It seems strange to me that there is a consensus on this site that communications privacy is a human right but that financial privacy is a terrible evil. In fact all of the arguments pro/con (terrorists, drug dealers, etc can benefit from it) are basically identical yet there exists this double standard. The truth is that these now-sacred laws that ended financial privacy really only started being enforced in America in the 80s and their European equivalents in the late 90s. Are we really any safer now than we were then? The proponents of these laws always claim that if only they could close the loopholes they would be successful. First it was bearer shares, then it was "shell banks", then it was money orders, now it's gift cards, luxury real estate, and cryptocurrency. I am skeptical that closing all these supposed loopholes will actually move the needle on crime. As long as you can 10x your money bringing cocaine from Colombia to America or robocalling grandmas, people are going to do it and new reporting requirements or whatever may make them pay 25% for laundering instead of 10% but it won't put them out of business.
1. I would not call it consensus, for example the top comment on this article disagrees with that ‘consensus’
2. Here are two nuanced arguments about each that I’ve seen:
Communications privacy is good in the small and mirrors the world with earlier technology with some differences. In the large it can allow maintaining much larger conspiracies than were previously possible with private meetings. One may consider it acceptable from a privacy and free speech perspective to allow secret communication in small groups but less secret communication in large groups. Indeed for political speech in a modern democracy you generally want it in public anyway, and WhatsApp and signal have small group sizes so you get this anyway. For very large groups, leaks seem hard to avoid. A counter argument might be that militaries / companies are in some sense like conspiracies in the way they want to keep state/trade secrets. However in typical democracies there may be document release schedules/transparency laws and internal company information may be revealed through patents, subpoenas, or just plain old leaks.
The money argument is that whereas people typically have similar amounts of private speech, some people have many orders of magnitude more money than others. Privacy for communication is then reasonably fairly distributed across the population (though those with more to hide may gain more) whereas privacy for money is mostly an advantage for the people with lots of it. Giving the people who are already rich and powerful this kind of advantage in avoiding scrutiny/taxes may not be considered fair or desirable. A counter argument could be that it is unfair for the rich to be exposed to such increased scrutiny merely because of their money.
> A counter argument could be that it is unfair for the rich to be exposed to such increased scrutiny merely because of their money
I think it is very fine to discriminate against people based in things that give them enormous power, quality if life and they can easily get rid of. Unlike being discriminated and scrutinized for having no money , you can easily escape scrutiny due to wealth by giving away wealth with no meaningful reduction of quality of life (after a given point)
It's really not because of their money, it's because of how they got their money and what they are doing with it and the great harms that accrue to everyone else due to those processes.
True, after a certain amount one has enough money, and the next goal becomes power. One person's power is directly opposed to the power of the rest. And more often than not, untraceable money is a tool to achieve more (unwarranted) power.
Really? You think there is an ending to a sentence that starts with:
"I think it is very fine to discriminate against people based in.."
That's actually good?
Yes. "It is very fine to discriminate against people based on them behaving like assholes" is another one. If you can't point to the injustice in the discrimination and are reduced to claiming all discrimination is bad you have run out of arguments
I’d add that its a very rose colored illusion that is totally the opposite of what happens. KYC/AML guidelines are often used to banish poor people from the financial system.
I’m by no means rich and I’m sometimes getting into KYC hell because my passport have the wrong color. Banks will often flag poor people for the slight things and demand impossible documents. You send the required documents and they keep saying that’s not enough and requesting more and more documents.
I had this debit card company asking me for criminal records (never committed a crime, financial or not) in english and translated by a trusted entity. I’m from a portuguese speaking country and live in a slavic country. I don’t think they were actually expecting me to send those impossible documents and more like the platform wanted me out.
Banks will ban you because you are not worth the risk. They call this “de-risking”. Meanwhile rich people can just hire someone to handle the requests and as we often see in billion dollars money laundering scandals the bank might even turn a blind eye for a while if there is profit in it.
To add fuel to the fire many KYC/AML proponents will justify this abuse by trying to say in a polite manner that its your fault for having born in the wrong place. I’ve actually seen fervent self proclaimed anti-racist pro-immigration people agree with this kind of abuse.
Racism and xenophobia are alive, well and officially sponsored by the general population through the guise of financial crime laws.
I don’t think it’s really intended for KYC/AML/ATF to keep poor people out of the system, though it is true that in practice they mean it’s hard to have access to the financial system if eg you’re homeless or your name is Mohammed and you send remittances to your family abroad. And banks have a shared ‘blacklist’ of people who cause them compliance pains so those people who have a hard time at one bank can end up having a hard time at many other banks.
In reality it is exactly the opposite. The very rich can pay advisors to create all the privacy schemes they want, “optimize” their taxes, etc.
Financial privacy would benefit the middle class way more than the very rich.
> It seems strange to me that there is a consensus on this site that communications privacy is a human right but that financial privacy is a terrible evil
Why is that strange?
Financial 'privacy' allows corporate interests to buy government officials or just buy governments, it allows despots and oligarchs to move money with impunity, allows dictators to steal mercilessly from their people and 'clean' the money in other nations. And yes, it allows terrorists, drug dealers and criminals to go about their business too.
These are not identical concerns to privacy of speech. To paint them as such seems overly reductive.
> Are we really any safer now than we were then?
We are certainly better able to fight corruption and laundering of dirty money in the west than we have been in the past, yes. Are we 'safer'? Who knows, but it's about a lot more than a bit of cocaine, it's about the integrity of democracy itself.
Oh please, this has nothing to do with Democracy. Democracy literally means citizen-power, while this enforcement is removing the power of citizens to come to consensus on which money they want to use. The day there's a fair election at the federal level on any core economy-related topic, then your argument could begin to have something to stand on, but right now it doesn't. This is strictly shifting power away from citizen into the hands of a few.
No, this isn't removing some imaginary consensus process on money, it's sanctioning a criminal money-laundering operation using well established law.
> The day there's a fair election at the federal level on any core economy-related topic, then your argument could begin to have something to stand on, but right now it doesn't.
Just because your system is already broken doesn't mean it's a good plan to enable it to be outright bought.
> This is strictly shifting power away from citizen into the hands of a few.
Bullshit. That is exactly what so-called financial privacy does. "The many" are not incentivised to hide their financial movements because they are uninteresting. "The many" are not using ethereum-based money laundering tools, nor will they. Cryptocurrency in general is already a niche activity of techbros and crimininals. The very, very few.
> No, this isn't removing some imaginary consensus process on money
> "The many" are not using ethereum-based money laundering tools, nor will they. Cryptocurrency in general is already a niche activity of techbros and crimininals. The very, very few.
This consensus process is very real. Money, like language, is something that is only useful when shared, gains importance with increased usage, and eventually becomes unavoidable once it reaches a certain level of adoption. That's why people use dollars, and that's why they may end up using crypto, unless some authoritarian interventions disturb the democratic process of adoption.
> it's sanctioning a criminal money-laundering operation
The Tornado developers are clearly not criminals, or sponsored by criminals. You can talk to them at technical crypto conferences. This is a very different clique from the shady operators of centralized crypto platforms you likely hear about a lot in the news (Binance, Nexos, ...), who certainly did have many links to criminal organizations, and did intentionally help launder money.
And if we disregard intention when calling something a "criminal operation", is the federal reserve criminal for having issued untraceable paper dollars? It's certainly possible to imagine a money system with strict tracing, yet they didn't implement that. It's almost like privacy is not criminal.
There is no "democratic process of adoption", because switching currency without a managed, centralised process is likely to be catastrophic.
> unless some authoritarian interventions disturb the democratic process of adoption.
Preventing money-laundering is not an authoritarian intervention, it's the application of well established law. If your imagined process of adoption relies on it there's something very wrong.
> The Tornado developers are clearly not criminals
I mean, they might well be, as they've provided this service which is not looking very legal right now.
> is the federal reserve criminal for having issued untraceable paper dollars
I mean... clearly not. 'criminal' is not some sort of moral status that can be waved away by saying "but they mean well", or applied to people doing things you can draw vague parallels with.
> There is no "democratic process of adoption", because switching currency without a managed, centralised process is likely to be catastrophic.
Actually this already happens and has happened in many, many countries and time periods. Cities, even private companies, used to mint their own currencies. Nowadays many countries' people use the USD informally. Touristic spots often accept many different currencies. Bitcoin has been accessible to anyone on Earth for almost 13 years. There's nothing catastrophic about it, this is just how the world works.
> I mean... clearly not. 'criminal' is not some sort of moral status that can be waved away by saying "but they mean well", or applied to people doing things you can draw vague parallels with.
The comparison between a service that allows anyone to anonymize traceable-by-default currency (Tornado), and issuers of an anonymous untraceable-by-default currency (the FED) isn't a "vague parallel", it's fundamental. Both were legal at the time of their creation, one got declared illegal, allegedly because it got popular with North Korean hackers.
Few of the examples there are of people "democratically" choosing one currency over another, some of those (company currencies) are pushed from the top down in an unaccountable organisation and are generally acknowledged to be a bad thing. Tourist spots accepting one currency over another means little.
> There's nothing catastrophic about it
A country allowing their own currency to die in favour of a cryptocurrency would pretty much be a catastrophe by definition, involving a failed currency.
> isn't a "vague parallel", it's fundamental
It's a very vague parallel, because one is a state actor, operating with democratic oversight, and the other is a money-laundering operation. You asked if the fed was criminal because of its actions - writing it off as a vague parallel was my way of not just directly calling you an idiot. "Criminal" is a matter of criminal law, and the central banks are established by law. So no, the fed is not a criminal enterprise by definition.
> Both were legal at the time of their creation
I would dispute that Tornado Cash was ever legal, because it explicitly enabled KYC and AML-less money laundering. It just flew under the radar for a while.
FYI most dollar transfers are very traceable, with the right authority, and this is what's missing from a system like Ethereum in general. All this talk about financial privacy misses the fact that financial privacy has been a limited right for a long time - you have financial privacy from your neighbours, sure, but with the right judicial approval that can be stripped away. Making something mathematically impossible to trace is a whole different level and it's not at all surprising that a) it attracted criminal use and b) that the state seeks to shut it down.
So I'll say again - if a money-laundering facility is essential to your adoption process, your process is all sorts of wrong, and the world is a better place without it.
AML is the least effective policy of all times. Infinite cost for practically zero results. 0.2% success rate while it increase costs for everyone and, worse, severely limits economic opportunity for many people in unprivileged industries/countries.
This is the "proportion of criminal funds recovered" [1]. So of the $1.6 trillion laundered out of $2.1 trillion of estimated criminal proceeds, only a few billion were confiscated or seized.
The author then argues for reducing fines on banks and financial institutions, increasing criminal asset forfeiture regimes and moving away from suspicious transaction reporting. (I agree with Nos. 2 and 3; for No. 1, I'm skeptical given the author is a consultant [2].)
Tornado's sanctions were imposed by OFAC. From what we can tell, it wasn't AML reporting but criminal investigations that yielded the tip. Your source thus refutes your argument. Following the author's prescription, we'd now work to investigate everyone around Tornado and seize their assets if they're doing anything illegal.
Criminal asset forfeiture is not civil asset forfeiture. You need to actually prove someone committed a crime that generated the assets, in order to seize them, and the burden of proof is that of criminal law: beyond reasonable doubt, which is much higher than the preponderance of evidence standard of civil law.
>>Following the author's prescription, we'd now work to investigate everyone around Tornado and seize their assets if they're doing anything illegal.
The author didn't suggest investigating any one who privately transacts, but in any case, what you describe would be far more just than the current situation, where all Americans are having their right to use TC denied, under the pain of sanctions law, as a roundabout way of punishing North Korea.
> criminal asset forfeiture is NOT civil asset forfeiture
The author is speaking to a global audience and using those terms colloquially; I parroted their language.
Table 1 [1] mentions "proportion of confiscations attributed to anti-money laundering policies" as its operating measure (and only has columns for Europe and global). Figure 3 [a] measures total US asset forfeitures, which covers both criminal and civil forfeiture [2].
So yes, the paper's prescription would involve investigating, freezing where suspicious, charging and seizing assets. The success metric uses confiscated assets as its numerator.
To be clear, I'm advocating for none of this. Just refuting that source and the figure quoted for AML programmes' success rates. The paper doesn't speak to anything about OFAC, but instead to what should and shouldn't be done after an entity is sanctioned or deemed a suspect.
Not sure why you're trying to whitewash the Treasury's actions. The release they put out highlights the allegation of TC being used for money laundering, and sanctions enforcement is one of the objectives of AML programs.
> why you're trying to whitewash the Treasury's actions
I’m showing why a source is irrelevant to an argument, in part because of some unintuitive jargon. (Though the part quoted by the original comment is straightforward for anyone who reads the paper and the definitions around the 0.2% figure.)
If one takes directly the paper’s suggested endpoint, seized funds as a measure of programme success, it counters the gist of OP’s argument.
> release they put out highlights the allegation of TC being used for money laundering, and sanctions enforcement is one of the objectives of AML programs
AML, in the paper’s context, begins and ends with banks telling on suspicious accounts. For detecting money laundering. TC was fingered by feds analysing the blockchain. That’s police work. Different monitoring mechanism.
The goal is stopping money laundering. But the midpoint, identifying accounts laundering money, and endpoint, seizing those funds, are downstream of the paper’s concerns. To the extent the paper discusses OFAC and similar agencies, it implies an endpoint far more drastic than anything done so far to Tornado or its users.
> the paper is relevant
Tangentially. But not in furtherance of the argument that OFAC sanctions are ineffective.
While the paper is relevant to AML overall, it doesn't really speak towards the efficiency of enforcing sanctions as such. That particular area could be a lot more (or less) effective.
Money has been massively stigmatized, because that is a prerequisite for centralizing control over economic interaction.
The beneficiaries of this centralized control are any one who depends on government spending or regulatory restrictions for their job, it's your parents and neighbours, your partner and cousin. This is a massive cohort - who are over-represented in the top 10% of income earners [1] - who participate in the manufacturing of consent for restrictions on our right to engage in mutually voluntary economic interactions with other consenting adults.
I have to believe the motivation is much more likely placed with the treasury having the most complete view of everyone’s finances, seeing as basically every dollar earned in the US was done so on the shoulders of tax revenue-directed infrastructure, projects, research, and defense apparatus.
Something like this going mainstream would require us to completely reform the way the country collects revenue and might even affect our access to debt, so (in their eyes) why not just stomp out the promising ones with whatever justification is easiest?
> the treasury having the most complete view of everyone’s finances, seeing as basically every dollar earned in the US
Have you followed a financial-crimes investigation? Nobody knows where jack is.
The American payment system is essentially decentralized [1]. Each bank maintains its own books and records and periodically compares parts of them with others and a summary with the central bank to promote consistency. The IRS and Treasury don't systematically share records. (Bureaucratic imperatives, after all.) That's why when the FBI or the CIA or whomever want financial records they have to quietly subpoena banks. To assemble records they do not have.
> this going mainstream would require us to completely reform the way the country collects revenue and might even affect our access to debt
Wall Street has enthusiastically embraced crypto. It's cheaper to run, permits higher fee loading and is regulatory greenspace, which tends to favor sharks. Nothing about crypto makes taxes or debt impossible. Taxes were collected and debt raised for the millennia when cash and commodity money reigned. Crypto is easier to track than either of those.
[1] Aside: the difference between crypto and traditional rails isn't decentralization. It's eager evaluation. The blockchain is always current everywhere. Bank records are not. The latter is computationally cheaper, but at the cost of more error. Centralized banking would involve everyone having an account at the Fed. It has been suggested [a].
I am skeptical of this because if they just wanted to raise revenue at the expense of privacy there are a lot easier ways to do it. They could make FBAR apply domestically. Or just require banks report checks and wires over 50k. Banning Tornado Cash is a kind of decision made by self styled counterproliferation/illicit finance/terror finance/anti corruption "experts."
Yes but this is really only useful for them after they already discovered a target of investigation. Having this information for everyone would make the initial detection of tax evaders substantially easier.
Why are you looking for principles when most reactions are driven by emotion? Many of crypto’s loudest representatives are smug assholes. People love seeing arrogant folks taken down a peg (deservedly or no).
> The truth is that these now-sacred laws that ended financial privacy really only started being enforced in America in the 80s and their European equivalents in the late 90s. Are we really any safer now than we were then?
AML/KYC is not just about terrorism (where it's doubtful if these measures actually have much effect, given how much terrorism is state-sponsored or -backed), it's more about organized crime - and I'd say that yes, organizations like the OG Italian mafia have a way harder time these days. Particularly Italy has made a lot of progress combatting them.
The major organized crime cases of the 70s and 80s were built almost entirely off wiretaps, informants, and a then novel law called RICO which federalized a bunch of former state crimes notably loansharking and gambling and dramatically increased the sentences for those convicted of those crimes. This resulted in dwindling membership and combined with changing demographics is why most mobsters in America are 70-80 years old today.
If anything Italy proves how ineffective these laws are. Every couple of months they announce a 100 million euro Ndrangheta/Camorra related seizure and yet these groups still have thousands of members, still traffic drugs by the ton, and still extort half the businesses in the South.
If you think of consumer purchases when you think of financial privacy, you live in a bubble of privilege.
There are literally countries where people get sent to jail for giving money to pro-democracy groups or journalists.
If you're an American, imagine a scenario where rights are stripped away from people at the federal level and donating to those causes becomes illegal.
Surveillance has impacts far beyond your consumerist lifestyle.
Yes, black markets have never existed and can only be done through the existence of cryptocurrency.
That or you find a plug for your weed (like half of Europe does), abortion pills (like half of the US is about to do) or porn, and you pay with old fashioned cash. I know, not having one click order of your weed is horribly harsh.
Of course not speech is not money but the relationship is that both can be used to facilitate crime, yet only with respect to money is this fact to rationalize the criminalization of privacy.
> there is a consensus on this site that communications privacy is a human right but that financial privacy is a terrible evil
Money can be transferred; speech can't be transferred. That's a significant enough difference to them that "why is privacy for one good but privacy for the other bad?" seems like a facile comparison.
The consensus is that there is a profound difference between slipping someone a dollar bill and slipping them coffers full of cash. We don't need to know where that dollar bill goes, most likely. We do need to know where those coffers went. Scale matters. Quantitative changes are qualitative changes.
Anti-money laundering laws may not prevent organized crime. But organized crime massively benefit from their absence. Solutions don't need to be 100% effective to be useful.
The difference between communications and finance is that finance is integral to the state. Currency and taxes are a core instrument of the state (even its capability for direct physical violence requires finance to maintain and exert). Even so, privacy only applies to SOME forms of communication just as it still applies to SOME forms of finance (though for the latter this is more often de facto than de jure). If you want true communications privacy, you need to build parallel systems that don't interact with public or compromised ones and even then there's the risk of someone taking information from one system to another and leaking it (this is why OPSEC/INFOSEC/COMSEC is such a big deal).
> Anti-money laundering laws may not prevent organized crime. But organized crime massively benefit from their absence. Solutions don't need to be 100% effective to be useful.
Yes but there should be a cost-benefit analysis. The current system of low reporting thresholds across the board and filing SARs on anything that moves does not produce actionable intelligence 95% of the time. No one is against BSA recordkeeping requirements for instance. I am against a system that treats everyone as guilty until proven innocent (thousands of people have had Paypal or Coinbase decide to freeze their funds indefinitely for "compliance reasons") and incentivizes "derisking" left and right. See https://www.wsj.com/amp/articles/account-closed-how-bank-de-... (or https://archive.ph/D3amw).
UBO laws are a great example of poor cost-benefit analysis. Actual criminals will just get stolen identities or homeless people to put down as owners while the 99.9% of law abiding people have millions of unnecessary added compliance hours every year.
The US sanctioning Tornado Cash and the resulting repercussions is deeply concerning. Whether or not you like crypto, you should not be supporting this if you are a researcher, academic, technologist, cryptographer, or privacy advocate. The code for Tornado Cash is a series of cryptographic and mathematical functions that can be repurposed for a variety of applications unrelated to privatizing user wallets. The protocol itself is designed for one reason: to give users privacy through end to end and zero knowledge cryptography.
Allowing it to remain open source and accessible as a tool for blockchain privacy and codebase for cryptographic research is a net benefit for the entire world.
A comparison would be that US decides to sanction the open Matrix protocol along with any user, developer, source host, or sponsor that has ever contributed to it in the past - because it can facilitate end-to-end encrypted terrorist communication.
> The code for Tornado Cash is a series of cryptographic and mathematical functions that can be repurposed for a variety of applications unrelated to privatizing user wallets.
You can deconstruct anything like this: "a gun is merely a set of mechanical parts that can be repurposed for a variety of applications unrelated to shooting things".
Besides, the code or math isn't banned or illegal, the organisation is. Quite different things.
> A comparison would be that US decides to sanction the open Matrix protocol along with any user, developer, source host, or sponsor that has ever contributed to it in the past
That is not what happened so it's not a comparison at all.
The government is not sanctioning the mechanics of a gun. You can read in books and online about how they work in full detail, the “code” and designs for them is usually open. A lot of hobbyists use this to build their own airsoft, potato guns, and other nonlethal mechanisms.
Violence and privacy are also different categories. A weapon that can quickly kill dozens or hundreds of people should arguably be regulated differently than a blockchain protocol that enables user privacy.
> the code or math isn't banned or illegal, the organisation is
There is no organization. The protocol is sanctioned - meaning if you fork the code, or build your own implementation, you risk the same fate as the tornado cash developers.
> That is not what happened so it's not a comparison at all.
It is very similar. The US sanctioned the Tornado Cash protocol and anybody who is using or contributing to it.
> The government is not sanctioning the mechanics of a gun. You can read in books and online about how they work in full detail, the “code” and designs for them is usually open. A lot of hobbyists use this to build their own airsoft, potato guns, and other nonlethal mechanisms.
The government hasn't sanctioned the code of Tornado Cash, only the concrete instance present on a couple wallet addresses.
When I use the public knowledge of a library book on how to create a gun to actually create a gun, I create an instance of a gun - and in all developed countries, I will run into weapons laws and regulations at that point. As for spud guns, these are questionably legal or outright banned in many large nations outside of the US [1].
The government has explicitly said that all property and interests in property of Tornado Cash, and anybody found to be supporting it it any way, is blocked. This is why GitHub and all hosting services will refuse to allow it on their platforms.
The code is implicitly sanctioned. Any person who posts the code will probably have their repo removed, and maybe their account flagged or deleted. If you continue to try posting the code to many different hosting services you might be seen as supporting Tornado Cash, and could be facing jail time.
The protocol - the math and rules - is also implicitly sanctioned. If you build a new protocol using similar cryptographic tools, you will probably face similar risks.
> only the concrete instance present on a couple wallet addresses.
If you feel this US will stop at only these addresses, you are very naive. Any individual can fork the protocol, and it will be on a new address. Any individual can also build a competitor to Tornado Cash using similar cryptography, and they will probably also be putting themselves and their project at risk of US sanctions.
> When I use the public knowledge of a library book
However, the information is free - you can find it in a public library, and nobody is attempting to censor it.
There are two separate problems here. One is that the US sanctions are leading to censorship of knowledge and cryptographic research, which is concerning. The other is that the US sanctions are targeting an open source protocol enabling E2EE privacy on the blockchain, not that different than if they were to sanction Matrix protocol.
> Besides, the code or math isn't banned or illegal, the organisation is. Quite different things.
Which shows the US government still don't understand cryptography, cryptocurrencies, smart contracts, or Open Source.
The Tornado Cash "organisation" is just a bunch of researchers and open source developers, now being sanctioned for having the gaul to write code that is privacy-preserving. The Tornado Cash smart contracts live on on every chain they are deployed to, and the IPFS-hosted UI is untouched.
Amusingly, you can also prove transaction history with Tornado Cash if you want to, for example, to prove to law enforcement or a bank that your funds are legitimate. So these sanctions are only actually going to affect legitimate users who simply wanted on-chain privacy, such as "famous" people with `.ens` domains attached to their addressses.
The Tornado Cash project was explicitly advertising itself as an organization and officially looking to pay developers, as well as having a copy that screamed "you can launder your money through us". Hell, the only reason half the crypto people I know mention using tornado is to obscure your money after you've stolen coins or scammed some NFTs. It was not "researchers" "banding together" for a higher privacy preserving purpose. From the very beginning it was made to launder cryptocurrency.
Absolutely hilarious that cryptobros were the first ones to scream that blockchains allowed for a fully open history and that anyone could see where the funds of their banks were coming from, but the moment they can't hide that they have $200k in cryptocurrencies and that they bought $2000 worth of stuff on analbeadsandcocaine.eth, they cry foul. It's working exactly as designed.
The goal of Tornado Cash has always been privacy. I would tell you to look at the GitHub repo yourself, and you’d see a range of developers contributing to this open source project, and lots of side projects that are influenced by it. The code is one of the most popular and earliest production grade zk-SNARK circuits built with Circom that targets the EVM - the cryptography employed was very high quality and helping to push privacy forward in the blockchain space.
But alas, the code and any research knowledge it provided has been removed to comply with this deeply unethical move by the US.
Yes, privacy to help hide your coins acquired through dubious means, we know that. That some researchers got suckered into it thinking that it serves a higher purpose is regrettable, but tornado has always been about laundering money.
Despite what you're attempting to lie about, the tornadocash code is not illegal. Feel free to repost it on any host that does not work with the US (or that isn't as trigger happy as github). The Tornado Cash organization has been blacklisted. The cryptography that runs it hasn't been made illegal.
> Feel free to repost it on any host that does not work with the US
An obvious place to post this code and protocol would be on Ethereum, which is censorship resistant. This is what the original developers of TC have done, and the result is a contract that becomes immutable and accessible, and is now the target of the sanction.
But I will not do that, as that would put me at risk of 30 years of jail time.
I will also not post the code on Gitlab or another service, as the repercussions can be severe. Whether it is just my Gitlab account being deleted, or whether it is more significant like the US government investigating me, I do not want to put myself in that situation.
However since you are the one saying there is no problem at all with it, I wonder if you would like to do that for us?
> Yes, privacy to help hide your coins acquired through dubious means, we know that.
It is sad that you default to assuming criminal behavior. The same argument is being made today by politicians and governments to try to add back doors to E2EE chat protocols and cryptographic signature schemes.
>However since you are the one saying there is no problem at all with it, I wonder if you would like to do that for us?
Unfortunately, most of the services I use comply with US law and would therefore be likely to remove the repository immediately. As a second, very unfortunate point, I don't give a shit about reposting a service whose primary purpose is money laundering. Very sorry about that. Maybe researchers could have thought for a second before putting all their efforts on what is widely known as a mixer made for money laundering.
>It is sad that you default to assuming criminal behavior.
My dude. 20% of the transactions going through Tornado Cash were for money laundering. The 80 other percent literally only serve the purpose of hiding the trails. If TC was used 100% for money laundering, everyone would still know that everything coming out is still illegal money. Having "legitimate" transactions going through (whether from privacy conscious users, or people sending legal money though to blur tracks) is a feature of every money laundering service.
My dude. It is not illegal to seek privacy on the internet, privacy is not a crime.
Matrix, Tor, PGP, these are all beneficial tools for the world, used by people that are not criminals. These are also widely known as tools used by criminals.
It is indeed, not illegal to seek privacy on the internet. It's not illegal in real life either! However, if you end up seeking shelter in a known mobster joint, maybe don't be so surprised when it gets closed down, you get kicked out and you're considered suspcious for a while.
lol. the same argument is being used by politicians to try and stifle development of Tor and E2EE chat apps - "only criminals need to use these privacy tools."
Zzzzz. You're not interested in accepting that you can be wrong, and conflate whole ecosystems with products in an attempt to blur the lines and sell your precious Web 3 future.
Banning Tor as a whole is stupid, because it's not meant to be only used for that, and is a protocol. However, putting anyone who regularly posts on overthrowthegovernment.onion on a watch list is reasonable (even if they only posted pictures of kittens), as well as is closing the website, as much as possible, since it causes a net harm on society as a whole.
Banning E2EE as a whole is stupid, because it's not meant to be only used for that, and is a protocol. However, raiding the office of the man that hosts the "Bring The 4th Reich" chatroom is reasonable, as well as closing it and keeping a close eye on anyone who participated is also reasonable (even if they only posted pictures of kittens), since it causes a net harm on society as a whole
Banning cryptocurrencies as a whole is stupid, because it's not meant to be only used for that, and is a (bunch of) protocol(s). However, sanctioning the service that is mostly used to launder money (which comes from criminal activities) named tornado.cash is reasonable, as well as keeping an eye on everyone that participated (even if they only wanted to hide their transactions) since it causes a net harm on society as a whole.
Welcome to the real world, where going to the seedy place where at least 1/5th of the people in there are engaging in criminal activities might get you in trouble. Feel free to look for a mixer that does a little bit of research on the source of the funds before taking them in. You are not entitled to privacy if your actions may cause harm or contribute to causing harm on society.
your argument rests on the axiom that tornado cash protocol is only being used for illegal money laundering, which is not supported by the evidence - this line of thinking is directly comparable to the claim that the Tor protocol is only used by criminals. sad that you are unable to make this connection.
> your argument rests on the axiom that tornado cash protocol is only being used for illegal money laundering, which is not supported by the evidence
If it was only being used for money laundering, it wouldn't actually be laundering. To launder money you need to mix up your illegal funds with a larger pool of legal funds to give some plausible deniability to whether your funds are legal or not.
Not sure if that is correct. If 100% of funds entering a mixer were from many different exploits, it would still be laundering and obscuring the source of funds from illegal activity. It would no longer be clear which wallets are associated with which hacks.
Still money laundering, just not with clean money on the other side.
Lmao no. The whole point of a launderer is that you can't know if it's clean money or not. You _need_ a stream of clean money to hide your dirty cash in. Otherwise you just have a firehose of dirty money.
In this hypothetical scenario, it would all be dirty, but you would have no way to pinpoint which funds are associated with which illicit activity. At this point it becomes hard to levy any specific charges: "you are hereby charged with either breaking into a $100M bank vault, or fleecing grandma for $10, but we aren't sure which exactly."
In practical terms it might not matter, the funds would just be frozen. But it is still a form of money laundering that obscures the true source of the funds.
I'm pretty sure that money laundering exists to hide an illegal source of money, not to put a flashing siren on your head and dare prosecutors to figure out what you did.
The Tornado Cash organization was not sanctioned, the contract addresses were. The Europeans were not sanctioned, a registered entity was not sanctioned. The code was sanctioned and this is new. The code and all the pooled funds were sanctioned simply because there is no way to distinguish withdrawals from licit or illicit funds and playing on the popular and incorrect perception of deposits being illicit, and this is new.
There are many more similarities to the analogy presented. Analogies compare dissimilar things for the ways they are similar, not the ways they are different.
In this case, the private sector - Github - responded to the sanctions by deleting the accounts of contributors to Tornado Cash github repository.
No one has said you can't distribute the TC source code.
What you can't do is run a money laundering service with it. And the vast majority of TC transactions seem to have been exactly that - ways of hiding crypto from tax offices.
> A comparison would be that US decides to sanction the open Matrix protocol along with any user, developer, source host, or sponsor that has ever contributed to it in the past - because it can facilitate end-to-end encrypted terrorist communication.
A better comparison is the Phantom Secure sting, where a network that was used for primarily criminal purposes was shutdown.
> No one has said you can't distribute the TC source code.
The government has explicitly said that all property and interests in property of Tornado Cash, and anybody found to be supporting it it any way, is blocked. This is why GitHub and all hosting services will refuse to allow it on their platforms. If you try to publish TC source code, you could be considered aiding the blocked persons, and face up to 30 years in jail.
If you build a new implementation of the same or similar protocol, you might also be putting yourself at risk.
> And the vast majority of TC transactions seem to have been exactly that - ways of hiding crypto from tax offices.
The vast majority of TC transactions are for privacy. How much of that is evading tax offices or illegal money laundering is less clear. Estimates put it in the 10-20% range[1]. There are many users that would like to use TC but have avoided it because of the lack of regulatory clarity. Had the US government instead come out saying specifically that TC-style privacy on blockchain is a right that all users should be entitled to, the rates of non-criminal activity would probably be much higher than 80-90%.
> A better comparison is the Phantom Secure sting
This is a poor comparison. Phantom Secure was not an open source E2EE protocol like Tornado Cash or Matrix - it was a private company and network led by a single individual who profited immensely by selling devices to known criminals.
If you think TC is comparable to Phantom Secure, then Matrix and Tor should also be comparable to Phantom Secure, but of course that is a bad comparison.
>>What you can't do is run a money laundering service with it. And the vast majority of TC transactions seem to have been exactly that - ways of hiding crypto from tax offices.
This is a completely baseless allegation, that seems to rely on nothing more than the assumption that seeking privacy is an indication of criminal intent. It's the kind of logic used to rationalize dragnet surveillance programs that do away with privacy rights.
>>A better comparison is the Phantom Secure sting, where a network that was used for primarily criminal purposes was shutdown.
That's completely incomparable. That was a service to sell bug-proof phones, not the phone itself, and the service was expressly marketed to criminals to avoid police surveillance. The police infiltrated the service and bugged the phones.
The Matrix example, where a generic privacy tool is outright banned, is far more comparable.
GitHub removed it because if you're a US company, you'd rather err on safety and cut all contact with not just the blacklisted company itself but everything related to it, because there is nothing worse than the US Financial Services looking into you.
In the same way that if you ask me to keep a bag and I learn two days later you've been arrested for murder, I'm definitely not keeping that bag, even if the bag itself isn't accused of murder.
In US Constitutional law, bare communication has significantly greater protections than the non-speech-related transfer of money from one party to another.
True. And that only goes to highlight that the US consitution is not a universal inherent moral code for humanity, but ideas on how a bunch of people in a region should get along.
While this applies in this instance, it doesn't make it right.
Any foreign contributions to any US political campaign are forbidden, so no?
> Federal law prohibits contributions, donations, expenditures(including independent expenditures) and disbursements solicited, directed, received or made directly or indirectly by or from foreign nationals in connection with any federal, state or local election. This prohibition includes advances of personal funds, contributions or donations made to political party committees and organizations, state or local party committees for the purchase or construction of an office building funds under 11 CFR 300.35, and contributions or disbursements to make electioneering communications.
I'm sure if you traced campaign contributions back you'd find what is legal already isn't that much different. I'd much rather see money out of politics.
Author here. That is a gross oversimplification imo. Money can be used for expression of speech but most commercial transactions shouldn't fall under it. I am of the opinion that money laundering/tax evasion etc are illegal activities which should be monitored and banned. Blanket banning a legitimate service by uploading Etherscan tags is super stupid and affects a lot of normal people.
Equivalent would be to block all withdrawals/deposits for all users at an international bank because they were found to be violating AML laws in some country.
A financial system is a communication system about the transfer of money (or perhaps other valuable assets). It is the transfer of money/value that brings this out of free speech and into the domain of financial law, not the mechanism of how that transfer is encoded.
I'm really starting to think there is an argument where the OFAC list cannot apply to smart contracts, at least on Ethereum or EVMs.
OFAC literally means the Office of Foreign Assets Control, it cannot be applied domestically to American assets.
In EVMs, no node is aware of which node saw a transaction first to relay it to miners. Therefore, one argument is that the deployment of the contracts cannot be known to be done in a non-American source. To strengthen an adversarial argument one could move to the account owner that paid for the contract deployment, but I believe there are challenges for that as well since sole custody of a private key cannot be known, only assumed.
This isn't to weasel around any attempt at government control or consequences, only the OFAC designation. It seems like the incorrect authority.
> This also might be the first time where a piece of code got sanctioned.
It's not, though. The project got sanctioned and by extension the services it provides. The blockchain implementation of said service is rather unique, but I don't think this is technically any different from projects like Popcorn time being sued/shut down despite their p2p systems.
The difficulty with smart contracts is that it's hard to take those services down. After all, you can't take a smart contract out of ethereum. The legal ramifications of this are interesting: the undeletable nature of blockchains and their capacity to store arbitrary data or execute arbitrary code could taint the entire blockchain when bad actors unleash services that cannot possible be taken down, causing anyone participating in the blockchain system to be an accomplice. Or perhaps the governments of the world will look at this more pragmatically and simply consider the contract dead, only sanctioning new people who call upon the contract to execute transactions.
This indestructibility of the blockchain is often sold as a benefit, a way to stick it to the government, but the real world doesn't care about your technical implementations when the police tells you to shut it down. Designing a system that you cannot control or shut down may not be a great idea, especially if interactions with said system are logged permanently and publicly.
> It's not, though... any different from projects like Popcorn time being sued/shut down
An OFAC sanction is orders of magnitude more serious than Popcorn Time being taken down via DMCA requests and lobbying. I don't think that's a fair comparison.
Author here. Agreed that software projects regularly get sanctioned. I meant to imply "smart contracts".
Also, Didn't the US try to also ban crypto algorithms and in-effect certain math itself?
Ethereum has hard forked once with the DAO. It needs a significant divergent of opinion - like 10% of all miners splitting off into their own network, client tooling, platforms, and ecosystem.
It is not something that can be done on a whim and can’t happen every time the US adds a new address to their sanctions list.
Technically, Ethereum has hard forked multiple times, for example to avoid "ice age" difficulty cliffs that were supposed to force the switch to proof-of-stake multiple times now. But the vast majority of miners, and importantly, the currency exchanges, have all been on the same side of those forks.
The contention was that it can happen to remove/censor contracts or transactions, not that forks don't happen more broadly. It seems the point still stands that there was a single fork around the DAO and the odds of anything like that again are basically zero.
In theory you could fork it away, if you can talk everybody into it. What you can't do is prevent someone from launching a similar contract afterwards.
Don't you think the type of contracts that are likely to be sanctioned by world governments are exactly the type of contracts that will be unlikely to implement a suicide method?
The good thing is that it's become a "hobby" mechanism. Imagine the scenario where you come into £1m in cash by "finding" it. What are you going to do with it? You can't buy a house, you can't put it in the bank, you can't invest it in stock or a pension. You could subsidize your lifestyle a bit - but not vastly due to the risk of someone noticing.
The best idea that I can come up with is to start a cash business and launder the money through that; for example a burger van or something... Probably you could build that to about 100k a year and get away with it, just, maybe. Quite a lot of work and inconvenience to do it. Of course you could try and get it laundered in a criminal conspiracy (a-la breaking bad) but you will just get robbed. Maybe used cars would work as well.
Maybe you could drive round and buy up some nice wine or something like that that keeps for a long time... I think you can pay cash for a couple of hundred without attracting too much attention.
You are on the clock as well - every 5 years or so the notes change and stop being accepted.
The point is that cash works well for the low end informal economy, builders and plumbers and window cleaners can make their businesses work with it. It doesn't work so well for oligarchs. Crypto does. That's just one reason it's so bad and I don't mourn for this.
The state will not give up it's monopoly on money or violence. Anyone who challenges either of these will find the other deployed against them.
I'd identified this pattern before that cash provides a sort of "non scalable privacy". Individual notes aren't really traced and normal size cash transactions can be private. The larger the transaction, the larger the physical bundle of notes gets. You can fit £1m into a briefcase maybe, but if you want to move $12bn you need a serious military operation: https://www.theguardian.com/world/2007/feb/08/usa.iraq1
Whereas with digital money, one penny and a trillion dollars are equally weightless. Huge transactions that can't be interdicted start to raise problems for the state, as you say.
> You are on the clock as well - every 5 years or so the notes change and stop being accepted.
In what country are you basing this comment on? I haven't heard of any cash notes becoming "outdated" or "expired" after five years in any country I frequent.
> It doesn't work so well for oligarchs
It does work well as long as everyone is inside the gray/black markets, as they won't ask questions where you got your £1m cash from when you buy a property in the dark from them. How do you think most large shipments of drugs are being sold/bought? Trading cash for the drugs, almost exclusively. That's why when the police does busts of large shipments, they often come across large cash stashes as well, if the deal was just made.
A more spectacular example happened in the Northern Bank robbery when a significant fraction of all the bank's notes in circulation were stolen from its vaults; the bank decided to replace them making all the stolen but unlaundered ones worthless.
The US is unusual in not explicitly withdrawing old note series from circulation, despite their lacking modern anti-counterfeiting features.
To a great extent all this AML is because of the "war on drugs" and the extensive use of large amounts of cash in drug dealing. Financial sanctions are a more recent reason.
Generally you have to take them to a bank after a while, and eventually to the Bank of England. The paper 20 and 50 notes cease to be legal tender next month so people can accept them but probably won’t.
Here in Belgium they're making a serious effort to stamp out the use of cash. It's harder and harder to get it, cash machines just close down or are inside a building that closes at 8PM, 10PM even in areas full of bars.
The thing is that it's become so easy now to pay by card, basically anyone can get a payment terminal the size of an iPhone and all cards are now contactless.
So while I'm against it, I think the govt + banks are successful and we can't provide many counter arguments apart from privacy / libertarian ones that most people dgaf about
For those who think this is a good thing: can you explain why people should have access to HTTPS and Tor (web privacy), PGP and Signal (communication privacy), but not Tornado Cash (financial privacy)?
>[The Congress shall have Power] To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes
4th amendment
>The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Basically, when you engage in commerce, your rights to be secure and have privacy in personal matters is diminished because you've entered into a public sphere interacting with others with money.
Law gets to reach in and have influence in how people exchange money and goods, but not into their personal affairs. There are graduated levels of "this is my business" vs. "laws can be made about this behavior" depending on the activity.
So the Commerce Clause exists because the Continental Congress was pretty ineffective without it. It doesn’t really say anything about whether financial privacy should exist. That’s a question for us to figure out.
In my opinion, there's a good case to be made that money laundering laws themselves should be repealed[0]. But I'm afraid this is way outside the Overton window at this point and "too big to fail" (see FATF, an international organisation which gets countries financially blacklisted for not complying with its anti money-laundering rules). People have forgotten about the old-school pre-1989 way of catching criminals with police investigations, gathering evidence of a crime, etc.
> People have forgotten about the old-school pre-1989 way of catching criminals with police investigations, gathering evidence of a crime, etc.
Nonsense. AML laws are precisely a way to ease police investigations.
It's true that they aren't very effective against the largest criminals. That should be fixed by forcing disclosure of beneficial ownership arrangements but that has turned into a roadblock for investigations now precisely because AML laws mean police investigations can get that far.
For example, police investigations used to be stymied by numbered Swiss bank accounts. Now AML laws mean that is no longer a protection, and now they are stymied by being unable to force disclosure of who is the beneficial owner of "This is not a criminal gang PTY LTD" from the Cayman Islands.
>That should be fixed by forcing disclosure of beneficial ownership arrangements but that has turned into a roadblock for investigations now precisely because AML laws mean police investigations can get that far. For example, police investigations used to be stymied by numbered Swiss bank accounts. Now AML laws mean that is no longer a protection, and now they are stymied by being unable to force disclosure of who is the beneficial owner of "This is not a criminal gang PTY LTD" from the Cayman Islands.
Are there any actual examples of this? Nearly every major jurisdiction, including UAE, BVI, all of EU, have UBO registers now (except America because despite having authority to do so FINCEN can't make a basic CRUD website). UBO in terms of actually stopping crime is useless because there is nothing that prevents people from lying about it. There are lawyers who will find homeless people to serve as straw men in just about every place in the world. If you're involved in drugs or large scale fraud the extra 2 years or whatever from lying on the UBO form doesn't deter you anyways since if you get caught it will run concurrent with the 10 years you got for your actual crime or it will make your plea deal slightly worse.
I did not know that but the point largely still stands. Banks also have to do customer due diligence which is basically the same thing so they will have this info anyways. You can come up with an endless list of loopholes and then claim if only they were ended would AML laws be more effective. We’ve had 40 years of debates like this and there are always new excuses. The laundering techniques for drugs for instance now just look closer and closer to regular commercial activity (i.e. TBML) which makes it difficult for the government to understand what’s going on and ultimately prove at trial.
Are you claiming that laws that make money laundering an illegal activity should be repealed, or that the AML laws that are supposed to help detect money laundering should be repealed?
You cannot transact in such a way as to break source/destination. It is built into the system. It is an axiom that has been etched into stone, and is fundamental to the way the system works. Tax authorities can't do their thing without it. Law enforcement can't do their thing without it. The Feds can't keep foreign adversaries out of the system without a reasonable amount of compliance with GAAP.
It absolutely blows that apparently professional discretion is dead; and businesses like Plaid/Visa/card providers/payment processors/merchants are passing around transaction data like hot cakes. However, the agreement was made through legislative consensus that auditability, and due process constrained financial record access served the public interest more than it hurt it.
Personally, I think we're too intrusive in financial monitoring right now, especially in reference to the lower end of the income bracket, and way lighter on the higher side than we should be, but it is what it is at this point. I'm just a bit nervous about the abusability of this mechanism at this point.
Being able to anonymously transfer unrestricted amounts of money around the globe simply enables tax evasion and money laundering making crime easier to profit from.
People who want to see a functioning society and pay their taxes get screwed. The rich and criminals get to do whatever they want.
So, business as usually really, but average person has to take the small wins when they get them.
Personally i think the permanent public record of the blockchain is a good guard rail. If you want to make small transactions anonymously cash is there.
I'm not an expert on this, but I think it comes down to Tornado being primarily associated with fraud/crime related transactions. Similar to Silk Road being shut down while Amazon was left to grow. Both had some percentage of fraudulent products, but only one was viewed as existing primarily to facilitate fraud/crime.
How much of it the hiding of otherwise-legal income? If the figure is closer to the difference between 7 billion figure and the 1.5 billion of sanctioned money then it’s only a matter of time before the treasury justifiably comes after them.
Laundering clean money is generally actually legal (subject to otherwise obeying relevant laws, and not trying to defraud people).
For example, if somebody who owns several private businesses, including one that people frown upon but that makes them a lot of money (think producing legal pronography), but have their businesses interact in such a way that to most people it looks like they are making most of their money from real estate investments, that is generally fine as long as they follow applicable tax laws, don't try to bypass the government's anti-money laundering controls, and are not trying to defraud others by saying something like "Look how much money I'm making from real estate investment. Your investment firm should hire me."
But here we had a mixer service where an estimated 20% of funds it hides were criminal in nature. It is not legal to knowingly facilitate criminal money laundering. If viewed as an unincorporated association operating this service (which is how the treasury views this), and with that sort of proportion of its use being criminal, it is implausible that the operators did not know that the service was being widely used for illegal money laundering, not just the legal kind. Because of this, the operators had a duty to modify the service they offer to make it harder to use for illegal money laundering, or to shut the service down entirely.
If you want to run a smart contract based mixing service like this, you pretty much need to design it to only accept funds that someone has verified are not criminal proceeds. Perhaps you as the operator does the verification, or perhaps to avoid centralization you allow for a variety of trusted organizations to verify lawful nature of the source of the funds, with each organization after verifying creating some form of signature for the mixer user to submit along with the funds to avoid the transaction getting rejected.
> Because of this, the operators had a duty to modify the service they offer to make it harder to use for illegal money laundering, or to shut the service down entirely.
You don't seem to understand how smart contracts work. You upload the code and it lives on forever. Unless you code a way to shut it down or modify it there is no way to do so.
Tornado cash the app on Ethereum is still alive and well today and will probably be alive and well in 2100.
I would encourage anyone who considers making an argument that X is associated with $bad_thing, consider that you usually only believe it's associated because of powerful propaganda/marketing has made it seem so.
in my opinion fairly straight-forward but I suppose unpopular answer.. they shouldn't. Privacy doesn't overrule other interests of the state and for me it's a case-by-case issue.
https is primarily used for legitimate purposes and without it the internet wouldn't function in a secure way. Tornado Cash is at the other end of the spectrum. It barely makes sense to use it for anything that isn't crime. Private messaging sits somewhere in the middle. I think demands to be able to tap communication with a warrant are legitimate.
> What happens to the FOSS developers who contributed to the project? Are they sanctioned as well?
devs were mostly anonymous, IIRC. Coindesk says “Tornado Cash developer Roman Semenov's GitHub was suspended.” [1]
> What will happen to the tainted money? This figure is about 400M$. I expect a secondary market for TCtETH (Tornado cash tainted ETH)
indeed. the feds haven’t seized any money. the 10,000s of TC users still have anonymized possession of decent sums of money and have effectively been told “you can’t legally use this for goods and services”. have the feds just created a bunch of $1000 coupons for DNMs?
> What happens to the protocols/pools/(d)apps which interacted with it?
contract still live, i assume. i think it was governed by a DAO so if they haven’t/don’t hurry up and lock that down there’s risk of a malicious takeover as the TORN token devalues. if you blacklisted everything that these tokens interact with you'd blacklist like 10% of crypto. AMMs and bridges are in some sense just a much more diffuse tumbling service. i guess it works for now because most people running Ren nodes (for example) don't understand that they're helping people launder, whereas the TC service is much more in-your-face.
Tornado Cash published their UI a month ago. their GitHub’s been taken down but i expect mirrors will surface. it should be totally possible to keep using the service — expect significantly decreased liquidity — and the fun part (for me) will be to sit and watch to what degree the decreased normie use of TC kills the thing v.s. just slows it down.
the GitHub ban is a warning to me though. i’m in (non-crypto) circles where we largely host our own repos, but few of us publicly mirror the software we build upon. makes me think i should start doing so in advance.
> have effectively been told “you can’t legally use this for goods and services”
No, they haven’t. When the Russian central bank was sanctioned, everyone who’s done business with them didn’t lose the dollars they were paid. They’re under more scrutiny, when they spend any of their dollars, because they were proximate to a sanctioned entity. But the funds are still theirs.
Some users still have their funds inside the Tornado ecosystem. Its more like having your money in a bank account in Russia and you no longer have a legal way to get that money back to the US.
> contract still live, i assume. i think it was governed by a DAO so if they haven’t/don’t hurry up and lock that down
Most smart contracts are deployed in such a way as to be immutable. They can also be cloned trivially. The source has already been backed up to IPFS.
They might as well ban elliptic curves.
Also, someone already used TC to send 0.1ETH to dozens of celebs such as Jimmy Fallon and Dave Chappelle, because crypto works like email. You can't prevent someone from sending something and you can't prove it was or wasn't them that initiated it.
If I send you 0.1 ETH and your wallet already had 8.76 ETH then you engage in 100 transactions and trades and in the process you zero out the account a few times and you refund the account a few times. Which 0.1 ETH is sanctioned? At which address? When it was swapped in a Uniswap liquidity pool for a defi token which was provided as collateral on Aave then borrowed against in RAI only to be swapped for NFTs that were flipped for a profit and distributed to 27 different addresses?
> contract still live, i assume. i think it was governed by a DAO
Just chiming in to make it clear that the protocols that have to do with the core service are not governed by a DAO and are fully immutable. Nobody can change or shutdown those smart contracts without the blockchain itself manipulating things, which is for all intents and purposes impossible.
>"the GitHub ban is a warning to me though. i’m in (non-crypto) circles where we largely host our own repos"
I am a small fish that develops software products for clients and for my own company. The chances of me being punished by Github are probably close to 0 since I do not do anything even remotely related to money, politics and other "hot and exiting" areas. Still unless explicitly requested by client I always host my own stuff either on my premises or on rented dedicated servers from OVH and Hetzner. The whole idea of someone else controlling my assets drives me up the wall and I am trying to avoid it as much as reasonably possible.
It is a rather longish explanation so I'll skip it as I am in no mood for such task. But it is my belief that they do not have level of control and influence that is anywhere close to Github. Especially when it comes to source code.
There are a ton of legitimate, non-criminal reasons to use Tornado Cash. Maybe it just feels weird for random strangers on the internet to be able to figure out your net worth when that's not something you share with my family and closest friends.
The real thing at stake here is freedom of speech. Following this OFAC announcement the code was immediately censored from Github. This is because OFAC violations can land you in jail for up to 30 years. This means that code, which is clearly just speech, is being censored. Either first amendment, free speech rights will be eroded or governments will have to relinquish their control when it comes to who deciding how you can spend your money. Governments clearly aren't going to give up their control without a fight.
Sometimes there's a political and ideological aspect to our work as software engineers. I'm reminded of brave heroes like Martin Hellman and Phil Zimmermann who risked going to prison over our right to access cryptography. The internet as we know it today only exists because they were willing to break the law at immense personal risk.
We need people with that kind of courage more than ever today.
"Free speech" means you are free to express opinions, code isn't speech in this context. Otherwise it would be impossible to prosecute those who distribute viruses, as viruses are "just code".
> I really hope that the political authorities dig deeper and technically understand services like Tornado cash and come to a realisation that criminal behaviour exists everywhere and cannot be blanket banned by shutting down legitimate services. You can’t just end up banning hard cash just because its used by criminals and for money laundering. (They tried this in India but it didn’t go as expected).
First we had "drugs", then we had "terrorists", then we had "pedophiles", and now we have "money laundering". All of these things really do exist and really are bad, but their negative impact on society is strategically overstated and the measures taken against them are mostly ineffective against the thing they are purported to combat, yet cause significant amounts of "collateral" damage to the privacy and freedom of all of us.
So the article says the blockchain is, by design as a public ledger, a privacy nightmare.
And we have to use it (for some unstated reason).
So the only solution must be to enable money laundering so people can get their privacy back.
My take: that seems kind of backwards. How about we just don’t use the thing that purposely exposes everyone data? If people want privacy then that seems like a design flaw.
Enabling (maybe limited) money laundering is not a good solution. It’s a very odd band-aid on the real problem.
This is a false dilemma. We have more choices than “enable money laundering” and “no one has privacy”.
Would you say strong encryption vs government backdoored encryption is a false dilemma too?
I think these are analogous issues, and we have seen several times that if there is a backdoor, you can not keep it so only the "good guys" have the key. So this is a true dilemma, you can either have strong encryption or backdoored encryption.
I believe the financial privacy vs money laundering is also a true dilemma. If you have privacy, money laundering is trivial. If you can not money launder, you do not have privacy.
Additionally, just because you trust the financial institutions you deal with does not mean you have privacy.
You have more privacy than you would on a public ledger, but some people have privileged access and can see all your financial information.
This lack of transaction privacy does enable censorship[1].
However, I think most people are willing to exchange their privacy for anti-money laundering.
The thing is, many people are ok with giving up some of their privacy to trusted institutions like a bank - which is how traditional financial privacy works, beyond cash. Society runs on trust, and banks (used to be?) some of the most trustworthy institutions from this point of view.
However, few if any people are ok with making their entire purchase history public - which is what BTC does, unless you use something like TornadoCash.
Basically, the problem of having privacy + AML is easily solved with a trusted 3rd party that can check transactions while still keeping them private from most others. Crypto's insistence on avoiding trust is self-defeating, as always.
> This is a false dilemma. We have more choices than “enable money laundering” and “no one has privacy”.
Which other choice is there? AML as-implemented is literally a policy that says you can't have digital transactional privacy, which is the only reason privacy technologies violate it when no other lawbreaking occurs.
And it has <= 0.2% effectiveness and high compliance costs.
Anti-social forces policy (anti-mob policy) in Japan has been highly effective at cutting off the funding sources of the yakuza to the point that they simply can't recruit anymore:
The meat of Japan's policy is AML/KYC and very actively cutting businesses off from financing if they have ties to the yakuza.
Actual results show that the paper you're referencing is simply incorrect. The paper focuses heavily on how much of the funds are recovered, and how much money is being moved undetected, but doesn't seem to consider how much more would move without enforcement.
I’m fine with AML. I’m not someone who is a privacy absolutist and thinks it shouldn’t exist.
My #1 concern is privacy from other people in my banking transactions. You know those Twitter accounts that post everywhere celebrities fly? No one should be able to do that for what I buy. Bitcoin gives anyone that information by design. I don’t like that.
But again, I think the article’s solution is attacking the wrong problem.
> I’m fine with AML. I’m not someone who is a privacy absolutist and thinks it shouldn’t exist.
Why are you fine with it if it has significant costs and doesn't even work?
> My #1 concern is privacy from other people in my banking transactions.
This is everybody's concern, some people just realize that "other people" include authoritarian governments, corrupt law enforcement and anyone who can hack your financial institution and then post everything they're required by law to collect on the internet.
> Bitcoin gives anyone that information by design.
> This is everybody's concern, some people just realize that "other people" include authoritarian governments, corrupt law enforcement and anyone who can hack your financial institution and then post everything they're required by law to collect on the internet.
And these people are concerned about the wrong things, in general. You can't live a good life under an authoritarian government, under corrupt law enforcement, or with a bank that is easily hacked into.
The solution is not to try to distance yourself from these things through magical technology and then be amazed that the authoritarian government or corrupt law enforcement attack you for even using that technology. The solution is to fix the government, law enforcement, and financial institution technical security. All very hard things to do, to be clear, but they actually work, and fix many other problems. Using TC works until it doesn't.
See that was kind of my original point. Why do problematic things to paper over Bitcoin problems if they’re not issues elsewhere. Why not just use Monero instead?
If a technology makes money laundering a prerequisite to privacy, the technology itself is bullshit. There's no need to spend words to justify this further.
In no other industry would you find for example, "we made a better hammer, but when you use it to drive nails as a minor side effect, it may/may not fund the abuse of children and development of nuclear weapons by rogue states"
If you truly believe in privacy, it's okay to simply say the technology is fundamentally broken by design and seek a better alternative.
No, money laundering is a consequence of any technology that tries to remove trusted 3rd parties from finance while not completely giving up on privacy the way Bitcoin does, which is an absurd goal in and of itself.
You can have excellent privacy while not permitting money laundering if you have good, trustworthy banks that properly enforce AML while not cooperating with law enforcement unnecessarily.
Let's say you're a business that accepts crypto and what if someone sends you ETH or some coins like USDC. Is it your job to check that these coins didn't come from Tornado? It's quite hard to do that. What if account A got their ETH from Tornado, then sent it to account B, which then exchanged the ETH to USDC on Uniswap, which then sent the USDC to account C, which then sent the USDC to you.
This is a problem for Bitcoin as well. What if someone got ETH from Tornado. Then converted the ETH to renBTC (https://renproject.io/) on Uniswap. Then converted the renBTC to BTC. Are those Bitcoins now somehow tainted?
This new law makes crypto essentially unusable (at least for US persons).
Are you sure? That's usually not how US sanctions work - they claim extraordinary jurisdiction. E.g. BNP Paribas were fined for transacting with Iran even though they're a French bank and France has not sanctioned Iran (to that extent).
That's what the OFAC press release explicitly claimed[0]. There are plenty of countries outside the U.S. doing business with Iran by the way, see this thread[1]. The press release I found on the Paribas case states that they were using the U.S. financial system to violate sanctions[2].
You linked to [1]. Better links might be [2][3]. Broadly speaking, if you're an SDN (a) U.S. persons are prohibited from doing business with you and (b) your assets under U.S. jurisdiction are subject to seizure.
That second bit is the problematic one. Because due to secondary sanctions, even a non-U.S. person interacting with an SDN can be subject to asset seizure. So in practice, anyone who has a U.S. nexus will stop doing business with you. (Or the U.S. can take their stuff. Also, everyone who doesn't want the U.S. to take their stuff will stop doing business with them.)
If $1B collectively were to be donated to the democratic and republican parties via Tornado Cash (and they had to use TC to claim it), I suspect we'd see a pretty fast reversal of this sanction.
>Any (d)app you use will instantly know your entire transaction history
>Imagine you sign up with your email on a random website and they suddenly now have access to your entire bank statement. Higher medical insurance premiums because they know that you transacted often in an online pharmacy. Expensive delivery charges because they know you can afford it.
Isn't this a major issue with Ethereum-SSO whether or not Tornado Cash is sanctioned? If you need to use a mixer to avoid any site you sign into gauging your net worth, isn't it kind of broken by default?
Yes and this is a case where the best technology doesn't win, but the first technology to come to market or the first technology with the first killer app. But this bug can be viewed as a feature. Give a person a hammer and everything becomes a nail.
There are other cryptocurrencies that use ring signatures or zero-knowlege-proofs to obscure sender history without the need for centralized mixing services.
> Higher medical insurance premiums because they know that you transacted often in an online pharmacy. Expensive delivery charges because they know you can afford it.
Sometimes I manage to forget how depressing the healthcare system in the USA is, but am always jarringly reminded in the most unexpected of places
What will happen to the tainted money? This figure is about 400M$. I expect a secondary market for TCtETH (Tornado cash tainted ETH)
This is why crypto was never fungible or useful for privacy purposes. Gold and other precious medals can be melted. Crypto can never be seamlessly mixed. No matter how hard you try, transactions and trails can be reconstructed. The only way to mix is to generate a huge amount of noise.
This was inevitable. For the past 2 years or so years hackers would process their loot with Tornado. There is no way the govt. would stand for this. It's similar to how the Wanna Cry hack , in 2017, made KYC much more common because the hackers used exchanges to convert stolen BTC into monero. All it takes is a handful of people to abuse a service for it to be tainted/ruined for everyone else.
> No matter how hard you try, transactions and trails can be reconstructed.
Except the opposite is true. Tornado cash protocol is working well enough in its privacy features that the US government feels the need to threaten any business touching it directly or indirectly.
Imagine you made this argument for E2EE. The US government can sanction and ban the use of Matrix and all other E2EE chat protocols making it very difficult for users to engage with them - but this does not mean the cryptographic protocols are failing to provide privacy and security.
ZCash, Monero, and MimbleWimble implementations such as Grin are seamlessly mixed; it's not a problem with all cryptocoins, just some. I think it's a much bigger problem for Ethereum than for Bitcoin, too, because Bitcoin doesn't have accounts, just unspent transaction outputs.
The non-blinded nature of some blockchains has always been a theoretical risk to the fungibility of their cryptocurrencies, and there have been isolated cases of blacklisting. Today that threat has suddenly materialized in a very significant way. Very likely that will create pressure toward cryptocurrencies with strong anonymity.
Yep, which is actually specifically what tornado.cash was.
It was a zk based mixer.
As you say:
You absolutely CAN seamlessly mix crypto, but it will show a point in it's history where it says "this is where the crypto was seamlessly mixed"
That's only because tornado cash was a single contract and was mixing ERC20s that were not issued under a zk protocol. If you control the whole banana via a rollup or layer 1, absolutely, you can achieve complete privacy.
Yes, it breaks the link from the original addresses to the new one, but it shows as coming from Tornado Cash. That's why this sanction is such a big deal. There was a paper that showed that Tornado cash privacy can be possibly compromised by studying transaction attributes https://link.springer.com/chapter/10.1007/978-981-16-9229-1_...
The US has been hostile to the businesses around crypto for some time now, this is just one more reason to keep it away from the eyes of the US govmt if you are in their jurisdiction.
TCtETH is not a thing... Ethereum is not using a UTXO model and even if it was some serious off chain analysis would be required to make something like that work
This is why you don't publish addresses. Ever. You use them once and toss them. Any system that requires otherwise is subject to the same fate as Tornado eventually.
That said, blacklists are an asinine idea cooked up by people eager to score PR points. All it takes is one single conduit out to render the list useless in achieving its stated goal.
This fiasco really shines a spotlight the fundamental defect of crypto, which is that (if you're using it directly and not having a third party hold your assets) it's extremely not anonymous unless you behave exactly like a money launderer.
> While it is no secret that this service was used by criminals (like DPRK) to launder their money, there are some legitimate use cases for such a product as well.
It's funny how digital asset enthusiasts always conflate money laundering and private exchange of cash.
There are fixed legal limits of cash transfers. When crossing borders you literally have to declare cash exceeding certain amounts. In the US the police can even confiscate suspicious amounts of cash.
When they talk about private cash transactions as an equivalent of crypto money laundering, they pretend they're talking about putting a $20 bill in a Birthday gift card, buying a copy of Sports Illustrated at the bodega or tipping the neighbor's kid for mowing your lawn. These aren't scenarios where cryptocurrencies are currently useful and as long as cryptocurrencies behave more like a speculative asset (which doesn't seem to change any time soon) these will still be better served by cash.
What cryptocurrencies instead currently supplant are transactions that would otherwise be handled by bank transfers, credit card payments or online payment processors who have to follow very strict auditing requirements to explicitly prevent money laundering. If you provide a slower, more expensive, less widely used option whose main advantage is "privacy from government surveillance", it will attract exactly the kind of transactions that people don't want to do on systems designed to prevent money laundering. In other words: money laundering.
If you want digital cash that's hard to trace, scammers have long since found a tool for that: gift cards.
Am I supposed to feel terrible for people who got caught up in a money laundering scheme because they worked on the technology but maybe didn't actually launder any money? Because that's not going to happen. Anyone with a brain knew what Tornado Cashs' primary use case was, and they also had to know that governments are not fond of money laundering schemes. Leopards eat faces all the time.
From the analysis being shared around, ~10% of transactions via TC were from hacks, the rest the vast majority are individuals protecting their privacy. as in their human right to do. its a block of code that uses cryptography to hide information. like tor or https. there are many many valid reasons to do this.
i know hackernews doesn't like crypto, but come on maybe question why we are fine with this government overreach? maybe question is this a trend we want to support as "hackers"? could we consider the fact that all governments in the world have a history of abusing surveillance to harm their citizens? you know not long ago i could be locked up for being gay, maybe standing up for cryptography is a good thing to do?
but oh no bitcoin is icky good job government protec me from the bad ideas.
Thank you for your comment to restore my sanity. It's absolutely mind blowing how seemingly progressive people cheer when authority is rapidly expanded at the cost of privacy and personal freedom.
> the vast majority are individuals protecting their privacy.
i get your point but i don't know if it's true. on various occasions, i've wanted to (1) anonymize my funds before sending them to a discreet cause and (2) generate return on the funds i hold long term. for (1) i specifically avoid TC because going through a tumbler points a huge target of "this is suspicious activity", thereby drawing more attention to me specifically (attention isn't good for privacy). for (2) TC became an appealing place to park ETH particularly after ETH-denominated yields plummeted during this last DeFi crash (TC pays fees to the mixing pool). do we know how much of that "90% of non-hacked funds" involved in TC were provided by privacy advocates v.s. good ol' capitalists seeking returns from laundering?
Am I supposed to feel terrible for people who got caught up in a terrorism scheme because they worked on encryption technology but maybe didn't actually blow up any buildings? Because that's not going to happen. Anyone with a brain knew that encryption is primarily used to plan terrorist attacks, and they also had to know that governments are not fond of terrorist attacks. Leopards eat faces all the time.
He's trying to be sarcastic but failing at it. The primary focus of creating encryption was to keep messages secret from military enemies. It was later used for non-military purposes. The primary focus of the creation of Tornado Cash was to facilitate money laundering. Privacy was the public justification for its existence, but not why it exists.
> The primary focus of the creation of Tornado Cash was to facilitate money laundering
This is a GIGANTIC claim that you're going to have to evidence. Alexey Pertsev, Roman Semenov, and Roman Storm all studied STEM subjects at university, spent years working as pentesters, QAs, SWEs etc, as some sort of long-con to create a money laundering platform? What a totally absurd thing to say, and is quite frankly insulting to the entirety of this site.
Not as much of a dunk as you think. For some reason we take it for granted that all electronic financial activity must be logged and monitored. Things could have easily gone the same for all electronic communication, and the people arguing against encryption used the same exact arguments as the people arguing against financial privacy in this thread. That is what my sarcastic comment, and your comment illustrate.
From what I understand, the us govt. cannot just prosecute people for using tornado cash, because privacy in and of itself is not a crime. It means however, that exchanges will probably scrutinize it much more. It compromises the fungibility of Ethereum tied to tornado cash.
Primary use case is privacy. Just like "right to be forgotten" in Europe, as part of GDPR, which is a law on the books. Blockchains cannot forget, and everything is traced, so the only way to be forgotten on chain is via a mixer of some sort.
That's my right as a sovereign, free man, to decide how I do my business. And it's not for you or anyone else to decide what math or algorithms I use to achieve that.
Just chiming in to say that GDPR doesn’t apply to financial data. Financial companies are obligated to keep you data for a long period of time and is a case where GDPR requests do not apply.
