Welcome Avatar! After the recent attacks on privacy tools and anonymous transactions, it is time to delve in deeper into where we stand in terms of privacy, CBDCs and potential ways to opt out. The gates are closing faster than expected, and before too long they will be shut so tight our children will not even understand what “privacy” means when it comes to transactions.
In the last two weeks, we have seen an unprecedented crackdown on privacy tools and “crypto” in general.
There has been a concerted effort from US and EU authorities to take down privacy enhancing software, specifically so-called “mixers” or “coinjoin” services. In case you’re not familiar with the terminology, here’s a breakdown:
A CoinJoin collects the inputs of many users, and broadcasts them into many outputs in a single transaction, whereas a mixer sends your bitcoins through a series of transactions with a variable number of inputs and outputs, before it is sent back to you in another address, or imported into a wallet as a private key. — Source
The most important difference between a mixer and a CoinJoin service, is that the latter is non-custodial, meaning: the software service you’re interacting with never holds or custodies your funds.
Centralized mixers take possession and custody of funds, which would effectively qualify as a Money Transmitter service. The case for non-custodial CoinJoins or smart contracts — as in the case of Tornado Cash on Ethereum — being money transmitter businesses or a “money laundering” business, is a lot less obvious. Let’s dig in.
Tornado Cash
The first big case around one of the most used privacy services in crypto was Tornado Cash. Tornado Cash was a decentralized non-custodial protocol that enabled users to perform private transactions in the crypto-space.
Tornado Cash developer Alex Pertsev was first jailed in the Netherlands, — this Mara’s fatherland of all places — in August 2022 shortly after the platform was blacklisted by the U.S. Treasury.
The Treasury Department alleged that Tornado Cash had been a key tool for the North Korean hacking group (Lazarus Group), tied to a $625 million hack of Axie Infinity’s Ronin Network, among other issues.
Dutch prosecutors doing the U.S. Treasury’s dirty work, accused Alex Pertsev of laundering $1.2 billion worth of crypto through the anonymizing tool Tornado Cash, and seek a 64-month jail sentence (verdict is due May 14).
Tornado Cash developers Roman Storm and Roman Semenov face similar allegations in the U.S. and knowing the U.S.’s sentencing, they could face up to longer sentences than Pertsev in the Netherlands if convicted.
But did these developers launder this money themselves? No. They never had custody over the funds. It would be the same thing as saying Apple enables crimes because criminals used Apple products to conduct them. Or that the Internet Service Provider (ISP) would be liable because criminals used that particular internet connection.
Tornado Cash was an open protocol, and never held any of the funds in custody — if you’re interested in the details, this is a good explanation of how these smart contract transactions worked in practice.
Samourai Wallet
Last month, Samourai Wallet founders Keonne Rodriguez and William Hill were arrested and charged with conspiracy to money laundering and conspiracy to operate an unlicensed money service business in the Southern District Court of New York.
The indictment alleges that Samourai Wallet “facilitated more than $100 Million in money laundering transactions from illegal dark web markets”.
The developers face up to 25 years in prison for writing code.
Only 5% of Samourai transactions ($100 million USD) are alleged criminal money laundering. Benchmark that to the 2-5% of global GDP which is laundered each year according to Europol, and it quickly becomes clear that the name of this game is not to fight “money laundering”, but to shut down as many privacy enabling tools in the digital toolkit as possible.
These arrests and recent announcements from US authorities cast a doubt on whether self-custodial wallet providers, or even Lightning nodes could be considered Money Services Businesses and be regulated as such.
After the Samourai Wallet arrests, the FBI issued a Public Service Announcement with an “Alert on Cryptocurrency Money Services Businesses”:
A few simple steps can prevent unintentional use of non-compliant services. For example, avoid cryptocurrency money transmitting services that do not collect know your customer (KYC) information from customers when required. - Source
Lol.
You can quickly see why this is flawed logic: Joe asks Bob to pay Alice. If Bob pays Alice with a couple of 100 dollar bills that he got from Joe, which are all private transactions, suddenly Bob is running a money transmitting service and he would be non-compliant because he didn’t KYC Joe. Derp.
In the above example Bob would even be more of a money transmitter than Samourai, since he actually had the cash in his possession before paying Alice.
There is no way to replicate the functionality of a CoinJoin with cash.
Unfortunately, even though many of the applications built on top of Bitcoin are labeled as decentralized — which Samourai effectively was since users never gave up control over their coins — the degree to their decentralization suddenly becomes very clear once there’s a DOJ indictment testing the waters of this supposed decentralization: websites and protocols go offline, apps disappear out of App Stores and it practically becomes impossible for the layman to interact with these protocols or services. So much for decentralization.
It’s a shame that cash is more anonymous in that sense that there is no ledger where authorities could check if that transaction actually took place.
It wouldn’t surprise me if in the future, core devs will decided to go fully anonymous while building their applications, since there is no benefit to exposure, as the above cases have clearly shown.
This post on X is a great summary on why there’s reason to worry:
Given all of these plain facts, it is not unreasonable or over the top to suspect that you’re seeing the beginning of a crackdown on Bitcoin and its users in general.
To not have concerns that are almost certainly valid is not only jaw droppingly naïve, but it shows a surprising absence of knowledge of both ancient and recent history and current events, like Australia calling for Elon Musk’s arrest, and Brazil attacking X, and the constant trickle of state attacks on Gab, (not Bitcoin related but clear government overreach) or the very related threat of the EU creating the fake, “Unhosted Wallet” category, in a clear attempt to outlaw self custody.
The fear in the Bitcoin industry after the Samourai Wallet arrest spread quickly to other privacy tools built around Bitcoin.
Phoenix Wallet decided to pull out of US app stores, and Wasabi Wallet announced it was shutting down its CoinJoin coordination service zkSNACKs, which leaves only one privacy tool on Bitcoin still standing (Joinmarket)
Other crackdowns
Besides these targeted attacks on privacy tools around Bitcoin, the SEC has also gone after Uniswap, Robinhood, and other platforms in the last 2 weeks, all related to the crypto sphere.
Roger Ver was arrested in Spain and is being extradited to the US to face trial over not paying taxes on dividends through US (Bitcoin related) companies. Binance’s CZ was sentenced to 4 months in jail for money laundering after cooperating with the US justice department.
By now it should be absolutely clear that the US is “cleaning house” after the Bitcoin ETF launch, making sure to fence off the future on- and offramps for crypto services as much as possible. You shouldn’t be able to opt out, anon.
Keep stacking sats and withdraw these into personal wallets with private keys you control, before potential regulations make it harder to do so.
Depending on how you obtain your Bitcoin, in most cases this will still be linked to your identity (since you probably withdrew them from a centralized exchange that forced you to go through KYC-procedures), but at least those coins will be fully in your control.
For even more privacy on the base layer, there is a reason why Monero is actively being delisted from most major exchanges.
Kraken is one of the last big exchanges to offer XMR trading — which tells you that the privacy enabled transactions by default actually work a little too well. Kraken will be forced to delist Monero later this year in multiple EU countries, and it is just a matter of time before it will be delisted completely.
Binance had already delisted XMR earlier this year. Coinbase and others had delisted it a long time ago, out of fear of repercussions.
That leaves a few smaller exchanges, and a p2p market, but not much else.
I’ve gone over the case for owning some XMR before, not from any store of value perspective like with Bitcoin, but purely as digital cash in the future if you happen to ever need it. You never know when you will, and when you do, it might be too late.
Even though this Patagonian rodent could be labelled as a Bitcoin maxi, I have to say that unfortunately at this moment, 100% privacy on Bitcoin is too complicated for most non tech-savvy users, except if you mine it yourself (which requires a large investment).
The EU and the US (and most OECD countries like them), will only increase their crackdown on digital privacy.
The craziness of eternal KYC and AML will only become worse.
In “ChokePoint 2.0”, Calvin Froedge describes exactly how bad it can get, even if you have nothing to with any crypto-related services or products:
despite what they tell you, it isn’t criminals they’re going after. They’re going after you, and me, and everyone else. Every single person operating in the modern financial system is now subject to the arbitrary whim of random officials and automated account flags. People are being funneled into narrower and more restricted systems where the amounts they can transact, and who they can transact with, is more tightly controlled with each passing day.
[…] The choice for freedom is so clear. Another passport won’t make you free. Another place won’t make you free. The only choice we have is to stand and fight - to finally accept that our comfortable lives may become less comfortable.
— Calvin Froedge in “Opting Out”
For now the only way to opt out at least partially for most people is by using tools that allow you to do so. For now that is cash, and some of the options I discussed above.
Final Thoughts
One of the best breakdowns of why privacy is necessary in the Digital Age was condensed in the intro paragraphs of the Cypherpunk Manifesto (1993):
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.
Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.
This still rings true today, and in fact, it has only become more important as digital surveillance and KYC and AML have penetrated every inch of our digital footprint.
Fighting the system is something residents in Argentina are better prepped for than residents in most other countries. I wrote about that here, explaining why Argentina is such an ideal place for people like me — and maybe not for others, and that’s perfectly okay:
Online privacy is important, and if we want to maintain the same levels of freedom as we have had up until now (which are slowly eroding), there is a real need to fight back.
For me, one way of doing so is using the options that Argentine society offers on a day to day basis.
See you in the Jungle, anon!
ah... In Argentina, almost everywhere you pay by cash or card, you are required to provide identification. those basic KYCs are everywhere.