Tornado Cash and collateral damage

By Jake Edge
August 17, 2022

On August 8, the US government sanctioned the Tornado Cash cryptocurrency mixer for money laundering. The sanction means that no US citizen or company can interact with Tornado Cash in any way, all assets of the organization are to be reported so that they can be seized, and more. But at the core of Tornado Cash is a chunk of open-source code for "smart contracts" that run in the Ethereum blockchain; that code was "seized" as well. There are some disturbing implications here for our communities.

Mixing

Tornado Cash is (or was) a service for mixing cryptocurrency in order to provide privacy protection for the owners. While transactions on cryptocurrency blockchains are pseudonymous, the parties are only identified by public keys, there are ways to trace the transactions and to associate individuals with their holdings. Early on, one of the attractions of Bitcoin was its anonymity, but that turned out to be illusory. Cryptocurrency mixers provide a means to restore some level of anonymity to the system.

Mixers (or "tumblers") work by collecting up a bunch of deposits, which get coalesced into larger chunks over a random period of time, then doling out portions of that chunk as withdrawals at a later time. Naturally, a percentage of the deposits (1-3% normally) typically stay with the service as profit. Because the deposits and withdrawals are not synchronized in time, users can break the link between a particular chunk of cryptocurrency and their holdings. Privacy-conscious users presumably change the patterns of their withdrawals by using differing amounts than those of the deposits to further obfuscate any links.

Someone who wants to donate to a cause that might be unpopular with some nation-states (say, money for Ukraine) might use a mixer to avoid problems from a donation being traced back to them. Of course, there are others who want privacy for less savory reasons: criminals of various sorts. It seems clear that mixers are used for money laundering, but many tools, perhaps all, can be used for both good and ill. Typically, however, tools are not prosecuted (or sanctioned), people are.

There is a point at which any anonymity or pseudonymity generally must be shed due to existing anti-money-laundering protocols. In particular, when someone wants to turn their cryptocurrency into, say, US dollars (or any other real currency), they have to work with a financial organization that is subject to the "know your customer" (KYC) guidelines/rules. The financial organization will gather identity information from its customers establishing a link between a given address and a person. That is one of the prime reasons a criminal might want to mix their ill-gotten gains before a withdrawal, but there are perfectly legitimate reasons for others to do so.

We do not normally post our bank balances to the world at large, nor our credit-card purchase history. But if a link can be made between a particular address/key and an individual, that's effectively what would be available—stored immutably on the blockchain. A data breach at a KYC-following organization could "out" all of its customers, their holdings, and their transactions. It does not take a criminal mind to want to avoid that kind of disclosure.

What is the legal status of ten units of cryptocurrency obtained legally that is mixed with one unit, say, from some crime source? We deposit our money into banks that undoubtedly take in some deposits from dubious sources as well, but the presence of the "bad" money does not normally taint withdrawals made from them. Perhaps the goal is to force these mixers to follow KYC, but the nature of the Tornado Cash transaction means that there really is no "custodian" to do so.

The smart contracts that underlie Tornado Cash work in such a way that the participants and the smart-contract code share the custodial duties at some level. The contracts are programs that run on the blockchain to ensure (assuming no bugs) that all of the various parties perform the actions required of them. The code to make that all happen used to be available in the GitHub repository for Tornado Cash, but the repository disappeared on August 8 as well.

Beyond that, these smart contracts are still floating around the Ethereum blockchain and nothing—other than concern for being tainted by association with Tornado Cash perhaps—is stopping anyone from using them. In fact, someone would appear to be trolling the authorities by sending small amounts from prohibited Tornado Cash addresses to prominent people; those transactions cannot be declined, but receiving such a "gift" is technically in violation of the sanctions.

Reactions

Given that code has been found to be protected free speech, at least in the US, causing its removal from GitHub seems like a clear violation of the constitution. Cryptographer Matthew Green noted that, but also pointed out the irony of removing code from a distributed, decentralized revision-control system like Git. One suspects there are thousands of copies of the Git repository available in various places and that any attempt to "disappear" the code further will only make it spread.

The Electronic Frontier Foundation (EFF) is also concerned about this action, noting that the list of sanctioned entities has an open-source project (i.e. Tornado Cash) on it. It is worth noting that no individuals are on that list, which is mostly just a long list of cryptocurrency addresses, along with three other entries: "TORNADO CASH (a.k.a. TORNADO CASH CLASSIC; a.k.a. TORNADO CASH NOVA); Website tornado.cash; [...] Organization Established Date 2019; [...]"

However, GitHub went further than just taking down the repository for Tornado Cash; it also suspended the accounts of founders and contributors to the project. Beyond that, authorities in the Netherlands arrested one of the founders on August 12. Various other organizations have completely distanced themselves from Tornado Cash as well, including other cryptocurrency firms freezing assets associated with Tornado Cash. Meanwhile, anyone subject to US laws who has cryptocurrency deposited into Tornado Cash contracts cannot (legally) access it. Given the nature of the smart contracts, and the tenacity of the US government, anyone in that position should probably plan to simply walk away from those assets—ill-gained or no.

GitHub may well have had no choice but to remove the Tornado Cash repository, though the futility of doing so is fairly obvious. The code is effectively just collateral damage. But it would not be surprising to learn that repositories with the full history of the project, albeit with different hash values, already exists elsewhere on GitHub itself. Creating a mirror-image repository from a starting point one byte different than the original will create an entirely different Git "blockchain", after all; evading checks for identical object hashes is similarly trivial.

Suspending the contributor accounts is harder to understand, however. As noted, no individuals are on the sanctions list so there is no obvious reason (other than taint) to suspend them. It also seems likely that those contributors had other projects on GitHub; now those projects are unavailable, which may have a ripple effect throughout our communities. Those who are using GitHub for their projects may want to carefully consider what the company might do to their repositories—without any real evidence and no charges—down the road. GitHub is certainly not required to host anything or anyone, but these kinds of actions seem sure to give developers pause about using its services.

The press release from the US paints a typically bleak picture of what Tornado Cash has "done", though "facilitated" seems far more accurate. There are several notorious cryptocurrency thefts mentioned, including one made by a rogue state (North Korea), where the proceeds were laundered via Tornado Cash. Some $7-billion dollars worth of cryptocurrency was laundered that way, the release said, though that seems to lump any legitimate uses in with the criminals since that is the figure widely used for the total of all Tornado Cash transactions.

There is no doubt that criminals should be caught, convicted, and punished for these and other crimes, but it is easy to downplay the collateral damage of this kind of action by trying to paint it as mostly affecting criminals. It is all part of the same playbook that attacks strong encryption and tools like Tor because they can also be used by terrorists, child sexual abuse offenders, and the like. It is true that those tools can be used to facilitate such activities, but so can a wide variety of other things. The tools are not at fault.

Here at LWN, we generally do not pay much attention to the machinations of the cryptocurrency world—all of that tends to be far outside of our remit. There is a fair amount of distasteful hype, snake oil, and scams that go with that territory as well. But this event is not about any of that stuff, really; this comes down to a question of fundamental freedoms and human rights. As with the much-maligned asset forfeiture scheme, governments are taking things away, without due process, and forcing those wrongly affected to demonstrate how they were wronged—often at great expense.

This kind of event could also be something of a bellwether test for the "freedoms" and "rights" of code. The Tornado Cash code exists, it is running on an infrastructure that cannot (easily) be shut down; meanwhile, it can be used for good or not. To what lengths will humans go to try to make the bad things stop happening? Perhaps HAL 9000 is watching—with popcorn.

to post comments

Tornado Cash and collateral damage

Posted Aug 17, 2022 22:44 UTC (Wed) by NYKevin (subscriber, #129325) [Link] (18 responses)

Personally, I am generally not in favor of the US government (or anyone) imposing restrictions on FOSS code. But I think the "code is speech, so therefore I can do whatever I want" argument is a stretch, and the courts are likely to just sweep it all under the "speech integral to criminal conduct" exception (or the local equivalent in non-US jurisdictions) rather than actually trying to engage with the philosophical problems here. For example, you can be convicted of conspiracy to commit crime X, for most possible values of X, even if you personally have done nothing to further crime X other than agreeing to participate in it. That is a criminal conviction arising out of speech, but we have no free speech problem with it. See [1] for a much more in-depth (if rather US-centric) discussion of these issues, but the short version is, the free speech argument is probably a loser, and trying to advance it here is just going to make it easier for the government to regulate other FOSS projects in the future.

And then there's this line of reasoning:

> We do not normally post our bank balances to the world at large, nor our credit-card purchase history. But if a link can be made between a particular address/key and an individual, that's effectively what would be available—stored immutably on the blockchain. A data breach at a KYC-following organization could "out" all of its customers, their holdings, and their transactions. It does not take a criminal mind to want to avoid that kind of disclosure.

This is, frankly, an ethical argument, not a legal argument. There is no legal exception to KYC for public blockchains. The fact that KYC happens to be more onerous on public blockchains than on more traditional banking operations is, from a legal perspective, the problem of the person who chooses to use such blockchains in the first place. Similarly, the fact that there is no single entity who is capable of complying with the KYC obligations does not extinguish those obligations. If anything, it violates them, which is probably why the US government decided to sanction Tornado.

For my own private use, I'm wary of cryptocurrencies for precisely this reason. At any time, the US government might abruptly point to some arbitrary set of UTXOs or addresses and say "these are tainted, and anyone associated with them is hereby sanctioned." Honestly, my main reaction is surprise that it took them so long to do this. My assumption is that they were waiting for someone to violate the KYC regulations in a particularly spectacular or egregious fashion, so that they would have an easier time if it ever went before the courts.

(All of the above is my own personal opinion, and has not been endorsed or approved by my employer or anyone else.)

[1]: https://scholarship.law.cornell.edu/cgi/viewcontent.cgi?r...

Tornado Cash and collateral damage

Posted Aug 18, 2022 4:44 UTC (Thu) by nybble41 (subscriber, #55106) [Link] (14 responses)

> For example, you can be convicted of conspiracy to commit crime X, for most possible values of X, even if you personally have done nothing to further crime X other than agreeing to participate in it. That is a criminal conviction arising out of speech, but we have no free speech problem with it.

We absolutely *should* have a free speech problem with this. The person being convicted has done nothing wrong; certainly nothing which would justify punishing them. All you have is possible evidence of intent ("possible" because they could have been lying when they agreed to participate); so long as it remains *only* intent and not action there is no just basis for a conviction.

> There is no legal exception to KYC for public blockchains.

KYC/AML generally requires some particular legal entity like a bank or crypto exchange which is responsible for mediating the transaction and recording the data. Otherwise there is no "business" involved and thus no "customer" to be known to them. Public blockchains have no customers, just individuals dealing with other individuals. That's putting aside the fact that the KYC/AML requirements are themselves a pretty obvious example of exactly the kinds of over-broad searches without even a hint of probable cause which are prohibited by the 4th Amendment, whether we're talking about a public blockchain, a cryptocurrency exchange, or traditional banking.

By limiting yourself to merely legal arguments about what the law currently is and dismissing the ethical ones about what it *ought* to be you allow your opponent (who, after all, *writes* the laws and thus can always ensure that they work in their favor) to dictate the terms of the discussion.

Tornado Cash and collateral damage

Posted Aug 18, 2022 5:50 UTC (Thu) by NYKevin (subscriber, #129325) [Link]

> We absolutely *should* have a free speech problem with this. The person being convicted has done nothing wrong; certainly nothing which would justify punishing them. All you have is possible evidence of intent ("possible" because they could have been lying when they agreed to participate); so long as it remains *only* intent and not action there is no just basis for a conviction.

Under US law, the exact rules for conspiracy will vary somewhat by state (if prosecuting under state law), but in general, the prosecutor needs to prove that the defendant agreed to participate, and that any person took at least one "overt step" in furtherance of the conspiracy. So you can't get prosecuted for just agreeing to some hypothetical nonsense that never actually happens, the conspiracy does actually have to get off the ground to some extent. However, it doesn't have to go very far; you could be convicted of conspiracy to commit bank robbery if, say, a co-conspirator purchased a ski mask.

On the other hand, under the Sherman Act, corporations can be fined purely on the basis of making agreements with one another "in restraint of trade," which is the basis of pretty much all antitrust prosecutions in the United States. Now, you can argue that corporations should not enjoy free speech rights, but then you have to explain why Disney should be free to produce whatever movies they want, The New York Times should be free to write whatever editorials they want, and Random House should be free to publish whatever books they want, as all of those things are currently protected by corporate free speech. That protection would cease if corporations did not enjoy free speech rights, although the Times at least would probably still benefit from freedom of the press. But stretching freedom of the press to cover all other forms of corporate publication (such as books and movies) would effectively reduce to the same thing as corporate free speech.

> KYC/AML generally requires some particular legal entity like a bank or crypto exchange which is responsible for mediating the transaction and recording the data. Otherwise there is no "business" involved and thus no "customer" to be known to them.

You underestimate the ingenuity of US lawmakers. They thought of this loophole ages ago, and criminalized it under 31 USC 5324, more commonly known as "structuring." There does not need to be a specific financial institution involved to violate that law. All you need is some combination of transactions which has the practical effect of evading the reporting requirements applicable to traditional finance, and which is intended to do so. That is exactly what any mixer service is doing, regardless of whether it qualifies as a "financial institution" under the law.

> By limiting yourself to merely legal arguments about what the law currently is and dismissing the ethical ones about what it *ought* to be you allow your opponent (who, after all, *writes* the laws and thus can always ensure that they work in their favor) to dictate the terms of the discussion.

The law has not changed to disfavor blockchain. Blockchain was designed well after the current legal regime was established. The fact that it was intentionally designed in such a way as to make compliance difficult or impractical is entirely the problem of the people using it, not the problem of the legal system. This is the typical Silicon Valley "move fast and break things" attitude, and I have extremely little sympathy for it.

Tornado Cash and collateral damage

Posted Aug 18, 2022 11:20 UTC (Thu) by camhusmj38 (subscriber, #99234) [Link] (1 responses)

Conspiracy is punishable because we want to stop people committing crimes rather than just tidy up afterwards. And we want to discourage people from agreeing to commit crimes. If A comes to me with a plan to murder B which he can only carry out with my support, my agreeing with him to support the plan has enabled a crime to be committed.

Tornado Cash and collateral damage

Posted Aug 18, 2022 13:11 UTC (Thu) by farnz (subscriber, #17727) [Link]

We also want to avoid a situation where a crime has happened, but because there's enough diffusion of responsibility, no-one can be penalised for it. Conspiracy gives you a way to punish the people who set up a crime, even though no one person did enough to reach the bar for charging them with that crime.

Tornado Cash and collateral damage

Posted Aug 18, 2022 14:14 UTC (Thu) by mcatanzaro (subscriber, #93033) [Link] (10 responses)

> The person being convicted has done nothing wrong

Oh come on, this service exists almost exclusively to facilitate money laundering. Pretending otherwise is silly and unconvincing. A little common sense would tell you that washing money through a crypto mixer is probably not a good idea if you want to avoid trouble with the law.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:16 UTC (Thu) by hummassa (guest, #307) [Link] (6 responses)

> Pretending otherwise is silly and unconvincing.

This exact argument can be used to make bittorrent illegal. And it would be equally wrong, for the same reasons.

Tornado Cash and collateral damage

Posted Aug 18, 2022 19:01 UTC (Thu) by malmedal (subscriber, #56172) [Link] (4 responses)

No, for instance every few months I torrent the latest pbf file from open street maps. This will not put me at risk of transmitting something from a Disney movie. However if I were to take part in a mixer I'd have no way of knowing if the money involved were legal or not.

Tornado Cash and collateral damage

Posted Aug 19, 2022 13:36 UTC (Fri) by hummassa (guest, #307) [Link] (3 responses)

Your argument was even if one shows legitimate uses, the only *purpose* of the mixers is to facilitate money laundering and it translates one-to-one to even if one shows legitimate uses, the only *purpose* of bittorrent is to facilitate the illicit exchange of copyrighted material.

But, if you want to get pedantic, try this one:

This exact argument can be used to make TOR illegal. And it would be equally wrong, for the same reasons.

> No, for instance every few months I torrent the latest pbf file from open street maps. This will not put me at risk of transmitting something from a Disney movie. However if I were to take part in a mixer I'd have no way of knowing if the money involved were legal or not.

Now if you use TOR to access the latest pbf file, you *would* be at risk of transmitting a Disney movie, some request for illicit substances, or even worse. And then what? Let's jail every TOR developer?

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:47 UTC (Fri) by immibis (subscriber, #105511) [Link] (2 responses)

I will not be surprised at all if the US government decides to jail every TOR developer, relay operator and user. It's just what they do.

Tornado Cash and collateral damage

Posted Aug 22, 2022 8:51 UTC (Mon) by geert (subscriber, #98403) [Link] (1 responses)

Guess who started with the development of TOR? ;-)

Tornado Cash and collateral damage

Posted Aug 23, 2022 5:22 UTC (Tue) by wahern (subscriber, #37304) [Link]

Wei Dai's PipeNet protocol may have pre-dated or at least been contemporaneous with the work of that other group. See, e.g., https://cryptome.org/jya/pipenet.htm But I think the Onion Routing protocol was published in a journal before a full description of PipeNet became available online.

But beyond that, AFAIU TOR itself saw usage by a certain [other] U.S. intelligence agencies, which is why TOR never saw much opposition from the U.S. government--one hand blunted the other.

Tornado Cash and collateral damage

Posted Aug 19, 2022 22:59 UTC (Fri) by marcH (subscriber, #57642) [Link]

> This exact argument can be used to make bittorrent illegal. And it would be equally wrong, for the same reasons.

No, money and information are absolutely not the same thing. Repeating this wrong analogy a million times will still not make it correct.

Obvious differences in nature aside, dictators and oligarchs want (dark and stolen) money to flow freely and confidentially - not information.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:26 UTC (Thu) by paulj (subscriber, #341) [Link] (2 responses)

Only bad guys need privacy.

What about donating to a charity for a social cause that is currently unpopular or highly polarised?

Tornado Cash and collateral damage

Posted Aug 19, 2022 1:39 UTC (Fri) by nybble41 (subscriber, #55106) [Link] (1 responses)

Exactly. "Money laundering", as the term has come to be used, is just a pejorative label for financial privacy. There is no implication that there was any actual crime involved beyond the failure to comply with KYC/AML laws by disclosing private data about the transactions to the government—information which, at least in the United States, ought to be protected from this sort of dragnet search devoid of probable cause by the 4th Amendment.

Camouflage is extremely common both in nature and in human society as a form of non-violent self-defense against those who would otherwise prey on others weaker or less protected than themselves. Employing it is not evidence of any kind of wrongdoing. Mixers are an effective way to introduce camouflage into your financial dealings. They serve a useful and perfectly legitimate function, especially in distributed systems where the details of every transaction would otherwise be open to the public.

Tornado Cash and collateral damage

Posted Aug 19, 2022 13:37 UTC (Fri) by hummassa (guest, #307) [Link]

THIS. I will quote you both on this, just inform please if you'd like some attribution.

Tornado Cash and collateral damage

Posted Aug 18, 2022 9:24 UTC (Thu) by paulj (subscriber, #341) [Link] (2 responses)

For my own private use, I'm wary of cryptocurrencies for precisely this reason. At any time, the US government might abruptly point to some arbitrary set of UTXOs or addresses and say "these are tainted, and anyone associated with them is hereby sanctioned."

This is why you should favour CryptoNote based protocols. The most widely used of which would be Monero. There is no way for an observer to determine precisely which UTXOs transferred values to which other UTXOs. For a) The addresses in each transaction are ephemeral derivatives of the actual addresses, and only the owner of the address can recognise it as their own; b) Even if an observer broke a (by correlation or otherwise), the TX includes a number of other pseudo-randomly selected UTXOs from the block-chain, and the input and output values are cleverly obscured such that observers can not know what the values are (but still able to verify they balance - no double spend). Every TX in Monero is basically a mixing transaction over some apparently randomly selected set of TXOs. An observer can only assign probabilities that an UTXO sent to another, and this explodes the graph of possible transactions very quickly and makes chain-analysis intractable (within the XMR block-chain).

Tornado Cash and collateral damage

Posted Aug 18, 2022 17:40 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (1 responses)

My concern with Monero is that the government might well decide that the entire blockchain is in violation (or, if you want to be pedantic about it, the client and/or mining software, as they did with Tornado Cash).

Tornado Cash and collateral damage

Posted Aug 19, 2022 11:06 UTC (Fri) by paulj (subscriber, #341) [Link]

I suspect it's a bit like Tor, they won't ban it because they use it themselves (intel services, e.g.).

Just the first step

Posted Aug 17, 2022 23:40 UTC (Wed) by tbird20d (subscriber, #1901) [Link] (8 responses)

I believe this is just the first step of governments using existing banking and securities regulations to take down cryptocurrencies in general, probably to the benefit of society at large. See https://www.currentaffairs.org/2022/05/why-this-computer-...

Just the first step

Posted Aug 18, 2022 1:18 UTC (Thu) by frostsnow (subscriber, #114957) [Link] (7 responses)

>So, back in the 1800s, we didn't have the Federal Reserve.
>What happened is, basically, fraudulent banks sprang up. They were called wildcat banks because they'd often have animal pictures on the bank notes. What they would do is take deposits and issue pieces of paper, completely unbacked. And when state bank regulators would come along, the wildcat banks would have barrels of coins that were fake. All but the top layer was just junk, with a top layer of gold coins. Or they'd cart around a barrel to all the branch offices just ahead of the inspectors.
How is this effectively different from what the Federal Reserve has done?

Just the first step

Posted Aug 18, 2022 1:46 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (6 responses)

1. The Federal Reserve is part of the government. Its chair is appointed by the President and confirmed by the Senate. The President can fire the chair "for cause" according to the law, or for any reason if you believe in a rather extreme version of the unitary executive theory (which does sound a bit out there, but the current US Supreme Court might very well go along with it...).
2. The Federal Reserve is not trying to make a profit (and indeed, it would make no logical sense for the Fed to try to do that). It is trying to keep the inflation rate (and by extension, the economy) steady.
3. The Federal Reserve is, at least to the best of my knowledge, not actively lying to people about what it is doing.

Just the first step

Posted Aug 18, 2022 5:03 UTC (Thu) by rsidd (subscriber, #2582) [Link]

I suspect the person you are replying to is arguing against fiat money in general, ie the idea that the Federal Reserve can just print dollars. But yes, there is a difference between random local banks doing that, and the Federal Reserve doing it within the structures you mention.

Just the first step

Posted Aug 19, 2022 5:15 UTC (Fri) by frostsnow (subscriber, #114957) [Link] (4 responses)

1. My understanding is that the Federal Reserve is *not* part of the government; only an *intermediary* of some form is appointed by the President.
2. If they are trying to keep the inflation rate steady then they're doing a poor job.

Just the first step

Posted Aug 22, 2022 15:16 UTC (Mon) by nilsmeyer (guest, #122604) [Link] (3 responses)

> 1. My understanding is that the Federal Reserve is *not* part of the government; only an *intermediary* of some form is appointed by the President.

The chair of the Federal reserve is nominated by the President (of the United States) and confirmed by the Senate. It's also the procedure for the members of the board, one of whom is normally selected the chair.

The structure of the Federal Reserve is a bit odd (compared to other federal agencies) in that it is comprised of regional federal reserve banks which are corporations (however chartered by the government). Banks participating in the federal reserve system can buy shares in those banks, it's important to note that these shares come without voting rights. Those banks are also required to bid at treasury auctions.

This is often conflated into the conspiracy theory that the federal reserve system is a private corporation run for the benefit of a cabal of bankers - this is often laced with a heaping of antisemitism.

> 2. If they are trying to keep the inflation rate steady then they're doing a poor job.

To be fair, they do not have a lot of tools at their disposal, only being able to influence interest rates.

Just the first step

Posted Aug 22, 2022 22:57 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (1 responses)

>> 2. If they are trying to keep the inflation rate steady then they're doing a poor job.
>
> To be fair, they do not have a lot of tools at their disposal, only being able to influence interest rates.

Also, if they act too aggressively, they could cause a recession. If they don't act aggressively enough, they won't accomplish anything. And they have to worry about both consumer expectations and monetary reality, because both those things affect inflation to a significant degree. It's a hard problem.

Just the first step

Posted Aug 23, 2022 11:48 UTC (Tue) by Wol (subscriber, #4433) [Link]

Just look at the Bank of England raising interest rates to drive down inflation. Given that the number of households struggling to afford mortgage / rent / utility / food payments is rising sharply, everybody's screaming "what do you think you're doing!"

The one good side to this is that house price inflation has remained roughly stable. And given that general inflation has just about overtaken house price inflation, that means that real house prices have stopped rising. And if house price inflation slows sharply (there'll be horrendous screams if it goes into reverse, even if that is a good thing), then at least it means homes will become more affordable for those who are legally allowed to get a loan !!!

(The government, in its wisdom, has decreed that even if you are PAYING say £1100 pm in rent, that's not proof you can can afford an £800 pm mortgage, therefore you can't have one ... ABSOLUTELY CRAZY!)

Cheers,
Wol

Problem with interest rates as a control

Posted Aug 23, 2022 12:38 UTC (Tue) by farnz (subscriber, #17727) [Link]

And the difficulty is that interest rates only really affect the demand side of the supply + demand curves. You can use interest rates to adjust demand to keep inflation down if the root cause of inflation is excessive demand - in other words, people buying more than they absolutely need. In at least one economic model, this is the only cause of inflation.

The situation gets difficult if you have supply shortages, such that people can't afford a full set of essentials; interest rates allow you to influence demand, but there are some things that people will pay everything they have to keep getting (shelter, food, water). If these things are in restricted supply, then central banks are stuffed - they have no tools for affecting supply side, and if that's where inflation is coming from, keeping it in check is outside their competence.

Tornado Cash and collateral damage

Posted Aug 18, 2022 0:27 UTC (Thu) by flussence (guest, #85566) [Link] (11 responses)

> What is the legal status of ten units of cryptocurrency obtained legally that is mixed with one unit, say, from some crime source? We deposit our money into banks that undoubtedly take in some deposits from dubious sources as well, but the presence of the "bad" money does not normally taint withdrawals made from them.

That's an interesting thought experiment. My opinion is that mixing 1 red bit of "foreign sanctioned regime" cryptocurrency with 10 blue bits of "sovcit ancap pyramid scheme" cryptocurrency is the same as mixing 1 red bittorrent of D*sney movies and R*AA MP3s with 10 blue XOR pads announced on mainstream social media. It's just not something people with common sense do.

Banks are a fundamentally different thing because — notwithstanding things like overdrafts, bankruptcies, central banks regulating the amount of money and all the other slack necessary to keep society limping along — there's generally a conservation of mass to the whole machine, flows into and out of it can be isolated and traced, and of course the bank itself isn't idiotic enough to attempt to undermine centuries-old successions of power enforced by fire and brimstone.

It doesn't matter how far the code-is-law crowd's "move fast and break things" attitude gets them in the end, the actual law exhaustion predators will catch up. I think the next few decades of this are going to make the SCO case look like small claims court.

Tornado Cash and collateral damage

Posted Aug 18, 2022 12:11 UTC (Thu) by kleptog (subscriber, #1183) [Link] (10 responses)

> That's an interesting thought experiment. My opinion is that mixing 1 red bit of "foreign sanctioned regime" cryptocurrency with 10 blue bits of "sovcit ancap pyramid scheme" cryptocurrency is the same as mixing 1 red bittorrent of D*sney movies and R*AA MP3s with 10 blue XOR pads announced on mainstream social media. It's just not something people with common sense do.

This is the "Colour of your bits" all over again. The legal status of the mixing isn't important because nobody cares. At some point someone throws $10 million in the system and at some point later the $10 million comes out (minus fees) and as far as that person is concerned the money that came out is the money that went in. So the law considers it so as well. The fact that in the intermediate time the money was not recognisable and could possibly have gone around the universe twice is completely irrelevant.

Trying to use technical means to do end runs around the law is pointless, because lawyers will poke through whatever subterfuge you think of.

This is a more interesting case because the claim is that the mixing is done decentralised and so no-one is responsible. Not sure how to work that one out.

To be honest, the more interesting question for me is: if you poll the population about whether it's ok for people to use such a mixing system, what would they say?

Tornado Cash and collateral damage

Posted Aug 18, 2022 19:23 UTC (Thu) by NYKevin (subscriber, #129325) [Link]

Relevant xkcd: https://xkcd.com/1494/

Tornado Cash and collateral damage

Posted Aug 19, 2022 1:54 UTC (Fri) by nybble41 (subscriber, #55106) [Link] (8 responses)

> At some point someone throws $10 million in the system and at some point later the $10 million comes out (minus fees) and as far as that person is concerned the money that came out is the money that went in. So the law considers it so as well.

Sure, provided you can connect the money coming out with a specific deposit. Of course the whole point of a decent mixer based on zero-knowledge proofs is that there is no visible connection between deposits and withdrawals. Assuming the user obscures their IP address well and doesn't do something stupid like deposit 424.42315213 BTC and then withdraw exactly 424.42315213 BTC in one lump sum the next day.

Tornado Cash and collateral damage

Posted Aug 19, 2022 7:40 UTC (Fri) by NYKevin (subscriber, #129325) [Link] (1 responses)

At some point, the ETH* has to turn into USD or another fiat, and re-enter the traditional financial system. When that happens, you'd better be prepared to demonstrate that the entire sequence of transactions, tracing all the way back to whenever you (or someone affiliated with you) initially acquired the ETH (either by purchasing it with fiat, bartering** for it with another cryptocurrency, or by mining it), is compliant with the relevant laws and regulations. In particular, you should be ready to respond to charges of structuring and/or laundering, which are already criminal in their own right (even if you initially acquired the ETH by legitimate means). You absolutely cannot just rock up to a bank and say "I have [the USD equivalent of] 0.01 ETH, please deposit it into my bank account" once a month over the course of a few years - that's textbook structuring, and they will nail you to the wall for it.

* Tornado Cash was an ETH smart contract; you can't do this with BTC because its scripting functionality is insufficiently powerful.
** Yes, bartering. The US government takes the position that cryptocurrencies are property, not currency, and so exchanging one cryptocurrency for another is a form of barter. Barter income is taxable like any other income. You are reporting those trades to the IRS, right?

Tornado Cash and collateral damage

Posted Aug 26, 2022 3:12 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

> At some point, the ETH* has to turn into USD or another fiat, and re-enter the traditional financial system.

It really doesn't. Goods and services can be bought directly with ETH or other cryptocurrencies without going through USD or any other fiat. The seller in that transaction isn't going to care where the crypto came from any more than they would care where you got your USD in a cash transaction. In principle it could just keep circulating as crypto indefinitely, given the right supply chain, but if they do trade it for fiat, or deposit it with some centralized exchange, the only transaction they need to demonstrate is that they received it in exchange for whatever good or service they sold you.

I'm not sure why you bring up structuring here. No one suggested making small deposits over time to avoid going over the reporting threshold. A decent mixer enforces small uniform denominations for *withdrawals*, which is an altogether different matter. Metaphorically speaking, someone deposits (for example) $15,000 into the mixer in exchange for a stack of bearer bonds (blinded signatures) which are later redeemed for a stack of 750 $20 bills. Those bills can be deposited all at once with the bank, if you so choose, filing whatever AML paperwork is legally required in the process. No structuring is involved. The bank will most likely ask where you got the money, but beyond your word on that subject there is no paper trail. The mixer has no way of knowing which particular deposit led to the issue of those particular bearer bonds; it just recognizes its own signature on them and the fact that they hadn't already been redeemed.

Tornado Cash and collateral damage

Posted Aug 19, 2022 12:49 UTC (Fri) by paulj (subscriber, #341) [Link] (5 responses)

This is why public ledger block-chains + mixers are just not good enough: They still require users to practice lots of other OpSec. Even then, they're a pain and not the default.

CryptoNote solves this. Every TX is a mixing operation, drawing from the *entire history* of the block-chain (with certain biases), and both the addresses and the amounts are obscured to public view - only the sender has full knowledge of the amounts and the actual addresses; the receiver has only part knowledge. The sender can tell if the output is "used" again in a future transaction, but then will not know whether that future TX actually used the output (just a 1 in X possibility) or what the amounts were.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:50 UTC (Fri) by immibis (subscriber, #105511) [Link] (4 responses)

And this will be "fixed" by simply declaring the entire currency illegal.

Tornado Cash and collateral damage

Posted Aug 22, 2022 12:20 UTC (Mon) by paulj (subscriber, #341) [Link] (3 responses)

This will work as well as when RSA was declared illegal.

Tornado Cash and collateral damage

Posted Aug 22, 2022 15:50 UTC (Mon) by immibis (subscriber, #105511) [Link] (2 responses)

Wasn't crypto only declared illegal to export? I thought USA citizens were allowed to use it.

Tornado Cash and collateral damage

Posted Aug 22, 2022 16:15 UTC (Mon) by paulj (subscriber, #341) [Link] (1 responses)

It was illegal to export, yes. In principle this meant companies /could/ have a 'domestic' version of software with proper crypto and a crippled 'export' version. In practice this meant that any 'free' (beer) software (e.g. Netscape) that was made available on the Internet had to be in the crippled form.

And elsewhere the GSM A5/2 cryptography was deliberately weakened too. Maybe not direct laws, but still at the behest of European states and their intel agencies - I'd assume in consultation with the NSA and US State dept.

Tornado Cash and collateral damage

Posted Aug 22, 2022 16:20 UTC (Mon) by paulj (subscriber, #341) [Link]

More detail here - and wrt regulatory environment it's worth bearing in mind that security agencies in western Europe have almost unchecked power (esp. back then): https://yarchive.net/phone/gsmcipher.html - the control of crypto was generally done via their vague, sweeping powers; rather than via more explicit legislation and regulation as was required in the USA.

Tornado Cash and collateral damage

Posted Aug 18, 2022 5:07 UTC (Thu) by rsidd (subscriber, #2582) [Link] (2 responses)

> Typically, however, tools are not prosecuted (or sanctioned), people are.

I think this is a very American view. In the rest of the world, guns are controlled, polluting vehicles are banned, etc. If a tool is a danger to society, the tool is the problem, not the people.

Whether the negative side of mixing cryptocurrency merits the ban on Tornado Cash, I don't know. But the tradeoff between individual liberties and societal good is, in general, not viewed the same way in most other countries as in America.

Tornado Cash and collateral damage

Posted Aug 18, 2022 11:18 UTC (Thu) by camhusmj38 (subscriber, #99234) [Link] (1 responses)

Even in America, many tools are actually banned. There is a tendency for FOSS advocates to view code as suis generis but the fact remains that it is just like anything else. The fact that you've written a computer program to do your money laundering shouldn't change the fact that you're money laundering.

Tornado Cash and collateral damage

Posted Aug 29, 2022 19:38 UTC (Mon) by sammythesnake (guest, #17693) [Link]

In most cases laws criminalise *uses* of such things as are under restrictions. The are certainly things where *possession* is a crime (e.g. various weapons or drugs, depending on the jurisdiction), but the "uses" laws outweigh them somewhat.

Even many laws restricting possession aren't absolute, allowing it if certain requirements are met (e.g. requirements on storage of firearms or ammunition, or valid prescription for drugs etc)

In any case, though, there is necessarily a responsible party to be held criminally liable in the event of overstepping the bounds. You can't imprison or fine a knife/gun/doobie, you need a person to subject to consequences.

There are laws that restrict doing things you can/should "reasonably suspect" enable illegal actions by another party - essentially making you liable for others' actions with a defense of due diligence.

That kind of restriction might work for tornado by applying only to the "money in" part if you could ensure legitimacy of the money going in and somehow apply whatever taxation is appropriate while allowing the egress of funds to be anonymous...

Making it illegal to use for otherwise legal purposes is overreach (though that's hardly unprecedented, c.f. the DMCA)

Making it illegal to possess is near pointless given how difficult it would be to enforce such a law (defining the software in question, proving that an encrypted drive contains it, even proving that a hard drive is formatted if certain encryption methods are used!)

Of course, legislators do stupid things five times by breakfast...

Tornado Cash and collateral damage

Posted Aug 18, 2022 11:16 UTC (Thu) by MarcB (subscriber, #101804) [Link] (90 responses)

It's a bit of a weird claim that crypto-currency mixers serve privacy. They could do so in a world where crypto-currencies are actually used as currencies, but this is not the world we live in.
Those mixers serve two major purposes: Laundering currency obtained via rug pulls and others hacks or scams as well as laundering currency obtained via extortion. Laundering currency obtained via other illegal businesses already is a negligible use-case. Obviously the operators of such services know this (the volume alone makes it obvious).

As to the arrest: The guy *was not arrested for writing software*, but for running a money laundering operation.
Here is the press release: https://www.fiod.nl/arrest-of-suspected-developer-of-torn...

As to the question "What is the legal status of ten units of cryptocurrency obtained legally that is mixed with one unit, say, from some crime source?"
Easy: if is really mixed, all of it is illegal. This is why proper accounting is important even for criminals and they take great care to keep their assets separated.

In general, a lot of those libertarian crypto ideas are astoundingly naive. If you (intentionally) design a system that us unable to satisfy long-standing legal requirements - that are also enforced and generally accepted - those requirements are not void. Instead, it's your system that is in trouble.

Tornado Cash and collateral damage

Posted Aug 18, 2022 12:10 UTC (Thu) by paulj (subscriber, #341) [Link] (12 responses)

A lot of this is reminiscent of the arguments in the 90s about strong encryption, in the days when the government classified strong encryption as munitions: Only criminals and bad guys had a reason to want to hide stuff from the government.

And now we have the same arguments about finances: Only criminals would want to have privacy for their finances from the government.

The argument that we never had it before is incorrect. Privacy was the default for nearly the entirety of human history with money. It is only recently in the networked-computer + big data + digital-transactions age that it has become possible for governments to have almost all-seeing visibility into the transactions of the populace. And there are plans to centralise state backed money further.

I personally disagree that we should give governments this _new_ ability to oversee /all/ mainstream financial transactions and control access to that system. It will be ripe for abuse, and we have already seen numerous cases where governments have weaponised that control to deny access to political opponents. For that reason I think it is very important we have permissionless and privacy-preserving financial transaction systems available to societies. I.e., CryptoNote based protocols, e.g. Monero as the most widely used example of such.

Tornado Cash and collateral damage

Posted Aug 18, 2022 12:55 UTC (Thu) by smoogen (subscriber, #97) [Link] (3 responses)

> And now we have the same arguments about finances: Only criminals would want to have privacy for their finances from the government.

That is actually an older argument going back to at least Roman times. The right to 'privacy' may be more modern but in various forms the 'state' be it in the form of the Senate, Emperor, King, government of the people have had the right to know what 'the currency of the realm' and the 'property within' have been transacted. It isn't an absolute right as various laws, legal rulings and precedents over the ages have carved out exceptions but it is more that the 'state' has a right to know already versus it does not.

I am not arguing if this is right or wrong, I am just saying that every generation when running into this believe it a new legal theory on the part of governments or that they have found some new loop hole. Instead the hole was probably already invented millenia ago and then covered by laws and rulings which nullified it multiple times.

Tornado Cash and collateral damage

Posted Aug 18, 2022 13:16 UTC (Thu) by paulj (subscriber, #341) [Link] (2 responses)

You could be held to account, and that was true whether in days of old and having to account to a king or today to a government.

What is new today is the technical ability for the authority to 'see' every transaction between anyone, in near real-time - and gate-keep access to the system(s) with which to transact. That has never ever existed before, but it exists today and governments are moving to minimise the remaining transactions that do not occur on those controlled platforms.

So, agreed, accountability (good and bad) has always existed. The lack of privacy of modern state-approved digital systems is unprecedented, as is the degree of control the authorities have.

Tornado Cash and collateral damage

Posted Aug 18, 2022 13:22 UTC (Thu) by paulj (subscriber, #341) [Link] (1 responses)

And note that the level of privacy you have from the authority very strongly determines the degree and means of accounting the authority can demand.

With privacy, the authority figure would need some other evidence of malfeasance, before being able to accuse anyone of having failed to properly account. With no privacy, the authority figure can prosecute every petty transgression, that they would never have noticed otherwise, and they can weaponise this against political opponents - the petty transgression may even be to the public good, or the person carrying it out may generally be good, just inconvenient to the authority figure.

Tornado Cash and collateral damage

Posted Aug 19, 2022 11:04 UTC (Fri) by paulj (subscriber, #341) [Link]

Linking the threads, some other examples of socially beneficial (and common) uses of permissionless, digital, financial transaction systems: https://lwn.net/Articles/905204/

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:36 UTC (Thu) by paulj (subscriber, #341) [Link] (4 responses)

Examples of weaponisation of the state-approved digital financial system include Wikileaks, CAGE and anti-lockdown protestors being blocked from SWIFT, Visa, and national banking systems.

This kind of control is not healthy for society.

Tornado Cash and collateral damage

Posted Aug 23, 2022 14:58 UTC (Tue) by Wol (subscriber, #4433) [Link] (3 responses)

Add the standard practice of American prosecutors - freeze the bank accounts of defendants so they can't afford a proper defence ...

The amount of NORMAL American prosecutorial behaviour that would be considered a perversion of Justice elsewhere is just astounding...

Cheers,
Wol

Tornado Cash and collateral damage

Posted Aug 25, 2022 7:08 UTC (Thu) by brunowolff (guest, #71160) [Link] (2 responses)

I remember reading reading a long time ago about old money knowing you want to pay your lawyer a retainer in advance so that they will defend you even if your assets are frozen. This is an option generally only available to the wealthy though.

Tornado Cash and collateral damage

Posted Aug 25, 2022 10:57 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

Some time ago I was curious about retaining a lawyer. Turns out that almost no "regular" law firms do that. The movie-style "I need to call my lawyer" is not even available for merely affluent, you need to be truly rich.

The closest thing is LegalShield that sells an "insurance-style" subsciption.

Retaining a lawyer

Posted Aug 25, 2022 11:30 UTC (Thu) by hummassa (guest, #307) [Link]

Are you trying to retain a lawyer "just because"?

Down here you can walk into a lawyer's office, ask for a consultation (for a fee, obviously) and, if said lawyer tells that you have a case to complain or that you need legal defense, *then* you retain said lawyer, and in the documents you file together with the case or defense you must file the "letter of attorney" that specifies the scope of the retention (just for this case, for any related legal case, for any related case from now on etc).

Tornado Cash and collateral damage

Posted Aug 18, 2022 17:08 UTC (Thu) by MarcB (subscriber, #101804) [Link] (2 responses)

> A lot of this is reminiscent of the arguments in the 90s about strong encryption, in the days when the government classified strong encryption as munitions: Only criminals > and bad guys had a reason to want to hide stuff from the government.

It's not even close. There always was broad consensus (at least in the western world), both intellectually as well as in practise, that speech is free and that is must be possible to protect communications from third parties, including the state. It was even written into constitutions. This is why strong cryptography prevailed.

However, there never was a consensus that people should be able to dogde taxes or be able to perform criminal businesses at will. For finances, privacy was pretty much not the default for at least 3000 years. Read up on systems like the Roman "tax farming" or the Babylonian "tithe".
Unlike free-speech, this is also something about which almost all governments and cultures are in agreement.

The problem with crypto-currencies is that the original designs provided no privacy whatsoever. Now people try to fix this by adding systems that provide no accountability whatsoever. Obviously this won't work. A viable system must generate transaction records, restrict access to them, but must be able to provide them based on some rule-set.

If it can't do this, it will never be usable as general financial platform. Sane people won't use a system without any privacy and no state will accept (and can) accept a system without any control.

Tornado Cash and collateral damage

Posted Aug 19, 2022 8:07 UTC (Fri) by paulj (subscriber, #341) [Link]

You're conflating the existence of taxes with privacy of transactions. See sibling reply on accountability and privacy.

Tornado Cash and collateral damage

Posted Aug 19, 2022 12:58 UTC (Fri) by paulj (subscriber, #341) [Link]

Oh, FWIW, CryptoNote protocols (i.e., Monero) provide privacy AND accountability.

With a crypto such as Monero, you get:

a) Every TX is a mixing operation, with even the amounts obscured; so you have privacy from arbitrary observers of the public block-chain

b) The ability to give others a "view" key, such that they can decode your transactions.

So Monero could satisfy the goal of having privacy by default, from arbitrary observers; while still being able to _provably_ account for ones transactions to a regulatory authority or to a tax revenue service.

Note that there are companies there who provide tax accounting services for block-chains. You give them your addresses, you tell them which jurisdiction(s), and they analyse the block-chain and apply your tax rules and calculate your tax liability. This is _SO_ much easier and quicker than accounting for financial transactions, where you often have to dig up paper, or download CSVs and manipulate them, etc.

The potential for universal digital ledgers (i.e., block-chains) to revolutionise tax accountancy in the future is enormous. And there is _no reason_ why we can't have privacy with that, given the existence of CryptoNote protocols.

Tornado Cash and collateral damage

Posted Aug 18, 2022 13:57 UTC (Thu) by hummassa (guest, #307) [Link] (74 responses)

> As to the arrest: The guy *was not arrested for writing software*, but for running a money laundering operation.
> Here is the press release: https://www.fiod.nl/arrest-of-suspected-developer-of-torn...

This is just silly. Your argument is "the guy was arrested for running a money laundering operation" when all he did was to develop the software. One could argue that Ethereum is "running a money laundering operation", but so is the Federal Reserve anytime it prints paper money.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:17 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (72 responses)

> "running a money laundering operation", but so is the Federal Reserve anytime it prints paper money.

"Money laundering" means taking money obtained by criminal means and then obscuring that. Federal Reserve does not do that, however you slice it.

You can argue that Federal Reserve instead is running a huge theft ring, stealing a little bit from everyone through inflation. But it does not run a money laundering operation.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:32 UTC (Thu) by paulj (subscriber, #341) [Link] (71 responses)

Inflating the money supply effectively takes value from those who hold cash or cash-equivalent assets - it extracts value from a part of the economy, to assign it to whomever the money supplier sees fit (e.g., the government; or to large corporates in the form of bond sales; etc). That includes taking value obtained by criminal means (which may even be biased towards being held in cash assets).

So, it fits your definition. ;)

I suspect you mean to add some degree of distance. But then you may well exempt those who use mixers for non-criminally obtained assets simply to preserve their privacy on-chain, and protect themselves from the large corporates who do chain-analysis (or buy that data)?

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:35 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (66 responses)

> But then you may well exempt those who use mixers for non-criminally obtained assets simply to preserve their privacy on-chain, and protect themselves from the large corporates who do chain-analysis (or buy that data)?

The problem is, once criminal money enter a mixer, everything that comes out of it is suspect.

A mixer that does KYC and allows only vetted people to use it would be OK.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:42 UTC (Thu) by paulj (subscriber, #341) [Link] (33 responses)

This is so like the attempts to control cryptography in the 90s.

This stuff is applied math. I can print the code for a mixer on a t-shirt, just like RSA in the 90s.

Just like in the 90s, the authorities are not going to be able to stop the 'bad guys' (many of whom will simply be liberal-minded cypherpunks) making use of published applied math. Just like in the 90s, all this will achieve is to cripple commercial use for a decade or two, and grow markets and expertise in other jurisdictions and/or underground. Until eventually we learn.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:49 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (32 responses)

> This stuff is applied math. I can print the code for a mixer on a t-shirt, just like RSA in the 90s.

Copying copyrighted music is applied math. Programming a self-driving car to mow throgh a class of children is applied math. Using Bitcoin to pay for sex slaves is applied math.

The law has no problems banning certain kinds of applied math. Because everything is applied math.

> Just like in the 90s, the authorities are not going to be able to stop the 'bad guys' (many of whom will simply be liberal-minded cypherpunks) making use of published applied math. Just like in the 90s, all this will achieve is to cripple commercial use for a decade or two, and grow markets and expertise in other jurisdictions and/or underground. Until eventually we learn.

There's a difference here. Cryptography provides very real advantages, like being able to use modern banking software. Bitcoin right now does not provide ANYTHING of value. Moreover, its value is highly negative (due to impact of mining). And pretty much all activity on Bitcoin that is not pure speculation is linked with various crimes ( https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3102645 ).

And it's pretty easy to just ban it entirely when it becomes even more problematic.

Tornado Cash and collateral damage

Posted Aug 19, 2022 8:04 UTC (Fri) by paulj (subscriber, #341) [Link] (19 responses)

Well yes, RSA was made illegal to export from the USA in the 90s - and other countries had controls too. I made a comment explicitly referencing the fact that states in the 90s tried to make the applied math of strong cryptography illegal. And your response is "But they can ban these things". I'm not sure you're engaging with my point.

Bitcoin, FWIW, does NOT address the privacy issues. See my other comment on CryptoNote protocols (e.g., Monero).

Your statement that it does not provide anything of value is just false though. It has at least the following quite significant uses:

1. The money supply is algorithmically fixed, and can not be changed without the majority consensus of the mining nodes. As a consequence many people and *large institutions* are using Bitcoin as a store of value, to hedge against (what they view as) irresponsible and reckless monetary policy by state monetary authorities.

(Let's not argue about state monetary policy, but it's just a fact the people doing this believe this).

2. People with family in countries with limited or incompetent financial infrastructures use Bitcoin as a remittance network. They are working abroad to earn money to support family. Remittance via banking systems may take a _long time_ at best, or just be unreliable, or even unavailable. Western AML laws may have made it effectively impossible for western remittance networks to give service. Their choices are either informal remittance network, or Bitcoin.

2a. Same as 2, but people separated from their cash (e.g. pension) because of sanctions. E.g., there are (normal, not rich) Russians living in the west for decades, who have no responsibility at all for Putin, who depend on (say) their Russian savings and/or pensions, who can not now access these. They either rely on family to support them through this, or they use things like Bitcoin.

Your assertion in comments on this post that money laundering is the only use for crypto-currencies like BitCoin is simply incorrect. And appears to be down to ignorance of what it used for.

Tornado Cash and collateral damage

Posted Aug 19, 2022 11:02 UTC (Fri) by paulj (subscriber, #341) [Link]

Oh, and there is also speculation of course. But speculation feeds of expectations of future value and changes in that, so there needs to be some expectation of change to speculate on. And state money also has massive amounts of speculative trading.

You may reply and point out that the second class of uses are working around regulations, and hence you could argue they prove your point that it is "money laundering". But these are benign and even socially useful forms of it - the problem is the AML laws, in trying to stop a few bad guys, make life difficult for many good people who are just trying to live their lives. Russian grannies who've lived in the west for decades, who now can't get their pension via the approved, regulated channels anymore. The immigrant to the west, who is contributing their needed labour to western economies, who needs to support their family in a country (or region of a country) that - through under-development - has no good access to approved, regulated channels for financial transactions. There's also combination of classes, e.g. immigrants who want to send money to family in their home nation, which /does/ have access to international financial settlement systems, but whose currency is experiencing inflation such that transmitting money in that home nation currency would be a bad choice (and forex bank accounts in the home nation are banned/restricted precisely because of the inflation; so the worker abroad can't send, e.g., $ to home).

See also my other comment on how all-seeing, all-powerful financial regulation allows petty transgressions, which even be /socially useful/, to be banned - where before they would never have been noticed. The problem is /everyone/ gets swept up in the petty bureaucracy of these regulations.

https://lwn.net/Articles/905042/

Tornado Cash and collateral damage

Posted Aug 19, 2022 11:10 UTC (Fri) by paulj (subscriber, #341) [Link] (6 responses)

The paper you've cited says more than half of transactions were not known to be associated with illegal activity and further that the proportion of activity related to illegal activity has been declining with the increasing mainstream interest in crypto.

So the paper is evidence of what I'm telling you: A lot of use of crypto is for inflation hedging, and some for socially-useful remittance.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:33 UTC (Fri) by anselm (subscriber, #2796) [Link] (5 responses)

A very considerable number of crypto transactions are “wash trading” or “painting the tape” (i.e., people selling crypto to themselves) in order to artificially pump up the “value” of crypto-“currencies”. On the traditional stock market that would be quite illegal.

Tornado Cash and collateral damage

Posted Aug 19, 2022 17:27 UTC (Fri) by NYKevin (subscriber, #129325) [Link]

Since the SEC considers cryptocurrencies to be assets rather than money, it may well be illegal for them too. The US government may simply be waiting for someone to do it in a sufficiently egregious and/or visible way, so as to make an example of them.

Tornado Cash and collateral damage

Posted Aug 22, 2022 12:30 UTC (Mon) by paulj (subscriber, #341) [Link] (3 responses)

I think you're likely referring to the paper about wash trading on CEXes. These do not result in block-chain transactions. That's basically an artefact of collusion on those trading platforms, typically with the CEX or at least insiders on the CEX.

As noted, this is already regulated and illegal. It should be cracked down.

Smart contract block-chains like Ethereum also had a problem with validators colluding with others to front-run transactions in the mempool. I.e., run software to scan the pending pool of unvalidated transactions and then inject their own transactions immediately before or after a target tx to extract value via arbitrage - validate those blocks before anyone else and... profit. The answer developed to this has been to provide programmatic access to /all/, on an equal basis, to the ability to run such code on the pending pool in (at least some) validators.

Tornado Cash and collateral damage

Posted Aug 22, 2022 15:44 UTC (Mon) by anselm (subscriber, #2796) [Link]

I think you're likely referring to the paper about wash trading on CEXes. These do not result in block-chain transactions. That's basically an artefact of collusion on those trading platforms, typically with the CEX or at least insiders on the CEX. As noted, this is already regulated and illegal. It should be cracked down.

The problem with this (from the POV of a cryptocurrency enthusiast) is that the perceived “value” of the cryptocurrency is based on these transactions (on the blockchain or not) – people say that, e.g. “1 Bitcoin is worth $X” according to the numbers that cryptocurrency exchanges publish based on the transactions that occurred on that exchange (the fact that these transactions very often involve neither the blockchain nor actual dollars is conveniently glossed over; instead, people cite even more ridiculous measures like the “market capitalisation” of a cryptocurrency, which is just the number of mined coins times the fictitious dollar value per coin). Wash trading is used to pump up that “value” artificially by feigning interest in buying and selling crypto, when the actual (non-wash-trading) volume is only a small fraction of that seen on an exchange, and would probably happen at much lower prices.

Regulators like the SEC are gradually moving towards classifying cryptocurrencies as securities rather than property, which brings them within the scope of existing securities legislation that outlaws wash trading. We'll have to wait and see what that does to the exchanges.

Tornado Cash and collateral damage

Posted Aug 23, 2022 10:32 UTC (Tue) by anselm (subscriber, #2796) [Link] (1 responses)

Smart contract block-chains like Ethereum also had a problem with validators colluding with others to front-run transactions in the mempool. I.e., run software to scan the pending pool of unvalidated transactions and then inject their own transactions immediately before or after a target tx to extract value via arbitrage - validate those blocks before anyone else and... profit. The answer developed to this has been to provide programmatic access to /all/, on an equal basis, to the ability to run such code on the pending pool in (at least some) validators.

David Gerard calls this “always declare your worst bugs are features, actually.”

There's an interesting new paper which analyses how Ethereum validators (miners) can, and do, profit from front-running, back-running, “sandwich attacks” and similar shenanigans. If you want to protect your transactions from the attention of “bots” which scan the “memory pool” of pending transactions for opportunities to front-run, the thing to do is to avoid the memory pool altogether and send transactions privately to miners instead, but that then gives these miners the opportunity to tweak things for side profits. Over a period of 12 days in February 2022, the authors' analysis demonstrated that 2,159 ETH (the equivalent of approximately 6.4 million USD) was pocketed by miners, mostly through sandwich attacks on privately-sent transactions. The analysis also showed that during the time period under consideration there were multiple opportunities for “time-bandit attacks”, where sufficiently powerful miners could, in theory, retroactively “re-mine” previously-validated blocks in order to skim off the mining fees; the authors say that this hasn't happened during their research but are reasonably positive that it will in the future. This is of considerable concern because it would jeopardise the stability of Ethereum.

Tornado Cash and collateral damage

Posted Aug 23, 2022 14:33 UTC (Tue) by paulj (subscriber, #341) [Link]

Very interesting, thanks!

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:14 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (4 responses)

> 2. People with family in countries with limited or incompetent financial infrastructures use Bitcoin as a remittance network.

This is actually an exaggeration perpetuated by coin-pushers. The amount of remittance in Bitcoin is probably less than $3B a year out of the total market that is around $700B. In El Salvador that drank the Shitcoin Kool-Aide the Bitcoin remittances are something like 2% of the total amount.

That's because it's easier and safer to send money through existing services like MoneyGram or WesternUnion.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:37 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

The total overseas remittance market was $540B in 2020 according to the world bank, apparently. So BTC, by your figure, is already 0.5% of the world market. That's actually impressive given how early in adoption we are. Various reports suggest it is growing in share, but I can't find high-quality ones.

Again, by your own sources - the paper and this stat - there are large and growing non-criminal-activity related uses for crypto-currencies.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:48 UTC (Fri) by paulj (subscriber, #341) [Link] (1 responses)

Also, pray tell, how does the (once) Russian granny living in the EU for decades get their roubles in Russia from their pension into their bank account in the EU?

Tornado Cash and collateral damage

Posted Aug 19, 2022 15:13 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Given that the average pension in Russia is the same order as the the BitCoin transaction fee, I highly doubt that she'll be using it.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:50 UTC (Fri) by anselm (subscriber, #2796) [Link]

El Salvador that drank the Shitcoin Kool-Aide the Bitcoin remittances are something like 2% of the total amount.

And that would be El Salvador where the government is practically forcing Bitcoin down people's throats whether they want it or not – and in point of fact most people in El Salvador don't.

The main problem with remittances in general is that many of the recipients don't have access to a stable financial infrastructure. There is a persistent myth which says Bitcoin will basically be the best thing since sliced bread for people without bank accounts, but it turns out that without a bank account, or for that matter a bank, it is pretty difficult to turn Bitcoins into something that you can actually use to buy stuff and pay bills. In addition, given half a choice people will prefer actual banks (with oversight and regulation, etc.) to Bitcoin (with no oversight and lots of crooks and scammers).

Tornado Cash and collateral damage

Posted Aug 20, 2022 11:17 UTC (Sat) by excors (subscriber, #95769) [Link] (5 responses)

> 1. The money supply is algorithmically fixed, and can not be changed without the majority consensus of the mining nodes.

Given the interdependency between different coins, I'm not sure how meaningful it is to consider one in isolation. The supply per coin is fixed but the number of coins is not. Anyone can (and often does) invent a new coin, or fork an existing one, and if they convince an exchange to support it (which is a low barrier; they already support hundreds) then they've increased the total money supply across the cryptocurrency system.

> As a consequence many people and *large institutions* are using Bitcoin as a store of value, to hedge against (what they view as) irresponsible and reckless monetary policy by state monetary authorities.

If you had $100 a year ago, and kept it as cash, it would have lost about 8% of its value now.

If you converted it to BTC a year ago, then converted it back now, it would have lost about 60% of its value. (And similar for ETH, XMR, etc, because they're all tightly coupled.)

If you liked cryptocurrency but disliked the volatility and decided to convert it to a stablecoin instead, like TerraUSD (which offered guaranteed 20%-per-year returns so you'd still beat inflation, and had billions of dollars invested in it already), it would have lost somewhere between 98% and 100% of its value.

Cryptocurrency seems pretty unsuccessful as a store of value, and it would be irresponsible and reckless to try to use it for that.

Tornado Cash and collateral damage

Posted Aug 22, 2022 10:04 UTC (Mon) by paulj (subscriber, #341) [Link] (4 responses)

You cherry-picked the window of a year, go back further. Cut out the super-frothy last 2 years and it's >+50%.

Agree it is extremely volatile and any one using it as a short to mid-term hedge is unwise. Longer term, for a number of people is a worth-while hedge (but _only_ with money they can afford to lose).

Tornado Cash and collateral damage

Posted Aug 22, 2022 15:05 UTC (Mon) by anselm (subscriber, #2796) [Link] (3 responses)

I'm not convinced that crypto-“currencies” will ever go back to where they were 2 years ago or so. Crypto is based on the “find a bigger sucker than yourself” principle, and while the world is running out of bigger suckers, the regulators are slowly but steadily closing in.

Tornado Cash and collateral damage

Posted Aug 22, 2022 15:17 UTC (Mon) by paulj (subscriber, #341) [Link] (2 responses)

Completely agree the last couple of years has been fuelled by a combination of tulip-mania, with a fair number of "find a bigger sucker" hucksters diving in to profit from that.

I do think there is huge social value in permission-less (which need not mean /no/ accountability), universal, digital ledger technology (which basically means a block-chain with a consensus mechanism of some sort to randomise validation of new blocks). I think it's a good thing if the more crazy retail froth has been blown off, and the technology can mature further without that.

Tornado Cash and collateral damage

Posted Aug 22, 2022 15:20 UTC (Mon) by paulj (subscriber, #341) [Link]

(Least, the alternative of some centralised CBDC - where access to that system is denied based on extra-judicial decisions by private corporates, based on their /fear/ of whatever some vague regulation means + and also sometimes denied by behind-the-scenes state pressure on said entities - is a scenario that is ripe for state abuse; and will be abused to punish unpopular minority interests again and again; and eventually worse).

Tornado Cash and collateral damage

Posted Aug 23, 2022 11:08 UTC (Tue) by kleptog (subscriber, #1183) [Link]

> I do think there is huge social value in permission-less (which need not mean /no/ accountability), universal, digital ledger technology

But for such a system to succeed it has to be more useful in the general case. In general a centralised system is more efficient and flexible than a distributed one (with the exception of embarrassingly parallel problems). I agree the most useful thing you can do for much of the developing world is getting them a working banking system. A lot of progress has been made, where basically your mobile phone acts as a wallet for payments. It's also amazing how quickly you get used to instant bank transfers. Any totally decentralised system is going to have a hard time beating that.

The digital currencies being looked into by central banks are interesting. You say governments have an interest in tracing everything, but central banks really don't: they just want to numbers to add up. So they've got themselves a number of requirements relating to privacy and performance, but the ECB explicitly also wants to prevent the digital currency being used as a store of value. It will certainly be interesting what solutions they come up with.

Tornado Cash and collateral damage

Posted Aug 19, 2022 13:05 UTC (Fri) by paulj (subscriber, #341) [Link] (11 responses)

> "its value is highly negative (due to impact of mining)"

Oh, on this, note that to maximise mining revenue you find and use the cheapest energy possible.

The cheapest energy available is that which must be produced, but can not be sold. This is heavily biased towards non-hydro-carbon forms of energy. A lot of mining makes use of sustainable power for this reason, e.g. hydro-electric power that is cheaply available for various reasons (remote areas with excess for demand; off-peak times; etc.).

Further, the hydro-carbon energy issue exists regardless of CC mining. Humanity is not going to fix it by reducing energy use. Indeed, we're certain to at least maintain current energy use, and pretty much guaranteed to increase and increase it. Regardless of CC mining. The hydro-carbon energy issue is orthogonal and needs fixing regardless; and mining is already skewed away from hydro-carbons.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:06 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (8 responses)

> Oh, on this, note that to maximise mining revenue you find and use the cheapest energy possible.

Making it more expensive. This is pure broken windows fallacy.

Coin mining is pure waste with NEGATIVE output (since Shitcoins are crime-enablers and have no real legitimate use).

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:29 UTC (Fri) by paulj (subscriber, #341) [Link] (7 responses)

The energy market is quite local for anything other hydro-carbons. Rivers, wind, etc., are intrinsically local and electricity is also relatively limited in how far it can be economically transmitted. A mining operation co-operating with a hydro-electric power generator in remote China, to use energy that could not otherwise be sold but would literally flow down the river otherwise does not affect the price of energy elsewhere.

Again, the most profitable energy for mining is the energy that _could not be sold otherwise_ - and that's largely sustainable (hydro-electric, wind, nuclear).

Also, even hydro-carbon driven mining may be net-0, in terms of effect of mining, amazingly enough. E.g., oil extraction companies using the heat from flaring methane that would otherwise be waste to generate power for mining.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:46 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (5 responses)

There have definitely been instances of mining operations buying to-be-commissioned fossil fuel energy factories just to power their rigs. Luckily New York put the kibosh on that happening again, but there are other states that are probably less willing to say "no" to such wastefulness.

Tornado Cash and collateral damage

Posted Aug 19, 2022 16:34 UTC (Fri) by paulj (subscriber, #341) [Link] (4 responses)

Yes indeed, and yes it should be banned. Any crypto mining should only be allowed on sustainable energy forms, ideally otherwise wasted.

Tornado Cash and collateral damage

Posted Aug 20, 2022 0:31 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

So you're saying that Bitshit needs to be regulated?

Tornado Cash and collateral damage

Posted Aug 20, 2022 14:13 UTC (Sat) by paulj (subscriber, #341) [Link]

I think we need national and international regulation to restrict the burning of hydro-carbons, yes.

Tornado Cash and collateral damage

Posted Aug 20, 2022 20:21 UTC (Sat) by intelfx (subscriber, #130118) [Link] (1 responses)

I used to think that discourse standards on LWN were above arbitrarily using pejorative terms to refer to anything you disagree with.

Tornado Cash and collateral damage

Posted Aug 21, 2022 6:11 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

It's not a pejorative term. It's a funcitonal description: Secure Hash-Interlinked Transactions.

Bitcoin does SHIT.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:55 UTC (Fri) by immibis (subscriber, #105511) [Link]

Even in this case, the mining operation is making it profitable to operate a bigger dam, killing fish (who cannot easily swim upstream past the dam) for no good reason.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:26 UTC (Fri) by excors (subscriber, #95769) [Link] (1 responses)

> The cheapest energy available is that which must be produced, but can not be sold. This is heavily biased towards non-hydro-carbon forms of energy. A lot of mining makes use of sustainable power for this reason, e.g. hydro-electric power that is cheaply available for various reasons (remote areas with excess for demand; off-peak times; etc.).

On the other hand, recently about 18% of Bitcoin mining was in Kazakhstan (second place behind the US), largely because of its low energy costs (plus ease of relocation from China after it sort of banned mining). Those energy costs weren't from underutilised renewables - Kazakhstan's electricity is reportedly about 70% coal and 20% gas (https://www.iea.org/reports/kazakhstan-energy-profile), and it is cheap because of cheap coal and large government subsidies and lack of investment in power infrastructure. (And coal is "cheap" because the people burning it don't have to pay for the enormous health costs and climate change impact.)

The Bitcoin miners swooped in to take advantage of that, used about 8% of Kazakhstan's total electricity generation and strained the already-struggling infrastructure, so the government ended up rationing power and introducing taxes for registered miners (though that doesn't help against the majority that are unregistered and operating illegally) and buying more energy from Russia. Earlier this year the government tried to increase energy prices, but that led to deadly riots, so it's not exactly a stable situation.

(https://www.ft.com/content/086b7ec7-f71a-4214-bfa0-564485... , https://www.wired.com/story/kazakhstan-cryptocurrency-min... , etc)

And don't forget that this stupendous use of energy is for a database that handles a global total of about 4 transactions per second.

Tornado Cash and collateral damage

Posted Aug 19, 2022 17:06 UTC (Fri) by paulj (subscriber, #341) [Link]

Yes, true, and that's bad.

How we prevent the burning of coal, and stop countries with spare coal resources from using them, is a far far bigger question than crypto-mining.

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:44 UTC (Thu) by paulj (subscriber, #341) [Link] (22 responses)

Oh, and every dollar and every Euro no doubt at some point has been mixed in with euros/USD from some illicit activity. Are they all suspect too?

Tornado Cash and collateral damage

Posted Aug 18, 2022 16:55 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (21 responses)

They absolutely are, if you get them in a suitcase from Joe in the alley behind a bar.

That's why we have KYC laws that make sure that when you receive money, they likely come from a legal source (e.g. a bank).

The legal system doesn't really care too much about small amounts of money. So if you get $20 from a friend, nobody really cares if your friend got it by selling drugs. However, if you want to use your $1 million in cash from Joe to buy a house, then be prepared for very awkward questions.

Bitcoin allows to move hundreds of millions easily. This is a completely different level of threat.

Tornado Cash and collateral damage

Posted Aug 18, 2022 17:02 UTC (Thu) by paulj (subscriber, #341) [Link] (20 responses)

We have fundamentally different threat models.

Throughout history, the greatest threats to people are authorities with too much power.

Tornado Cash and collateral damage

Posted Aug 18, 2022 17:06 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

> Throughout history, the greatest threats to people are authorities with too much power.

For example, crime bosses with billions in untraceable money that they can use without any impediments.

Tornado Cash and collateral damage

Posted Aug 18, 2022 18:23 UTC (Thu) by mss (subscriber, #138799) [Link] (9 responses)

Throughout history, the greatest threats to people are authorities with too much power.

Exactly, criminals can't even dream of matching the level of harm that government organizations are capable of inflicting - just consider the previous century state-sponsored deaths.

Yet people seem to fear having their car stolen more than having their life ruined by getting thrown behind bars for years (or worse) just because they stepped on some powerful toes.

While one can simply insure their car there's no insurance from that later tail risk.

Tornado Cash and collateral damage

Posted Aug 19, 2022 0:57 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (8 responses)

> Exactly, criminals can't even dream of matching the level of harm that government organizations are capable of inflicting - just consider the previous century state-sponsored deaths.

Powerful criminals are worse. Mexico can attest to that.

And only a strong government that is operating within the laws and that is properly controlled by elected officials can fix that.

And cryptocurrencies are a tool that basically makes criminal transactions risk-free even at mind-boggling volumes.

Tornado Cash and collateral damage

Posted Aug 19, 2022 7:49 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

You know, maybe, just maybe, it's possible to deal with crime and have a well functioning society *without* giving the state the ability to monitor every single financial transaction between citizens - and gate-keep access to the ability to do financial transactions.

Maybe, just maybe, there is a balance to be struck.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:04 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> You know, maybe, just maybe, it's possible to deal with crime and have a well functioning society *without* giving the state the ability to monitor every single financial transaction between citizens - and gate-keep access to the ability to do financial transactions.

You know that the KYC laws were first passed to combat the organized crimes? We're not talking about monitoring everything, we're talking about ability of the government given appropriate court warrants to trace money back to criminals.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:45 UTC (Fri) by paulj (subscriber, #341) [Link]

That's not how the AML laws work though. The AML laws flip the onus completely. Financial institutions will bar you merely for /suspicion/ that you /might/ be doing something shady. Based on information they will not disclose to you. With no courts, or methods of appeal. Further, they are required - in many jurisdictions (no coincidence, because this comes out of recommendations from the international Financial Action Task Force) they are also required to _proactively_ report those suspicions to authorities.

So your model of AML working like traditional law enforcement, with judicial oversight and approval, is _incorrect_.

If it _were_ like that, I would have a lot _less_ concerns!

Additionally, state entities have put pressure on financial networks to have access to those networks denied to entities they dislike - *extra-judicially*! Some countries have used laws to bar access to financial networks, based on political activity.

Further, a number of central banks, including the ECB in Europe, are busy formulating plans to centralise digital transactions onto state specified platforms, so as to give real-time (or near-RT) visibility of transactions to authorities. I.e., various mooted "Central Bank Digital Currency" (CBDC) proposals. Even greater control of financial transactions is an explicit goal.

Tornado Cash and collateral damage

Posted Aug 19, 2022 17:11 UTC (Fri) by mss (subscriber, #138799) [Link] (1 responses)

Powerful criminals are worse. Mexico can attest to that.

Wikipedia says that about 115.000 people are casualties of the Mexican drug war.
However, it's unknown how many of these deaths are criminals themselves getting killed (either by other criminals or by the government) - Mexican authorities used to say 90%, but this figure is questioned.

Either way, it's still at least an order of magnitude less than the previous century state-sponsored deaths.

And cryptocurrencies are a tool that basically makes criminal transactions risk-free even at mind-boggling volumes.

Despise decades of increasingly invasive anti-laundering money controls this effort global success rate was estimated in 2009 at about 0.2 percent. So it's not cryptocurrencies fault (this isn't meant as their general endorsement, though).

At the same time AML compliance is invasive and costly - the linked article even calls it the world's least effective policy experiment.

I suspect the real reason for these AML/KYC laws is not so much fighting drug trade / corruption / terrorism, etc. (they barely make a dent there) but rather to make it harder to evade taxes.

While tax evasion is often a crime, too, it would probably be politically much harder to sell these invasive controls to the voting public if their main reason was to help government tax people more.

Tornado Cash and collateral damage

Posted Aug 20, 2022 0:42 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

> Either way, it's still at least an order of magnitude less than the previous century state-sponsored deaths.

And most of them happened when anonymous paper currency was the main payment source. Meanwhile, North Korea (which is the worst state on Earth) is happily using BitCoin right now to help run up the "state sponsored deaths" tally.

Sorry, if anything, modern traceable payment instruments are helping to STOP state-sponsored killings via sanctions that can actually bite.

Tornado Cash and collateral damage

Posted Aug 20, 2022 12:54 UTC (Sat) by gmgod (guest, #143864) [Link] (2 responses)

Governments are making the laws as much as the criminals are making the "rules". They take taxes like some take "improvement and protection fees". If tomorrow a government says it's legal to, say, invade a neighboribg country, it's legal. That's the beginning and the end of it.

Law is an illusion of security and peacefulness. A way to put people's vigilance to sleep. Democracy (term frowned upon even just half a century ago) is a tool for legitimacy, nothing else ("the majority of you voted for us after all, so watch what you do and say because more than half of the country will go at you if you misbehave").

I'm not saying being governed by the "strongest around here" is a good thing but I'm not saying being governed by the "strongest around here" is a good thing either. (<- hope you caught my draft)

Tornado Cash and collateral damage

Posted Aug 20, 2022 13:39 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

It's funny how none of libertarians even tries to move to a lawless state like Somalia where only the strength of arms matters.

Tornado Cash and collateral damage

Posted Aug 22, 2022 10:06 UTC (Mon) by paulj (subscriber, #341) [Link]

You need strong social ties to operate in such a place. There are still rules though, funnily enough.

Tornado Cash and collateral damage

Posted Aug 19, 2022 16:46 UTC (Fri) by flussence (guest, #85566) [Link] (8 responses)

> Throughout history, the greatest threats to people are authorities with too much power.

From where I'm standing the greatest threat to people is the fact large swathes of multiple continents are burning down or flooding away. Half a billion animals burned alive in a single Australian wildfire. Opaque brown skies for weeks under the midday sun on the west coast US. German villages washed away in flash floods, France regularly hotter than the Sahara, the sudden onset desertification of the UK and resultant collapse in food supply.

But sure, tell us all again about how your #SoundMoney sticking it to The Man is switching to PoS Real Soon Now™ and that we Just Don't Understand. Totally not a brainwashed cult.

Tornado Cash and collateral damage

Posted Aug 19, 2022 17:03 UTC (Fri) by paulj (subscriber, #341) [Link] (7 responses)

I want to see action against anthropogenic climate change. I'm quite sure crypto-mining did not cause it, and that if it disappeared tomorrow it would not change the challenges we facec. I'm also sure that humanity will continue to expand energy use, regardless of mining - in particular, non-crypto-mining compute energy use is certain to increase.

The whole question of how humanity generates energy in a sustainable way is far bigger than, and divorced from crypto-mining.

Hydro-carbons need to be phased out, for sure.

Tornado Cash and collateral damage

Posted Aug 30, 2022 16:56 UTC (Tue) by nim-nim (subscriber, #34454) [Link] (6 responses)

Anthropogenic climate change has been caused by building a system where increasingly complex mechanisms are used to dissociate acts from their consequences and camouflage who’s accountable for what. crypto-mining is the latest attempt to achieve this end.

Historically, wealth was not secret. The Pharaohs re-attributed tracts of land after each flood. Local barons knew pretty well how many “fires” they could tax (and kings how much each baron could be made to contribute). Those taxes paid for the commons that made our civilization possible.

There is nothing beautiful in a society where wealth is hidden, just a bunch of greedy parasites hoping someone else will toil to fix the environment they live in while they turn it anonymously in a shithole. A bunch of oligarchs pissing money away in tax paradises is already bad enough without generalising this idiocy.

Wealth is power and power is already corrupting enough by itself without being hidden and dissociated from accountability.

Tornado Cash and collateral damage

Posted Aug 31, 2022 12:11 UTC (Wed) by paulj (subscriber, #341) [Link] (5 responses)

I appreciate your comment and there are points that are good food for thought - thanks.

However, the first sentence is just wrong. The cause of AGW is industrialisation, and the burning of ancient, non-renewable hydrocarbons for energy. First the coal-age early-industrialisation from the 17th C onwards in Europe, and then the oil-driven hyper-industrialisation of the last 100 years. Humans have had (increasingly) complex and abstract mechanisms for transferring wealth for thousands of years before then, without causing warming in any appreciable way, in contrast to the last 150 odd years.

The problem is we have fuelled extra-ordinary developments and advances in our way of living, along with an explosion in population, by mining the earth, and burning hundreds of millions of years worth of concentrated solar energy in a few hundred years. Everything we expect and depend on now is steeped in oil. Even our agriculture and food depends heavily on oil: fertiliser, machinery, supply lines, etc.

The root cause is energy. And the only fix is replacing HCs with an energy source that is capable of reliably producing _at least_ the *same* amount of energy, for _less_ cost.

Tornado Cash and collateral damage

Posted Aug 31, 2022 12:15 UTC (Wed) by paulj (subscriber, #341) [Link]

As a thought experiment, one interpretation of your argument - that abstract systems of wealth transfer caused AGW - is that to fix AGW we need to remove financial abstractions in our society. Which: a) seems like it would require a massive re-engineering of the financial systems of developed societies; b) Doesn't really seem to address the problem - there's no obvious reason why this would address AGW, why wouldn't people just keep buying oil? People do so every day, buying petrol and diesel for their cars... a direct financial transaction.

Tornado Cash and collateral damage

Posted Aug 31, 2022 12:27 UTC (Wed) by Wol (subscriber, #4433) [Link] (3 responses)

> However, the first sentence is just wrong. The cause of AGW is industrialisation, and the burning of ancient, non-renewable hydrocarbons for energy. First the coal-age early-industrialisation from the 17th C onwards in Europe, and then the oil-driven hyper-industrialisation of the last 100 years. Humans have had (increasingly) complex and abstract mechanisms for transferring wealth for thousands of years before then, without causing warming in any appreciable way, in contrast to the last 150 odd years.

You're a couple of hundred years too late AT LEAST, if not a lot more ... I'm not sure of the exact details but (a) the Amazon Rain Forest (what's left of it) is nowhere near as old as most people think - before 1500 huge areas of it had been cleared, and much of it post-dates then. When the Common Cold and friends wiped out the AmerIndians, the forest regrew, and has been blamed for the mini iceage that followed in the 1700s - when the Thames froze over and suchlike things.

While I hesitate to suggest the human impact goes back that far, it is more than possible that the spread of farming 10,000 years ago has had a not inconsiderable hand in global warning ever since then! If not even before that!

Cheers,
Wol

Tornado Cash and collateral damage

Posted Aug 31, 2022 12:51 UTC (Wed) by paulj (subscriber, #341) [Link] (2 responses)

Deforestation occurred before the 17th C, yes. Used for construction (inc. ships) and charcoal. The coal age came along in great part cause high-energy (for the age) societies had used up so much forest. I don't know what impact that had on climate, and wouldn't doubt there was /some/ effect - but it was minimal compared to the effects of the (latter stages of...) coal age and (esp.) oil-age of the last 150 years.

My understanding was that solar insolation was a (one?) reason for cooling in the 17th C.

Tornado Cash and collateral damage

Posted Aug 31, 2022 15:26 UTC (Wed) by Wol (subscriber, #4433) [Link] (1 responses)

Thing is, we don't really know ... but we do know land clearance is a potent source of greenhouse gases. And the regrowth of the Amazon after South America was near enough wiped out (I keep wanting to write "decimated", but it was the inverse of that - about one person in ten survived ...) has certainly been blamed for it getting cold.

And while I doubt we started the current retreat of the ice age, the discovery of fire probably played a potent - if slow - role in hastening it. Pretty much every civilisation has stories of a great flood, which really happened about 10,000 years ago, and even that long ago we were more than capable of modifying the environment in potent and destructive ways ...

Cheers,
Wol

Tornado Cash and collateral damage

Posted Sep 6, 2022 8:00 UTC (Tue) by nix (subscriber, #2304) [Link]

Fire has been a core human technology for at least hundreds of thousands of years. There have been *multiple* ice ages in that timespan. Your numbers don't add up.

(Population growth might explain it, except that population growth was caused by agriculture, and agriculture didn't get started until after the current interglacial started. So that's in the wrong order too.)

Tornado Cash and collateral damage

Posted Aug 19, 2022 10:47 UTC (Fri) by hummassa (guest, #307) [Link] (6 responses)

So, using your own words: as "once criminal money enter a mixer, everything that comes out of it is suspect", printing fiat money that would be passed on to criminals *is* suspect. QED.

My argument is: either you argue for "no anonymous transactions ever" and that means no more Washingtons, Jeffersons, Lincolns, Hamiltons, etc upto Salmon P. Chases -- after all, some of those WILL be used to launder money -- or you concede that *the person that wrote the mixer is not a criminal for writing it*.

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:11 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

> So, using your own words: as "once criminal money enter a mixer, everything that comes out of it is suspect", printing fiat money that would be passed on to criminals *is* suspect. QED.

Uhm, no. Federal Reserve is not responsible for the destination of the money. Just as you are not responsible if a $20 bill you give to a street seller is then used to buy drugs.

If the Fed operated a "tumbler" - a special account where you could send money and retrieve it as cases of banknotes without any questions or limits, then you'd have a point.

> My argument is: either you argue for "no anonymous transactions ever" and that means no more Washingtons, Jeffersons, Lincolns, Hamiltons, etc upto Salmon P. Chases

We have pretty good anti-laundering laws that make it really hard to do laundering with Washingtons and Jeffersons. It's hard to launder anything other than trivial amounts. With crypto you can launder tens of millions easily, this is a huge difference.

> -- after all, some of those WILL be used to launder money -- or you concede that *the person that wrote the mixer is not a criminal for writing it*.

Nope. A person who wrote a mixer is a criminal, because the intent was clearly to enable criminal transactions. Yeah, yeah, "for privacy", sure.

Tornado Cash and collateral damage

Posted Aug 19, 2022 16:04 UTC (Fri) by hummassa (guest, #307) [Link] (1 responses)

Other people in this same thread made solid arguments "for privacy". Just because you can't see the legitimacy of those arguments, it doesn't give you (or anyone else) the right to infer intent "just because". There is nothing else I can say to you on this topic.

Tornado Cash and collateral damage

Posted Aug 19, 2022 16:51 UTC (Fri) by paulj (subscriber, #341) [Link]

And it is quite possible to have privacy AND accountability to regulatory authorities, as per Monero and its "view key" ability: https://lwn.net/Articles/905243/

Tornado Cash and collateral damage

Posted Aug 20, 2022 13:00 UTC (Sat) by gmgod (guest, #143864) [Link] (2 responses)

> If the Fed operated a "tumbler" - a special account where you could send money and retrieve it as cases of banknotes without any questions or limits, then you'd have a point.

That's called a bank. Sure is you are an individual (and not a company), you might get a few questions but ultimately if you decide to remove all or part of your money, they have to honor it. Banks are legally your debtor: they owe you the amount that is written in your account and they'll gladly fetch it from that big bag of mixed money they have somewhere. The fact they have to legally ask a couple questions to you does not change that.

Tornado Cash and collateral damage

Posted Aug 20, 2022 13:41 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> they have somewhere.

This big bag of money must come from vetted and identified clients. Banks can't get anonymous money donations.

Sure, it's not perfect and sometimes crooks can steal identities or corrupt bank branch managers. But as a bank client you can be sure that the bank has done all reasonable precautions.

Tornado Cash and collateral damage

Posted Aug 30, 2022 1:20 UTC (Tue) by sammythesnake (guest, #17693) [Link]

Getting drastically off-topic, but actually banks don't really have a "big bag of money", almost all of their assets are actually debts owed to them.

To make that already squicky fact more disturbing, the money lent out generally never existed in the first place. Providing the value of the debt plus collateral (i.e. the back that hand you a mortgage now owns your house) covers the "money" given out (plus the costs of recovering it), the books balance without the money existing in the first place.

There are regulatory controls that require the banks to have some *real* money deposited at Central Banks but at multipliers that make it almost meaningless, even post 2008 :-(

Tornado Cash and collateral damage

Posted Aug 20, 2022 12:42 UTC (Sat) by gmgod (guest, #143864) [Link] (1 responses)

That's called a bank, except that vetting does not work in real life and KYC is why cash laundries are still used to launder money. It provides the appearance that everything works well. The only difference is that those laundering operations do generate a bit of taxes so the government is happy.

Tornado Cash and collateral damage

Posted Aug 20, 2022 13:37 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

> That's called a bank, except that vetting does not work in real life and KYC is why cash laundries are still used to launder money.

Nope. Money laundering by itself does not use banks. It typically involves fake contracts and pretend buys. So banks sees only money coming from legitimate contracts from known customers.

A bank that deliberately advertises itself as "tumbler" will be sanctioned and possibly shut down.

This is not a hypothetical: https://en.wikipedia.org/wiki/Danske_Bank_money_launderin...

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:52 UTC (Fri) by immibis (subscriber, #105511) [Link] (3 responses)

Cash is an inherently inflationary asset: if you grow a tomato today, it doesn't give you the right to buy a tomato 1000 years from now. In fact 1000 years from now nobody should care how many tomatoes you sold today. This concept is, fundamentally, inflation.

Tornado Cash and collateral damage

Posted Aug 19, 2022 15:17 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

This isn't true. Inflation of issued cash is determined by policy. Which generally is determined by what is politically useful. If it suits the political classes, cash can be very stable. E.g., look at the inflation of the British pound in the 19th Century. Minimal variation, and ~0 inflation over 100 years:

https://www.in2013dollars.com/uk/inflation/1794?endYear=1...

The dollar was also fairly stable (by modern standards) in the 19th C, indeed, there was deflation compared to the 18th:

https://www.officialdata.org/us/inflation/1800?endYear=19...

You can make arguments against that stability, of course.

Tornado Cash and collateral damage

Posted Aug 20, 2022 0:28 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> This isn't true. Inflation of issued cash is determined by policy. Which generally is determined by what is politically useful.

No. Inflation target (in the US) is determined by what is the best for the economy: a balance of unemployment and interest rates.

> Minimal variation, and ~0 inflation over 100 years

And economy growth around 0.2% for the first part of the century, along with crushing poverty. Yup, the ideal world of cryptolibertarians.

Or we can look at the more recent examples of deflation: Japan. Compare its GDP growth rate with the US.

Tornado Cash and collateral damage

Posted Aug 20, 2022 14:39 UTC (Sat) by paulj (subscriber, #341) [Link]

You're confirming that monetary policy is indeed a policy, thanks.

On the other point, as I hinted at, previous monetary policy aimed at 0 inflation wasn't good. It was for the benefit of a small number of people, at the expense of many others. We don't disagree there.

Tornado Cash and collateral damage

Posted Aug 18, 2022 17:14 UTC (Thu) by pbonzini (subscriber, #60935) [Link]

If he was not only writing the code but also profiting from the commissions, he was running the money laundering operation.

Tornado Cash and collateral damage

Posted Aug 20, 2022 12:37 UTC (Sat) by gmgod (guest, #143864) [Link] (1 responses)

That's what banks do.

You put your money in a big pot and write somewhere "customer A has X amount". It is mixed (actually said money does not even exist, hard to put that in different "bags").

The only problem the gov has are:

1. There a potential for people not paying tax on that money.
2. They want to make an example out of this to show the public at large they'll be snapped by it sooner or later so they shouldn't even think about it.

So it's greed and protection of that greed. As I said, banks are doing the same thing.

Tornado Cash and collateral damage

Posted Aug 20, 2022 13:08 UTC (Sat) by zdzichu (subscriber, #17118) [Link]

Sorry, but the amount of ignorance here is astonishing. Banks are not mixers. There's a lot (a _lot_) of regulations in form of Know Your Customer, Customer Due Diligence and other Anti-Money Laundering laws.

Banks are super-careful when receiving funds. Anything suspicious will stop the bank from accepting the money and will trigger reporting the transaction to authorities for investigation. Of course, sometimes dirty money will come in. It's a risk. But banks with deliberately leaky KYC/AML processes will be fined (in millions of USD/EUR) or can even lose the license, which means bankruptcy. Accepting dirty money is an accident for a bank.

Accepting dirty money is a reason for existence for a mixer. Mixers are for money laundering, period. The guys in the article deliberately and knowingly facilitated crime. Zero sympathy for them.

Avoiding KYC/AML laws may not be a crime, but it is a felony for sure. "Financial privacy" is just an euphemism for money laundering. Money laundering is a crime. Please keep you criminal ideas away from our highly regulated, safe financial system.

(I worked in 3 different banks, now I'm working for a company specialising in fighting financial crime).

Tornado Cash and collateral damage

Posted Aug 18, 2022 17:27 UTC (Thu) by gjditchfield (guest, #5923) [Link] (6 responses)

Given this article and others like it, I haven't got a clear understanding of what Tornado Cash actually is. TFA mentions that mixers charge fees. Presumably these fees land in crypo wallets. Is Tornado Cash a group of humans who have control of a specific set of fee-collecting wallets?

Tornado Cash and collateral damage

Posted Aug 18, 2022 22:36 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (3 responses)

Tornado Cash, as the article says, is a smart contract (or perhaps a series of smart contracts). To understand that, we need to take a detour into the wonderful world of How Blockchain Works. The extremely abbreviated version is that most blockchains are scriptable to some extent, and some blockchains (particularly Ethereum) offer full-blown programmable addresses, called "smart contracts." A smart contract is a piece of code that runs whenever certain transactions occur on the chain, and can take on-chain actions in response to those transactions. For example, you could have a smart contract that says "split all incoming tokens evenly between addresses A and B, and then send the money to those addresses." In the case of Tornado Cash, I would assume that it does some convoluted and difficult-to-reverse mixing operation, then sends the money to anyone who can provide a zero-knowledge proof* that they originally put the same amount of money in.

The key point here, however, is that smart contracts exist independently of any individual. They are indelibly added to the blockchain, and cannot be removed without a hard fork. The transactions resulting from a smart contract are also indelible once included in the blockchain, and would also require a hard fork to undo. There is no central authority with the power to unilaterally disable a smart contract or block people from using it, and any transaction which meets the prerequisites for the smart contract must necessarily execute the smart contract (or else it is an invalid transaction). Individual miners could refuse to accept such transactions, and given the sanction powers of the US government, that might be a wise choice on their part, but if a different miner includes the disfavored transaction in a block which is added to the chain, there's not much that anyone can do about it.

* A zero-knowledge proof is a special kind of cryptographic primitive, wherein you can prove that X is true without providing any other information about X (in this case, you can prove that you put the money in, without providing any information about how or when you did that). The mathematics of how this works is out of scope here, and generally quite hard to follow, but some of the core ideas are vaguely similar to what you would see in an ephemeral key-agreement protocol like Diffie-Hellman. But the simple version is this: If you're trying to find out anything about X, other than "X is true," then the proof is a dead end and cannot possibly help you.

Tornado Cash and collateral damage

Posted Aug 19, 2022 18:28 UTC (Fri) by IanKelling (subscriber, #89418) [Link] (1 responses)

> The key point here, however, is that smart contracts exist independently of any individual.

No, they mostly have upgrade machanisms, and someone or some group of people have the keys to upgrade them.

Tornado Cash and collateral damage

Posted Aug 21, 2022 2:08 UTC (Sun) by NYKevin (subscriber, #129325) [Link]

My point, really, is that:

* The code exists on the blockchain, even if it is later updated or replaced with a new version, and anyone can look at it at any time. Anyone can make a copy and redeploy it at any time, even after the original has been disabled. Hence it's "independent" in the sense that anyone can launch a new one.
* The smart contract continues to exist until its owner takes a manual step to disable or replace it. If you can't find the person who deployed it, or if that person has intentionally destroyed their private key, then the smart contract is effectively immortal because nobody has the ability to get rid of it. Hence it is "independent" in the sense that it could continue to exist even if the owner dies, gets arrested, or just about anything else.
* The owner can be anonymous or pseudonymous. Hence it is (or can be) "independent" of the owner's real-world identity.

Tornado Cash and collateral damage

Posted Aug 19, 2022 18:59 UTC (Fri) by IanKelling (subscriber, #89418) [Link]

> They are indelibly added to the blockchain, and cannot be removed without a hard fork.

No, there is no "the blockchain", there are several etherium blockchains, each has it's own network, you can use a different one, and then after a while, a different one again, nothing needs to be permanent. Sorry, I know the blockchain propoganda myths / bad simplifications are kind of hard to avoid.

Tornado Cash and collateral damage

Posted Aug 19, 2022 18:31 UTC (Fri) by IanKelling (subscriber, #89418) [Link]

> Is Tornado Cash a group of humans who have control of a specific set of fee-collecting wallets?

Basically, yes. But I think it is open for people to join or leave that set if they choose. It is safe to assume that there is a significant overlap from the developers of the code and the people profiting with fees, and perhaps some developers profited indirectly.

Tornado Cash and collateral damage

Posted Aug 24, 2022 18:40 UTC (Wed) by gjditchfield (guest, #5923) [Link]

Noted here for posterity: the EFF has a clear blog post, "Code, Speech, and the Tornado Cash Mixer". The OFAC sanctions and subsequent commentary muddle together several distinct concepts.

Meanwhile, the OFAC press release quoted above refers to “Tornado Cash” as both an anonymity-enhancing technology and a sanctioned entity. “Tornado Cash” is also the name of: the underlying open source project that developed and published the code on GitHub; the name of this autonomous mixer software that resides as a smart contract (application) running on the Ethereum network; the URL of the tornado.cash website (listed by name on the SDN); and could be considered a name of an entity consisting of some set of people involved with the mixer. OFAC did not identify or list any people involved with the mixer as sanctioned by name. While the OFAC listing is ambiguous, Coin Center has drilled down on what it believes is and is not a sanctionable entity in the Tornado Cash situation, distinguishing between an entity and the software itself.

Tornado Cash and collateral damage

Posted Aug 18, 2022 20:38 UTC (Thu) by ch33zer (subscriber, #128505) [Link]

If LWN really feels the need to write about crypto (why?) then let's keep it neutral. I think one thing that's missing is technical discussions of how these sanctions actually work. I would find that far more interesting than the breathless proclamations of lost freedom: 'this comes down to a question of fundamental freedoms and human rights'

"Developer sigchains" and decentralization

Posted Aug 18, 2022 22:36 UTC (Thu) by dmarti (subscriber, #11625) [Link]

It seems strange that with all the money being thrown at cryptocurrency and related development that nobody has built out the "Developer sigchains" concept covered here a few years ago.

https://lwn.net/Articles/793037/

Most of the "decentralized" projects are less centralized than old-school projects -- most things are on GitHub and Discord. (Unless there's a super-secret decentralized system that the _real_ decentralizers are on?)

Tornado Cash and collateral damage

Posted Aug 18, 2022 23:36 UTC (Thu) by scientes (guest, #83068) [Link] (1 responses)

As Lawrence Lessig said a LONG time ago: Code is law; why doesn't anyone get this yet?

https://lessig.org/product/code

So you are dealing with one cult (the US dollar) declaring war against another cult (this stupid bitcoin idea).

Tornado Cash and collateral damage

Posted Aug 19, 2022 14:59 UTC (Fri) by immibis (subscriber, #105511) [Link]

If you think too hard, basically everything is a cult.

Tornado Cash and collateral damage

Posted Aug 19, 2022 2:24 UTC (Fri) by antiphase (subscriber, #111993) [Link]

Did someone bribe the subeditor with doughnuts to get this one through?

Tornado Cash and collateral damage

Posted Aug 19, 2022 4:36 UTC (Fri) by rsidd (subscriber, #2582) [Link] (2 responses)

I find the comments and links therein much more illuminating than the article. It seems clear that the scenario is not what is being portrayed in the article. The software wasn't some general purpose software that happens to facilitate money laundering in the wrong hands. It was written specifically for money laundering. The arrest of the developer was not for writing the software, it was for running a moneylaundering racket. This is not up to the usual LWN standard and in my opinion the article should be retracted (it can remain posted for transparency, with a retraction notice). Or else, a better explanation should be posted on why this is broadly relevant to Linux and free software.

Tornado Cash and collateral damage

Posted Aug 19, 2022 16:53 UTC (Fri) by paulj (subscriber, #341) [Link] (1 responses)

The developer arrested wrote a lot of the code (but not all) and put it on GitHub. Sources near them say they were not involved in the running of it.

Tornado Cash and collateral damage

Posted Aug 19, 2022 16:56 UTC (Fri) by paulj (subscriber, #341) [Link]

Oh, and the remit of LWN expanded to open-source generally, not just Linux, a *long* time ago. Being arrested for the writing of open-source code for distributed computing sounds very on-topic for LWN. Just because _some_ LWN readers dislike this particular area of open-source shouldn't change that.

Tornado Cash and collateral damage

Posted Aug 19, 2022 19:16 UTC (Fri) by IanKelling (subscriber, #89418) [Link] (7 responses)

> It is all part of the same playbook that attacks strong encryption and tools like Tor because they can also be used by terrorists, child sexual abuse offenders, and the like. It is true that those tools can be used to facilitate such activities, but so can a wide variety of other things. The tools are not at fault.

Ok, crypto currency is not my expertise either, but I think you really screwed this one up, and I'd like to see a follow up at some point.

The way that it really falls down is that with Tor, the Tor project has no good practical way to prevent bad uses along with good uses, but especially for the North Korean money laundering that these sanctions are most targeting, the etherium project and the tornado cash project could pretty easily have done something.

Remember that Etherium famously made a software update which rolled back transactions which exploited a bug and allowed someone to take some coins from etherium's founders and early investors. Fast forward, North Korea stole 620 million dollars worth of Ethereum in April (on the mainnet, the most popular etherium blockchain/network), in specific known public addresses which were themselves sanctioned: https://home.treasury.gov/policy-issues/financial-sanctio.... It was widely reported that a large fraction of that that would go to their nuclear missile program if they launder it. So, etherium will fork to save investors and founders money, but not to stop nuclear proliferation. That doesn't seem right. All the major crypto currency exchanges already won't do any transactions which involve the sanctioned addresses or ones that they directly transferred from them after April. I noticed that, the code to do that checking hasn't been added to etherium node repos or tornado cash repos. Etherium and tornado cash could have just encouraged people to switch to the 2nd most popular etherium network/blockchain. The exact same etherium software, just pointing to a different blockchain by default, the utility of the software for good uses would have not have been lost in with any similarity to putting a backdoor in encryption software or something like that.

Tornado Cash and collateral damage

Posted Aug 19, 2022 21:11 UTC (Fri) by IanKelling (subscriber, #89418) [Link]

correction: s/etherium/ethereum/

Tornado Cash and collateral damage

Posted Aug 20, 2022 20:01 UTC (Sat) by intelfx (subscriber, #130118) [Link] (5 responses)

> especially for the North Korean money laundering that these sanctions are most targeting, the etherium project and the tornado cash project could pretty easily have done something.

_Why_ would they do anything in response to some sanctions? The whole point of cryptocurrency is that it is above nation-states and their sanctions. Is that good or bad, that's a different question, but not giving a damn about any sort of sanctions is pretty much the _whole point_ of the exercise.

> Remember that Etherium famously made a software update which rolled back transactions which exploited a bug and allowed someone to take some coins from etherium's founders and early investors.
>
> So, etherium will fork to save investors and founders money, but not to stop nuclear proliferation. That doesn't seem right.

Seems pretty right to me. Ethereum will hard-fork to rollback the consequences of a bug, why would it hard-fork to rollback any sort of legitimate use of the network?

Tornado Cash and collateral damage

Posted Aug 20, 2022 23:04 UTC (Sat) by NYKevin (subscriber, #129325) [Link] (1 responses)

> _Why_ would they do anything in response to some sanctions?

Because it's the law.

Tornado Cash and collateral damage

Posted Aug 23, 2022 13:49 UTC (Tue) by intelfx (subscriber, #130118) [Link]

> Because it's the law.

Which exactly "the law" are we talking about?

...Ah yes, there is only one law on Earth that does not concern itself with a _jurisdiction_. and thinks that it applies anywhere on the planet: the US law. Of course, how could I forget.

Anyway, why would the Ethereum project concern itself with the US law?

Tornado Cash and collateral damage

Posted Aug 21, 2022 0:49 UTC (Sun) by IanKelling (subscriber, #89418) [Link] (2 responses)

> Ethereum will hard-fork to rollback the consequences of a bug, why would it hard-fork to rollback any sort of legitimate use of the network?

Lol, that isn't what happened. It wasn't a bug in Ethereum, it was a bug in a specific smart contract and the draining of that contract was completely legitimate use of the network and Ethereum, but they patched Ethereum itself and forked the chain because the devs happened to be invested in that contract. You can read more starting on wikipedia: https://en.wikipedia.org/wiki/Ethereum#Launch_and_the_DAO...(2014%E2%80%932016). They will fork to make some money for themselves, but not to stop nuclear proliferation to a despotic dictator.

> _Why_ would they do anything in response to some sanctions?

I suggested they do something to stop nuclear proliferation, not "some sanctions."

> The whole point of cryptocurrency is that it is above nation-states and their sanctions.

Not that I can see. The main point of Ethereum for most people with any involvement is that it is a speculative investment to eventually convert back to non-crypto assets to realize the return. And that is subject to all sorts of laws, like taxes.

To considering its potential as a widespread currency: it's a ledger a few people created, gave themselves all the money, then went about convincing the world to buy it from them for trillions of dollars. It would be like if congress passed a law whereby they create "dollar2" to be a new digital currency, they give almost every dollar2 to the current members of congress, then, everyone else has to buy dollar2 from those congress members, making them all massive billionares. As possible distribution policies of a new digital currency goes, that is similar to Ethereum's and it is about the most inequitable, wealth inequality creating policy possible. As a currency, it started out rotten and it always has been. Treating it solely as a speculative investment, it is still ethically dubious, but not quite as bad. But now, I think the message needs to be spread that the ethereum devs are protecting their investments instead of preventing a despotic state from getting significant funding for their nuclear missile program, and whoever invests money into the ethereum mainnet is also contributing to that by helping North Korea cash out their laundered coins for a higher price.

Stellar has long been trying to market itself the more equitably distributed digital currency, and really there is so much more room for an equitable digital currency distribution systems to come along. That could potentially be a new blockchain which uses the same ethereum software, but it won't be the ethereum mainnet blockchain.

Tornado Cash and collateral damage

Posted Aug 23, 2022 13:51 UTC (Tue) by intelfx (subscriber, #130118) [Link]

> Lol, that isn't what happened. It wasn't a bug in Ethereum, it was a bug in a specific smart contract and the draining of that contract was completely legitimate use of the network and Ethereum

Yes, this is less ethically justifiable, but I still see a pretty clear difference between "exploiting bugs in the software" (be it Ethereum itself or certain smart-contracts on the network) and "moving money in directions that _some_ governments aren't exactly pleased with".

Because the second part is one of the main reasons why blockchain was invented, after all.

Tornado Cash and collateral damage

Posted Aug 23, 2022 13:57 UTC (Tue) by intelfx (subscriber, #130118) [Link]

> I suggested they do something to stop nuclear proliferation, not "some sanctions."

And yes, if they want to do something to stop nuclear proliferation, then maybe the US government should start with disarming _itself_ — last I checked the US wasn't a party to the Nuclear Weapon Ban Treaty. Otherwise it's just political power play.

Tornado Cash and collateral damage

Posted Aug 24, 2022 18:26 UTC (Wed) by joshwb (guest, #160479) [Link]

To my ears, this topic has echoes of the gun debate in the US (unfortunately). Blame the user not the tool, sort of thing. It all goes to the heart of the safety vs. freedom compromise life requires humans to make. The US constitution affords a right to create and share code in its first amendment. It will be interesting to see if the courts place the code in question here into the category of inciting speech which they can limit. Not sure how that could be done but it doesn't seem impossible. The likely outcome though is that these guys were legitimately laundering cash and were rightfully taken down.

Tornado Cash and collateral damage

Posted Nov 22, 2022 15:09 UTC (Tue) by poruid (subscriber, #15924) [Link]

Today the Dutch prosecutor has decided to prolonged the detention on remand for P.