I haven't been able to find anything about it online; this is only my distant recollection.
There was a theft of a large amount of new bank notes, which hadn't yet entered circulation. The government distributed a list of the ranges of bank notes (since the notes were newly printed, they were in large sequential ranges), and every cashier in the whole country (for instance, in supermarkets) had to check every note they received against that list; since the notes in question hadn't entered circulation yet, they could be treated as if they were counterfeit.
(Since as far as I recall this happened back in the hyperinflation days, and the whole currency has been replaced one or more times since then, there is no longer any need to check against that list.)
Nothing so brash. Make the largest banks check (the federal reserve already does), and add consequences on handling banned bills that will encourage smaller customers to check before they get to thr FR level.
There's a reason that you can't walk into Goldman Sachs and open a trading account with a box full of cash. They can't tell where it came from. In certain respects, cash is sanctioned.
At least on government and banking level there are sanctiona against bring cash USD / EUR to Russia and might be Iran / North Korea. Private person can do that, but any bank or country that will sell cash to Putin's regime will likely end up being sanctioned too.
Germany dont send real paper US dollars or EUR to Russia. Instead Russia just get some more numbers on Gazprombank correspondent bank account in some EU financial institution.
There is a huge difference between what can be done with paper money vs numbers on traceable bank account.
This is kind of a misconception a lot of people have about law. Especially in crypto, you’ll hear people gape “oh what, the government is going to ban random numbers? oh, the government is gonna ban something they can’t shut down?” I guess they imagine something more dramatic like secret police doing sting operations against every crypto user out there. In reality, they’re making a new stick i.e. once they have already decided to prosecute you for something, if they can show you used a mixer, this will be just a new charge to throw at you or a multiplier on your sentence.
I’m finding it a little difficult to put into words succinctly but as an example, they’re still going to after e.g. Coinbase: the big guys. They’re not gonna track down every party interacting with any mixer and prosecute because that’s hugely resource intensive. But now when they go after e.g. Coinbase, they have a new tool in their belt. (IMO IANAL.)
This is a structural practice our government tends to favor. They can regulate larger actors and keep them in line more easily in order to limit the options for misbehavior downstream.
To employ in the U.S., you have to report what you paid people to the tax authorities. The employer can employ and do commerce on condition of compliance and the good grace of government recognition. Individuals, in the end can do whatever they want as long as the paper trail is managed by the economic machine.
I am sure they see Coinbase as being part of a gigantic racketeering operation where the whales game government and finance to facilitate black markets.
As far as I understand coins don't have a unique ID rather wallets have balances. There is not a list of serial numbers to compare against. So if you want to ensure money is not coming from a mixer you have to look at the flow graph of transactions. But this line is kind of unclear. One one extreme you could ban any wallet that has used a mixer, on the other extreme you could ban every wallet that is anywhere in the graph involved with a mixer for example someone that used a mixer sends you money for coffee, you send someone else money, and now all three of you are banned, which probably trends towards a substantial portion of the network.
Which entity? Users of Tornado Cash? Their developers? As a business accepting Ethereum, how do I know whether my customer has used Tornado Cash in the past? It's not really possible to know unless the customer volunteers the information.
I guess they just don't really understand how Ethereum works? The minute whoever controls those addresses transfers the ETH out to some other addresses (a cheap/trivial operation) the sanctions are obsolete.
It may seem inane if you assume that the only purpose of the sanction is to prevent the money from being transferred.
It could be that they have enough parallel information that they know who controls these addresses and they're just waiting for someone to violate these new sanctions :)
Within the realm of the blockchain, yes. But regulators do much of their work in meatspace. Smart contacts won’t protect you from information gathered elsewhere.
So you believe that there are certain people that the OFAC wants to arrest but can't, because those people haven't committed a crime / aren't criminals.
So they make up a law that will basically force people to chose between losing their life savings or breaking the law. Some people will rightfully ignore the law and recover their money. The OFAC can now arrest those people...
I mean it's not impossible but I find it hard to believe that the OFAC would be that morally bankrupt.
I didn’t say any of that. I have no clue what they’re doing. The simple answer is that law enforcement rarely moves to prosecute with one piece of evidence, they often have multiple pieces. And they often use use one lead to find others who are involved. And if they can make it more difficult for people to continue crime, they will. There are often many factors at play.
Without digging deeper into the protocol, I imagine these sanctions may be completely ineffective.
The announcement says they are sanctioning 40 addresses associated with Tornado, can't those addresses be cycled out of commission and a new set be put in place?
> can't those addresses be cycled out of commission and a new set be put in place?
That gets harder when the employees start getting arrested, the bank accounts Tornado uses to pay them start getting frozen, domains seized, et cetera, at Tornado and at every identified wallet that transacts with it.
It takes about 10 minutes to deploy the existing tornado.cash smart contract to a new address, and can be done with freshly-mined ether. Some kid in Russia could do it and the U.S. government would never know who he is nor have jurisdiction to touch him. There are no need for employees, servers, domains, whatever. Once it's upon on the blockchain again, its existence serves as a schelling point for people to use it.
This is much more like a pandemic than a war. In a war you know who your enemy is, you can see them making preparations and organizing forces, and you can counter them with your own moves. In a pandemic, somebody sneezes in Wuhan and 10 million people die. Any attempts to regulate folks who might've touched dirty things just piss people off.
You generally need a sufficient volume of traffic for a mixer to be effective.
A nobody spinning up their own copy of the contract may have trouble attracting the volume. If this becomes a significant issue, the treasury can expand the sanctioned entity definition to include to any smart contract that uses the code from TC. Or automatically scan for such addresses and update the list of aliases for the sanctioned entity. Or several other approaches.
So... OFAC deploys a static analyzer scanning the address space for anything hosting a similar smart contract, then add that to the list.
You don't get it. Everyone says "OFAC may I <transaction info>?" OFAC implements services to take that info, and check it against their list and generate an answer real time. They can also update the list real time, and being centralized, every integrated processor starts giving that new entry the ol' deposit only treatment.
All OFAC needs is a scanner for what might be a hit, they preemptively add it to the list, do further digging in case it's a false positive, and still get the outcome they want. An effective brake on suspicious or possibly sanctioned individuals access to the financial network.
OFAC isn't stupid. They have the architecture of the financial network literally working for them in this case.
Decentralized doesn't mean squat with a fully public data structure that a centalized entity can real time declare chunks of off limits for a sufficiently large swathe of potential endpoints.
There is no penalty to a false positive by OFAC, or any of the service providers it oversees, btw. As that error case is handled by information collection and resubmission by the service provider to OFAC for re-analysis. The deck is stacked pretty much entirely in OFAC's favor.
But it’s an entity that is decentralized, and theoretically has no owner. It’s just an address that takes coins as input and spits them out somewhere else. I don’t think etherium itself will agree to let the government ban people from sending their coins to a certain address, so I’m struggling to see who exactly the government will be going after.
None of that matters. Sanctions allow the government to prosecute anyone who does transactions with the sanctioned entity. Period. It doesn't matter how the technology works or whether the facilitators of those transactions cooperate with anyone else on anything.
Well how do you know someone sent their coins through a mixer? If they’re dumb and go straight from mixer to an exchange it’s easy, but what if they trade the mixed coins for an nft? Is the former nft owner now implicated?
How do you know the cash you got out of the ATM hasn't been in North Korea? You don't, and you wouldn't be guilty of sanctions violations even if they were.
You violate sanctions if you transact with a sanctioned entity. It is that simple.
If the NFT owner accepts coins from a sanctioned address, then yes, they have violated sanctions.
So if a sanctioned address sends coins to a different address and that address trades for an nft the nft owner has violated sanctions? So now every time you exchange crypto you have to check if the other party is on a sanction list? What if you want to make a wallet illicit? Don’t you just need to mix some coins and send them to that wallet?
Yes, sanctions lists are a cat-and-mouse game. Cryptocurrencies did not invent this dynamic. Dictators have been doing the same with shell companies and offshore bank accounts for decades.
> Again, this is all very simple. Someone who transacts with an address that is on a sanctions list is in violation of sanctions.
You sound like one of those devs who shunned Dropbox because it's just a simple internet backed up folder you could implement with rsync and some python.
The world isn't that simple and if these "simple rules" turn out to be too complex to easily reason about we as a society will just ignore them.
I'm just telling you how the sanctions work. That part is simple.
Yes, this could have some complicated implications for compliance with that law. This is why big banks employ thousands of people in their compliance departments. If you're in country [x] and you're transferring money, you have to follow laws on transferring money in country [x].
Now yes, if compliance is hard, observed compliance may be low. This affects many laws on the books, and if it becomes a problem for regulators, they may take further action to improve enforcement, as they did with capital gains on crypto transactions at exchanges.
The whole point of a mixer is that you want to go from psuedononymous wallet to something that can be exchanged for fiat without conflating your identity with the crime. Presumably everyone putting the money in the mixer hasn’t linked their identity to their wallet.
Of course -- all money laundering attempts to obscure the source of money. Usually, launderers get caught when they make mistakes, or when money is used for goods or services which are more easily observable.
I have a brilliant idea to address these privacy concerns. Make the bad thing like selling counterfeit oxy or whatever illegal, so that the bad thing is illegal rather than the money. Then we can make "money laundering" not a crime. If it's harder to catch criminals then tough shit, our privacy is worth it.
It is common and logical to criminalize both the crime and the facilitators of a crime. We don't let a getaway driver get off scot free from a bank robbery just because they weren't the ones pointing the gun inside of the bank. Money laundering is, by definition, money obtained from criminal activity.
We should also prosecute the road crew, because everyone knows when they build the road criminals absolutely will use it for crime. It's facilitating.
Road crew like many tornado cash users, they have no "mens rea" intent to aid money launderers, even though they have knowledge it can happen. By your below logic the courts find Tornado Cash user not guilty of "mens rea" money laundering.
>Edit to reply to your edit (why not post a reply?): that's exactly why they have been added to the sanctions list explicitly, rather than prosecuting users for money laundering.
Awesome, roads used by money launderers should be sanctioned as well so "legitimate" users can't use them either, everyone who built them knew they would be used by criminals and so do the people paying the fuel taxes that maintain them so criminals can drive on them. I'm replying this way because I've run out of replies (I can only reply 5 times per 3 hours).
No. Western court systems are not a dumb box of logic gates; they evaluate mens rea.
Edit to reply to your edit (why not post a reply?): that's exactly why they have been added to the sanctions list explicitly, rather than prosecuting users for money laundering.
The fed is going to shutdown crypto because to do business is to implicitly be party to a racket. It has no real uses beyond the black market as we have learned over the past 14 years.
Now we just need someone to take some coins from Tornado Cash and send them to top 10,000 or something active crypto addresses like one CoinBase / Binance / etc using...
It would be interesting to see what U.S. Treasury will do.
Coinbase could do it, but if someone sent these "bad" coins to your personal address? Let's say if you're major NFT owner or if you're collecting money for your non-profit via crypto.
What I saying is that just for $10,000-100,000 you can literally taint 90% of crypto ecosystem.
It wouldn't surprise me if 90% of the crypto with any velocity is already "tainted" TBH. It would be easy to "pepper" everyone's addresses with small (in BTC vernacular satoshi sized) amounts of "tainted" currency, subverting the whole system.
I guess US Treasure not going to be after every satoshi, but large transactions. So it's just gonna make usage of mixers more expensive for huge amounts of crypto as you'll need to split it to small transactions and pay more fees.
Also fact that every coin is tainted is a good reason to demand absolutely all data possible from CoinBase and other companies.
It's could cost you more to send coins away than amount you received. Also you can always receive coins from some other not-yet-illegal mixer that will poison your coins later on.
So there are a lot of reasons why this will be used against random people.
Pretty dumb but not surprising. Private transactions should not be something that is criminalized, but it is taking a trajectory like reefer madness and the drug war. User seeking financial privacy is now put in the same group as terrorists. Reminds me of arguments being made by governments around tightening the use of end-to-end encrypted chat apps.
Since this is a decentralized application running as an Ethereum smart contract with IPFS[1] interface, the move will not actually deter any state actors from using this, but will criminalize and stigmatize regular users who want to anonymize their Ethereum transactions.
The end result may be as the government wants: force users back to fiat so they can maintain maximum control of funds, and anyone left in the mixer is default a criminal.
> If crypto mixers are outlawed, only outlaws will use crypto mixers.
This is only true in the tautological sense.
Crypto mixers are outlawed > All users of crypto mixers are therefore deemed outlaws > Only outlaws use crypto mixers.
An otherwise innocent person who has never heard about the sanctions may continue to "launder" their crypto unawares because they don't want everyone they transact with to know their total balance. I would not consider them an outlaw but they may be in for a nasty surprise now.
Users will be forced into other systems that are less tested and less regulated, forced to tie their wallet to the public ledger, or forced to pay high fees to centralized exchanges to achieve similar privacy.
One compromise would be a US-based smart contract mixer that provides strong privacy but allows the US government to request transaction history in extreme cases. These addresses can then be sanctioned, frozen by USDC and barred by all regulated CEX.
That’s not a compromise at all to me. That’s total capitulation. Once any party has the right to sanction or ban and CEX comply with government orders, what is the point?
The US government already has the right to sanction crypto addresses, they just did today with Tornado Cash. USDC also has the right to freeze funds, they have done it already.
I would rather see the US support privacy, but if they refuse to allow their citizens the right to financial privacy, then at least they could provide better systems for regular users to keep their crypto transactions private from the entire world.
If you were to send money through tornado from now on, and this was discovered and linked to your identity, you would face a criminal liability in the US.
It is law enforcement working as intended. Freedom is complicated, I guess.
Judging from your tone I suspect you'll love this fun fact: amongst other things, this sort of sanctions regime stems from the PATRIOT Act. Beacon of liberty that thing.
It means that if you're in US and publicly share your crypto address for vanity like NFT or something anyone can easily make you criminal just by sending you some "bad" coins. Good luck proving to U.S. Treasury it wasn't you.
In real world it's most likely gonna be used mostly against big transactions and to go after crypto exchanges.
The Treasury should setup several mixer honeypot services to find out who’s tumbling dirty money. This would be far more effective and would turn people off using mixers (at least for a while) and would uncover a vast criminal network.
> As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
> In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.
> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt.
> These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.
(Formatting added because I’m not a moron)
Seems like you can continue using it if you’re not in the US, not transacting with someone that is and not with anyone on their sanctions list?
Assuming the operators aren’t in USA and aren’t running transactions there. If this is a decentralized app, how is a miner supposed to avoid crunching these processing cycles?
> if you’re not in the US, not transacting with someone that is and not with anyone on their sanctions list?
And not in a country that extradites to the U.S., or every planning on going through one. Or using U.S. dollars. Or the currencies of its allies.
This is OFAC. Violating its sanctions is akin to doing business with North Korea or Iran. People do it. But you're going to have a different lifestyle.
What? These powers emanate from trading with the enemy and other wartime acts [1]. Violating sanctions can literally authorise U.S. military countermeasures.
Tornado helped Pyongyang finance its missile programme. That’s the colour of law we’re discussing.
And I read their press release and quoted their entire "Sanction Implications" section, and it basically says you can't use Tornado if you're a US person or dealing with US assets and you can't use it if you're dealing with someone on OFAC's sanction list.
Which seems to leave a lot of transactions, like a non-sanctioned non-American paying another non-sanctioned non-American for something with mixed crypto entirely off of US soil. The sanction doesn't appear to apply against that.
It doesn't matter. It's generally enough in diplomatic channels that if an American could access a service, the U.S. will treat it as if it has been used by one.
As I understand, this is why an American in Europe can have a hard time creating an account. In order to operate in that country without triggering treaty clauses, there has to be a technical or process measure to keep U.S. customers abroad out. Otherwise that state is obligated by treaties to consider that business in breach of U.S. sanctions.
For breaking which law or term of the sanction? It genuinely seems like OFAC sanctions only apply here when dealing with listed Persons or any US national on either side of a Tornado transaction.
But Tornado is a mixer. If you're outside of the US, and your coin is co-mingled with US-based coin, you got an issue. Granted, that issue is with the US.
So if your country won't play ball with the US, you should be fine. But if you're in pretty much any industrialized country, it's probably not worth the risk.
Do they even know who they are, or is this more like a strongly worded letter?
edit: It's a russian guy, in russia, so in practice might be more like a strongly worded letter. Downstream effects are more like financial institutions are going to block assets that appear to have gone through this mixer, but I have my doubts that that is practical, especially if the mixer ups the complexity.
This is why PoS is a must. There's no way to hide industrial mining facilities and miners will be eventually forced to enforce sanctions. A validator even with 100k eth just needs a connection, trivial to hide.
I'm surprised a DAO hasn't been established to effectively "fork" mixer code into a new org every time an existing mixer is investigated or sanctioned. Ironically, I'd bet the creators of Tornado Cash will simply auction their codebase to the highest bidder - an NFT owning the source code of a mixer could be a really interesting passthrough entity if you were simply "licensing" access to the NFT...
Amusingly enough, since most virtual currency activity is simply trading it back and forth on exchanges to try to "make a buck", it's probably mostly "legit" now.
What percentage of actual on-chain transactions are not illicit is another question.
I wouldn't know about the specific situation in the USA but here in Europe(EU or not), cash seizures happens at the borders all the time and the due process is that you need to be able to explain the origin of the money.
It is a popular theme for Turks working in Germany having their cash seized by Serbia on their way to a vacation in Turkey. This is because, the Turkish diaspora in Germany is predominantly blue collar due to the nature of their immigration(long story short, many years go Germany requested workers for their factories, many Turks took the opportunity) and they have a lot of opportunities to deal with cash and not pay tax on it.
Essentially, Turks who do "tax-free" business buy properties in Turkey and there's a common fraud to claim benefits because on the books they look very poor, so they definitely don't want that money to go into the books and the Serbian police apparently caught up with it.
Anyway, the fraud is about to be solved not by seizure of assets but by data-sharing agreement between EU and Turkey, the Turkish banks and the state will report the properties and assets to EU&UK for anti fraud purposes. There are many pissed off people about it.
I agree wholeheartedly that the price of maintaining the privacy of cash and stopping these seizures, even if +90% of these seizure cases were legitimately illegal earned cash, benefits the people more than the opposite.
That being said, I think there are more pervasive rules in our society that makes these seizures mild in comparison. Using the numbers you posted, that's $65k per seizure. Individuals carrying around the median annual household income is much more suspect than the $10k deposit limit that must be reported to the IRS. If law abiding folks get hassled for $10k, then $65k is obviously questionable. I think banks should not have to report anything but at the very least the limit should be $1M. $10k is a good day (Christmas, Black Friday, etc.) of sales for many regular people. Hell, even bartenders can make $10k in tips over the course of months not even years.
Yeah, it just hasn't moved fully west. I remember India proposing phasing out cash for "reasons". How soon till we start seeing serious pushes remains to be seen.
Privacy is a fundamental right, so using cryptocurrency that happen to post your transactions publicly is highly questionable when assuming all rights are absolute.
However, your right to privacy ends where money laundering and fraud begin. These are real problems that get in the way of catching criminals, and not just simple fraudsters and other non-violent liars.
Every paper bill has a unique serial number that gets tracked by banks to trace stolen money. I don't know about any dedicated privacy companies that will take your money and exchange it for random bills of equal value, but if they exist I'd expect the police to have an interest in them, and for good reason. Sure, you could use "privacy" as a reason to visit them regularly but I doubt you'll convince anyone.
> However, your right to privacy ends where money laundering and fraud begin. These are real problems that get in the way of catching criminals, and not just simple fraudsters and other non-violent liars.
Should gov also scan every photo on your phone for criminal activity? Install cameras in your home? If your right to privacy ends when there is potential for crime then you'll have no privacy at all.
My right to privacy ends when i start engaging in money laundering or fraud not when somebody else does. Otherwise this is a stupid argument because there will always be somebody engaging in money laundering or fraud so there will never be privacy. There's no justification to say "oh well it's possible you're engaging in one of those so we have to remove your privacy so we know. But it's to keep everybody safe/for the children/insert bullshit excuse here so what do you have to hide!"
And bills probably shouldn't be serialized for that exact reason. My right to privacy is more important than anybody's right to feel "safe" from the evil bad guys. The correct answer to stopping crime is to stop crime, not to weaponize our financial system and remove civil liberties.
I just finished reading "Billion Dollar Whale", about Jho Low and 1MDB scam. In a nutshell, enabled by corrupt politicians and bankers, one guy and his entourage embezzled multiple billions (not a typo) from Malaysian budget, effectively stealing from Malaysian people.
They get eventually caught, and substantial assets are recovered - real estate, jewelry, art, luxury yachts. Not all. But in a world of fully anonymous crypto, these guys would either never get caught, or would vanish into thin air with their Ledgers, and that's that.
I used to think, haha, crypto, buy some drugs with it, but this really scared me. I'm not anti crypto, and I quite like the technology, but this kind of "mine and no one else's business" attitude terrifies me.
There is an idea of balance of interests between the individual and the society. This is why for example your employer has to report salary data directly to the government but there are laws in place that control who else they disclose that too and under what circumstances. See also, for example, sex-offender registries, census gathering, etc.
NB: I'm not offering comment on whether or not the balance on those cases (or others) has been made correctly, just pointing out that it is a generally accepted concept in modern "western democracies" at least, and seems to be held by the majority of citizens unless you get pretty deep into the tails.
An example would be you have the right of keeping your bank account activity shielded (private) from the government by default. But, if you are participating in human trafficking you lose that right (it's not absolute) and the government can go in to track your activity to prevent further human abuse.
Of course, this is an easy example with an obvious right/wrong. In the real world situations are all over the place, so our goal should be to constantly strive to
find a more perfect balance.
Rights, including the right to privacy, must necessarily have limits.
The right to privacy doesn't mean you can facilitate money laundering with impunity. Just like my right to privacy doesn't mean I can blind everyone in a shop if I don't want them to know what I'm buying.
> Remember, the most privacy-preserving way of trade is dealing with cash, yet no one sees it as "criminal."
Try to buy a one-way airline ticket with cash and see if you don't have suspicion fall upon you.
Sure, rights do have limits. But those limitations should have to go through due process before being applied. A few folks in the treasury department making a list of addresses without any kind of process for proving that the humans involved have engaged in wrongdoing is not compatible with the idea of limited government in a free society.
It is difficult for me to explain because I very rarely deal with in absolutes and have found that most people want online discourse to be in absolute terms.
One thing I've done when talking to cryptobros and other privacy extremists is ask them to think back to a time (and we all know they've all done it) when they railed non-stop against the "banksters" and consider how much more power and influence they would have if the rules they themselves want regarding privacy are applied evenly to all circumstances.
There are a few people, and I'm inclined to believe them, who say "yeah Capital One and Deutsche Bank have the right to mask their cartel money laundering activities under the concept of absolute anonymity and any attempts at know-your-customer or records-keeping requirements for banks are antithetical to freedom" but they are very rare.
Again, I believe those people are being earnest because I know extremists exist for every position.
But most people just shout "THAT'S DIFFERENT", get angry, and call me a boot-licker or something like that.
edit: another scenario I use is:
Privacy-conscious business owner: Hello yes, I would like to start a business selling car seatbelts whose webbing is impregnated with a fire retardant that we know will cause fatal cancer.
Evil Government: Ok, please fill out this paperwork to get a business license and provide points of contact so people can sue you when they get cancer from their seatbelts.
Privacy-conscious business owner: No. That is a violation of my rights. I have the right to perfect anonymity.
Evil Government: I suppose you've got us there! Have a nice day.
> It is difficult for me to explain because I very rarely deal with in absolutes and have found that most people want online discourse to be in absolute terms.
> Again, I believe those people are being earnest because I know extremists exist for every position.
Indeed. I hear a lot of this rhetoric from both crypto maximalists and crypto skeptics and both of them always argue in very absolute terms.
I can agree that regulators won't allow privacy coins like Monero and tools like Tornado.cash to succeed and are already de-listing, banning them from exchanges. It also doesn't mean that these cryptocurrency or projects will 'all die in a fire' or 'totally go away' entirely. The same is true for crypto maximalists who also believe that it will 'take over the whole financial system'.
I'm already convinced that (some) cryptocurrencies and (some) crypto projects are here to stay.
"Laundering" cash means making declaring fraudulent income from a business to make the cash income look legitimate. From the perspective of the tax authorities, it doesn't matter whether you have the "same" 100 ETH you had on Thursday, the question still remains whether you have undeclared income.
This is more like... depositing hundred dollar bills at a bank, and then withdrawing different ones from an ATM.
Laundering isn't specific to just declaring fraudulent business income to make your income look real, it's broadly about masking the origin of illegally-obtained money, whatever that may look like. Mixers such as Tornado mask the origin of one's money.
I don't need to imagine. I was searched at Berlin Tegel (RIP) and they specifically asked me if the devices I was carrying (2 laptops, a work and a personal one) contained cryptocurrency wallet information. This happened in 2018.
I’m not sure an expensive and energy wasting laundering solution is the way to solve privacy concerns. This also ignores the fact that it only really offers privacy for simple transfers, not for when you actually pay for a service/product/goods.
The operation of any well-operating nation state is always going to involve limitations on the right to privacy. It's facile to think otherwise.
The police need, within certain guardrails, to be able to search private property for evidence during investigations. Civil suits are going to require some element of discovery. Tax authorities are going to need to perform audits. Your landlord is going to need to come into your apartment to fix a leaking pipe if you're away.
We don’t need to say “might” - this has been the case for ages, and we can see how that’s gone. This looks like Tornado has had enough volume that the Treasury department cares about applying existing laws to it, but fundamentally this doesn’t seem to be different from Visa requiring foreign transactions to follow the U.S. rules.
TornadoCash is not only for laundering. When you buy ETH on a centralized exchange, send to a self-custody wallet, they can then watch your funds and perform on-chain analytics on you, etcetc. Tornado Cash helps fix this.
>While the purported purpose is to increase privacy, mixers like Tornado are commonly used by illicit actors to launder funds, especially those stolen during significant heists.
Who said anything about funding north korea? Just make it illegal to do so. Why does that assume violating my privacy?
You actually can't really stop privacy enabled cryptocurrencies. By all means, I'd like to see a concerted effort to do so. (Because poking the bear will just fuel more cryptographic innovation that dodges control :P)
If I use Tornado Cash, I'm not funding North Korea -- I'm simply using their service. I have no knowledge of who is receiving my stuff and no intent to fund North Korea, therefore I am not funding North Korea. If it happens by accident then oh well, there's no realistic way to tell it happened anyway and there's certainly no way for me to tell it did
It’s still censorship resistant even after the sanction was put in place. Can you point to what transactions are being censored? People can still use Tornado cash without the US govt being able to stop them.
Tornado cash is used by people who buy crypto on centralized exchanges, want to take private self custody of their crypto without the CEX or other entity spying on them.
Gandhi had the benefits of the English being war-weary after WW2 and the world being swept by a wave of anti-colonialism at the time. Quite often it actually ends well before the "you win" stage. The "Occupy Wall Street" people never really got further than step 1, for example.
Yes, it' definitely not a law of physics. It's an adage of value for a reason though too. It's about perserverance, if you can tolerate the previous steps indefinitely then there's a high probability you'll arrive at a later step.
I would say Occupy got at least to step 2 or 3 before they gave up.
I thought of a better example: Fidel Castro surely persevered right up until the end, but despite leading Cuba for almost 50 years it's a stretch to say he "won" in any significant way against the US.
So, it seems that it is prohibited for US persons to send tokens to these smart contracts, or to withdraw tokens from these smart contracts.
What about miners running in the United States? Are US-based miners also prohibited from producing blocks that include transactions that interact with these smart contracts?
And what about blocks that are produced by non-US miners, and which contain transactions that interact with these smart contracts? Might US-based miners be prohibited from validating and building upon such blocks?
Does US law effectively now mandate a fork of Ethereum so that US persons can safely interact with a blockchain that excludes all interactions with Tornado smart contracts? It seems like an extreme implication, but can the possibility be excluded?