150 comments

[ 2.7 ms ] story [ 202 ms ] thread
A great time to finally consider self-hosting.
Do you understand how long, you can go to jail for violating sanctions?
There's no disobedience like civil disobedience. All the best things in life are illegal. Long live anarchy! Fire to the prisons!

Information wants to be free! ACAB! Eat the police!

Who are you gonna call when someone comes to eat you? Surely not the police.
GitHub understands that and they are within their right to take down repositories that are violating sanctions. So you're talking to projects like Tor, Signal (who repeatedly attempted to violate sanctions [0]) Matrix, etc which have been used to evade sanctions.

For any project that is self-hosting, like Tor which allows criminals, scammers and money launderers to access the internet and the 'dark web' and bypass sanctions with high anonymity and are self-hosting at [0]. Perhaps the FBI should 'take them down' immediately?

What are they waiting for then?

[0] https://signal.org/blog/looking-back-on-the-front/

[1] https://gitlab.torproject.org/tpo/web/tpo

If you're an international criminal conspiracy you should definitely consider it.
What if I'm just a OSS author? Do I need to consider it too?

Judging by what's happening right now, if I'd live in the US, I'd definitely be concerned right now. I hope I'm not gonna be put on a list of sanctions just because I chose to publish my software as MIT and some criminal happens to use it.

Are you making software that has the explicit stated purpose of facilitating illegal money laundering, like these crypto mixers openly say they do? If not, then you don't have anything to worry about from these sanctions.
“Are you doing anything illegal? If not, then you don’t have to worry about surveillance.”
This isn't warrantless surveillance, it's people breaking the law in the open. You can believe tornado cash should be legal but still, be realistic: Most OSS doesn't have tornado cash's risk profile
Tornado Cash has never been for the "explicit stated purpose of facilitating illegal money laundering" but for being able to remain private about what transactions you make on the blockchain. As long as you file your taxes correctly, it wouldn't be illegal to use services like Tornado Cash.

Plenty of people use services like that to move funds from their cold wallet to their hot one, in order to not make visible to the public how much funds they have. Again, as long as you properly file taxes, this should not be a issue.

And yeah, some people do work on privacy-preserving services that can and will be used for bad purposes. Anything involving E2E encryption is usually made for privacy reasons, is this bad enough for you to say the same thing about it? What about things that can be used to skirt copyright like youtube-dl, do they deserve the same treatment?

> Tornado Cash has never been for the "explicit stated purpose of facilitating illegal money laundering" but for being able to remain private about what transactions you make on the blockchain.

Isn't that literally what money laundering is?

> As long as you file your taxes correctly, it wouldn't be illegal to use services like Tornado Cash.

IIRC, money laundering businesses pay their taxes too (e.g. the Breaking Bad car wash pretended the drug profits came from washing cars, and paid taxes those "car washing" profits).

No? "Money laundering is the process of concealing the origin of money, obtained from *illicit* activities such as drug trafficking, corruption, embezzlement or gambling, by converting it into a legitimate source." [1]

If the funds you're shielding via something like Tornado were legitimately earned by you, it's your right to do whatever you want to protect your privacy (as long as you report the proper tax paperwork to the government, otherwise it can turn into tax evasion).

[1] https://en.wikipedia.org/wiki/Money_laundering

Is it really this black and white?

It seems that regulators can change their position at any time. See the recent example PredictIt.

Yes, if your business engages in plainly illegal activity that relies on a letter of exemption from the relevant regulator, and if you don't abide by the terms of that letter, then the evil government might capriciously decide to shut you down.
Actually you can just hide it in another repository.

Steganography makes fools out of infotyrants.

You do realise what you have just said was incredibly silly?

I hope you weren't part of the 'criminals' crying about youtube-dl being suspended by GitHub in 2020: [0].

So GNOME [1], WireGuard [2], The Linux Kernel [3], Mozilla [4] and ReactOS [5] and Tor Project [6] are all 'criminals' for self hosting their own projects on their own servers rather than being forced to host it on GitHub?

Surely they all know that GitHub can take their repositories down for any reason. If they all announced that they are going all in on GitHub, what is the whole point of supporting 'free software' in the first place?

[0] https://news.ycombinator.com/item?id=24872911

[1] https://gitlab.gnome.org/GNOME

[2] https://git.zx2c4.com/

[3] https://git.kernel.org/

[4] https://hg.mozilla.org/

[5] https://git.reactos.org

[6] https://gitlab.torproject.org/tpo/web/tpo

Tornado Cash repo+website taken down as well[0], and so have many of the GH accounts that were contributors to the repo[1].

[0] https://twitter.com/w_y_x/status/1556716055296294914?s=21&t=...

[1] https://twitter.com/bantg/status/1556721709931175937?s=21&t=...

Related, today:

“U.S. Treasury Sanctions Virtual Currency Mixer Tornado Cash” https://news.ycombinator.com/item?id=32386189

Specifically:

> all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.

This is the first time open source tool/software (not even a business) has been put on the SDN list. Previous entries have all been either people or businesses. I don't live in the US, but if I were, I'd reconsider publishing OSS right now. I don't know all the users of my software, and I wouldn't want to risk being put on any lists like the SDN.
Be realistic here, are you distributing oss that exists for the sole purpose of money laundering?

I don't have a strong opinion on whether tornado cash should be allowed to exist, but it's obvious that it violates US law.

Similarly if you distribute OSS viruses don't act shocked if people want to harass you over it - distributing viruses is illegal in some places

> Be realistic here, are you distributing oss that exists for the sole purpose of money laundering?

I am not, and neither are the authors of Tornado Cash. There is legitimate purposes to use privacy-preserving services. As long as I file my taxes correctly, I should be able to use them as I wish.

> but it's obvious that it violates US law

Since they got added to the SDN list, it's obvious yes. But before that, why it is obvious? Again, as long as I file my taxes correctly with the IRS, there shouldn't be a problem with using services like this.

Unfortunately a large percent of the population believes the false narrative of "nothing to hide, nothing to fear" so they believe only criminals have the desire for privacy

these are the same people that will be SHOCKED when something they use, love, or do is ruled illegal or "obvious" violation of US Law,

Like bittorrent clients
This is a poor comparison, BitTorrent has lots of obvious legal uses even if it is popular with pirates. It actually gets used extensively for those legal purposes. Products like LimeWire or Napster explicitly marketed for piracy reasons are another matter. It is possible to use BT without breaking the law.

Maybe a decade ago when I worked at a game studio our IT department got mad at me for being connected to a torrent tracker. What was the tracker for? Patches for one of our games, because the updater used BT.

Sounds like a apt comparison to Tornado Cash then, as exactly the same applies with it. It's used for obviously legal use cases too. Just because some groups use it for less legal things, doesn't mean the thing itself should be illegal.
So what Percentage of BitTorrent Traffic would need to be "illegal" for it to fall under the classification of "obvious violation of US law" or "primarily used for illegal purposes" thus justifying targeting the technology instead of the individuals using the technology?

I have a feeling in this instance your bias is in favor of allowing bittorrent to exist because you have a personal use for that technology that is not illegal, and you do not have a personal use for the Tornado Cash technology, thus you have no ability to see legal uses for that tech.

I have found it to be an exceedingly rare trait for people to be able to externalize, and understand other people's worldviews. If they personally do not need, desire, or have a use for X, then they have no problems with the government clamping down, regulating or banning it. Never coming to the wider understanding that the government may (and likely will) turn it gaze to them.

Well, they were unable or unwilling to prevent North Korea from using the service to launder money, which is illegal
It's not a service, it's a tool. North Korea probably used Rust at one point, should we sanction individuals who contributed to Rust as well?
yeah they’d probably ban Rust if a sizable percentage of the Rust usage was to avoid NK sanctions
>Similarly if you distribute OSS viruses don't act shocked if people want to harass you over it - distributing viruses is illegal in some places

Plenty of legitimate software can be used for nefarious things (and sometimes the legitimate code is indistinguishable from malicious code, e.g. remote viewers).

We should probably focus on the people and the actions those people take, rather than code itself, or we might end up in a bit of a pickle. Ban encryption because it's used in ransomware. Ban tech-support software like TeamViewer or QuickAssist because it is used in scams.

Tornado Cash exists for money laundering. That's the thing it does. You can believe money laundering should be legal, or that there are legitimate uses for the software, but the fact is that the software appears to be against US law, so nobody should be surprised that the authors got sanctioned.

The vast majority of OSS software does not have this hazard and it does everyone a disservice to pretend that the situation is identical. There are a bunch of other things OSS maintainers should be worrying about before US sanctions.

> Tornado Cash exists for money laundering

Maybe you don't know exactly what "money laundering" is. That you want to hide whatever you are doing doesn't mean that what you're doing is illegal, which is a prerequisite for something to be "money laundering". Just like E2E doesn't exists solely for hiding criminals doing criminal things.

>You can believe money laundering should be legal, or that there are legitimate uses for the software, but the fact is that the software appears to be against US law, so nobody should be surprised that the authors got sanctioned.

I'm not sure if you understood my comment. I don't care about the authors and whether or not they were sanctioned. My point was about the code itself. If we started to force GH and the like to remove any code that has been used in an illegal activity, there's going to be very little code left on GH.

Right, and also note that plenty of "nefarious" software can be used for legitimate things.

Just think of malware analysis or feeding malware to the machine-learning monster.

In the end, it's just information and can be interpreted in a myriad of ways and for all kinds of purposes, including the good ol' simple satisfaction of intellectual curiosity. But many people in this thread seem to have a zero bit mind. By that I mean that they have a single bit dichotomy good(allow)/bad(ban) world that invariably has the value "bad(ban)".

I understand that GitHub is just taking immediate actions in a way they perceive as being compliant with the law. The question is more existential: since source source code is speech, can the government even sanction it? And should GH fight this if they want to remain a reliable platform for publishing code? What even is GH required to do in response to this sanction, or are they just being overly cautious since we’re in uncharted waters?
ISIS recruiting manuals and videos are also free speech. According to your view YouTube/Microsoft should not remove them.

Beside the fact that GH is a private company that maybe doesn't want to be associated with some stuff.

That is not my view.

I am not talking about what GH is at liberty to do; clearly they can do whatever they want. I’m asking about what they’re legally bound to do as a result of these sanctions. I find the precedent here more fascinating and troublesome (as an open source author myself) than the instance of the code in question.

(comment deleted)
Code is a form of speech. It’s the way the code was used that frightened the authorities. Just the way certain forms of cryptographic code were reframed as a ‘munition’ in the first crypto war.
As we've seen with Alex Jones even free speech is not absolute (for the record I agree with the rulings against Jones). If the code is designed to facilitate illegal activity I can see how that could be shut down by the government.
Alex Jones got sued. It’s very different. The government did not pass a law saying he can’t share conspiracy theories directly or that certain theories are off-limits. He just conducted himself in such a way as to cause enough other problems and thus give people grounds to sue him (and win).
Specifically as I understand it ,he got sued then deliberately didn’t try to fight it, and defaulted.
Code is just documents or written speech, and should be regulated as such. So code vs written documents shouldn't be legally different.

So I guess a good question is: should it be illegal to tell people how to launder money? I would say no because I think laws should regulate behavior not speech.

I think for example that people should be able to make arguments why punching a Nazi should not be illegal, say, and maybe the best way to do it. But punching is clearly illegal, and threatening a Nazi directly should also be illegal.

However with abortion, some states that have made abortion illegal are trying to make it illegal to talk about where to get abortions, or how an abortion is performed. So if that is deemed legal by SCOTUS, then expect all kinds of laws to restrict speech in that manner.

Is speech which is used to commit crime protected in the same way?
Encryption beyond a particular strength has long been an ITAR restricted export.

Now everybody gets to learn that the United States regulatory policy machine will lean very hard on anything that'll threaten it's ability to flex soft power against its opponents.

>What even is GH required to do in response to this sanction, or are they just being overly cautious since we’re in uncharted waters?

Letter of the law is don't do financial transactions with those addresses.

The quiet part is: this technology is now associated with being a channel for money laundering, and will open up any parties hosting or making it available a potential subject of accessory to wire fraud/money laundering charges. As a publically funded company, I assure you, the legal, risk, and compliance departments are now erecting 100 foot poles between the company and this project.

You see, big business and government have a bit of an incestuous relationship. The bigger the market actor, the easier it is for the government to apply sufficient pressure where the easy way out is for said large actor to just "stop associating with that thing".

This is why OFAC is aptly named. You end up on it, and you basically fall out of the economy. The last sound you hear is the subject in question going O, FAC-<signal lost>.

Oh, actually, no, slight exaggeration, the truth is far more chilling.

You see, financial institutions will still process deposits. They just stop allowing withdrawals, turning the business relationship into a one-way trap for funds.

In theory, it may be possible to get off the OFAC list if you end up on it, however, financial institutions are instructed not to inform customers that they are sanctioned if asked. You're only told that a technical error precludes them from completing the transaction. If you mistakenly show up on OFAC, (like by sharing a name with someone who is on it), there are ways to get off of it by providing proof you are not the individual in question. In fact, most times, if you reach out, the service personnel you get are trained to get as much personal info as possible to try to determine whether or not you are actually the individual targeted by OFAC.

Companies will generally dig into it, and resolve it while playing coy. In this case though, it looks like businesses are taking the message to heart and just noping out of supporting it.

> Encryption beyond a particular strength has long been an ITAR restricted export.

I'm not sure what you mean by "restricted," but publishing open source encryption software on the internet only requires that the BIS be notified. No review or approval is required.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

Technically, you're supposed to have to ask, and BIS can say no. That's restricted. There is the possibility of extra friction. I've never administered or experienced the compliance process myself, mind. I just know it's a thing.
Can you link the section where it says you’re supposed to ask? In my experience you don’t get assigned anything, you tell them what you are classified as and of course they can disagree but there’s no “tell me my export classification” part unless you fall under a restriction and can’t claim any exemption. Only then do you submit anything. And from my reading of those hellish documents, encryption software for which the source code is publicly available is exempt.
I linked as source saying that's not the case. Maybe you can provide a source for your claim?
> since source source code is speech, can the government even sanction it?

er...the US government infringes on free speech all the time

And courts often put a stop to it. Regarding source code, federal courts told the government it couldn't restrict the publishing of strong cryptography, which it considered a munition.
> Regarding source code, federal courts told the government it couldn't restrict the publishing of strong cryptography, which it considered a munition.

?

you mean after Phil Zimmerman spent years in court, and then published a physical book of the source code?

and the US government then sucessfully restricted export of actual software with above 56-bit keys for years[1]? to the extent that Debian and OpenBSD did all their opensource crypto work outside the US to avoid trouble?

and they still explicitly ban export to "rogue states" and "terrorist organisations" in 2022[2]?

things have improved since the 90s but it's still not unencumbered by the US government and the changes mostly happened to make US tech companies more competitive, not due to a desire to free anyone's speech.

[1]: https://en.wikipedia.org/wiki/Export_of_cryptography_from_th... [2]: https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

Bernstein vs US ruled that source code is protected speech, and struck down the export prohibition on strong cryptography.

https://en.wikipedia.org/wiki/Bernstein_v._United_States

From your link: "the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required."

There definitely still exist some US restrictions.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

Yes, that's the same link as above. Some restrictions:

> Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license.

However:

> the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required.

So you're free to publish open source cryptographic software on the internet, you just have to let them know you're doing it. Bernstein vs US is the reason for that.

Another interesting note is that encryption software used for the purpose of authentication and credential management is also exempt even if it's not open source. Otherwise most every app on the market would have to go through this process because of login flows.
There is a question unasked in all replies here:

Is GitHub sanctioning just the accounts that they consider to be directly associated with the sanctioned organization, or, are they also sanctioning the upload of that open source code by unassociated third parties?

Are there any other cases where source code has been censored by the government?

Since code is copyrightable, is this a first amendment violation?

Yes, this happened at least once before, when the Spanish government asked GitHub to take down repositories related to applications helping citizens to organize focused protests: https://github.com/github/gov-takedowns/blob/master/Spain/20...

The group that was focused in the take down requests was "Tsunami Democràtic", which you can find some background information about here: https://en.wikipedia.org/wiki/Democratic_Tsunami

Why does that page not contain tornado cash under the government takedowns?
Probably GitHub acted in their own interest here, or Microsoft has received a gag-order not to publish anything.
Yes, the government considered strong cryptography to be a munition and said it was illegal to put the source code of PGP on the internet. Courts ruled against the government in Bernstein vs. United States, saying source code was speech protected by the First Amendment. That's why we can all use strong cryptography today.

https://en.wikipedia.org/wiki/Bernstein_v._United_States

(comment deleted)
Wondering when majority of KYC-enforced exchanges also start banning and seizing assets of all users who ever interacted with tornado cash. Then, if you relay someone Ethereum via tornado cash you can potentially blacklist their public facing wallet without them ever giving consent. Going to be a regulatory nightmare.
They have been doing this for long time.

However Tornado Cash came with a compliance tool that allows you to disclose your transactions to third parties and prove they are clean. Similar with Monero, ZCash.

Such a tool seems like a bad idea for the same reason you aren't allowed to take photos of your ballot paper in an election... If you did, then someone can blackmail you to see said paper.
If that tool doesn't exist, how will you respond when the government tells you to prove the source of funds you got from Tornado Cash?
Same way you do when the government asks you to prove the source of a pile of actual paper cash.

You have an invoice or receipt or bill to show. And the government could go ask the person who wrote said invoice/receipt/bill to confirm its legitimacy.

That's bad. Lock it against changes, maybe. But not take it down.

Now we need to keep local backups of every library we use, just in case.

You already should be vendoring your own libraries for safety and build reliability.
If the code was released in the public domain instead of a under a permissive license, could it still be argued that it is the property of the sanctioned entity?
To my understanding, the only way for a work to be truly public domain is for the copyright to expire. Anything else is just a permissive license.
I believe the copyright holder can willingly relinquish their copyright to a thing by explicitly declaring their thing to be "cc-0 licensed" or "public domain", or other explicit declaration of giving it away entirely and completely "no strings attached" thereby giving the thing freely to "the commons" to be used by anyone as they see fit.
Dedicating work to the public domain is not possible in many jurisdictions, which is the reason for CC-0 and similar licenses. They're "close enough" for practical purposes but they're not the same thing. Even if you use CC-0, you will still have the copyright of the work in such jurisdictions, because it is only an attempt to give up as many rights as possible.
It's frustrating to hear crypto twitter talk about how the contract is neutral and "just tech". It marginalizes the fact that there is active governance of the code and smart contract. People are in control of these things and their objective can be misaligned with society. Nothing guarantees that the tech is neutral.
The Tornado Cash contract is immutable, there is no active governance component for that protocol. It isn't possible to stop it from functioning after deployment, except to stop the chain it is running on.

The governance you are referring to is some auxiliary support stuff, like anonymity mining.

That doesn't seem right. They link this diagram in their docs that show the parts of the contract that can be controlled by governance: https://viewer.diagrams.net/?highlight=0000ff&edit=_blank&la...
I don't know when or where that is from, all I know for certain is that for at least 2 years now, the contracts have been immutable and non-upgradeable, by anybody.

Edit: also idk where you're seeing the governance component in that flow you linked, there doesn't appear to be one...

At this point there is a real risk he will become a target of made-up charges, and that the US gov will attempt to have him extradited and jailed just to send a message.

He is writing fin-tech FOSS, but because that software and the space it targets is not fully under US gov control, his well-being and entire future is now at risk.

This is not the freedom the US keeps talking about. It is tyranny.

what use outside of money laundering did this tool have?
maybe some government could use it for doing secret spy stuff
There are entities other than the government that you might want to hide money from.
In 2022, I'm unaware of an actual situation where a bank account must be shared with anyone else. If someone wants the content of your bank account they need to go through the courts.
I have the worst news for you about blockchains.
For privacy. It's like asking what SSL is good for other than criminal activity.

Vitalik himself used tornado cash for private transactions. Do you think that Vitalik openly launders money?

> Do you think that Vitalik openly launders money?

Who can tell? Isn't that the point of Tornado Cash?

Again, no. It's like asking "Isn't the point of SSL or End2End encryption for chats committing illegal activities?"

Authoritarian governments should really start hanging around on HN, they would love the sentiment here...

You asked a rhetorical question. I gave you a rhetorical answer -- in the form of a question.

The point is that you can't know. That's the purpose of a money laundering operation.

I think maybe a better analogy would have been to use VPN rather than SSL. Because SSL doesn't obscure the source and destination, just the contents of the message.

>The point is that you can't know. That's the purpose of a money laundering operation.

Wrong. You can in fact know, because it has auditing tools which allow one to disclose transactions exactly for AML reasons.

At least put in some research before you engage in a discussion where it becomes apparent that you clearly lack the knowledge to participate in a fruitful discussion. Making factually incorrect statements like yours as if they were facts is misleading a lot of people.

Proclamation of someone's idiocy is the laziest form of argument.

Usually the person making that claim is incapable of making any substantial argument, and that's their crutch at stopping any more criticism of their position.

Pointing out that you are spreading misinformation is "Proclamation of someone's idiocy"? Stop spreading factually incorrect information and people will stop calling you out on it.

>Usually the person making that claim is incapable of making any substantial argument, and that's their crutch at stopping any more criticism of their position.

In this case this is describing you tho, on top of you spreading clear cut misinformation.

Saying I am doesn't make it so. Proof?
what use outside of hiding something illegal does privacy have
Hiding something legal. In a trivial example, you might not want your spouse to know what present you've bought them before unwrapping it.

Or more corporate, you don't want your competitors to know details of your next project.

paying for abortions
There's a simple response for "what use other than breaking the law does this have" - most, if not all, of mankind, leave under tyrannical, unfair, inane laws (from outright dictatorships, to e.g. drug prohibition). A way to ignore such laws can be a good thing.
> A way to ignore such laws can be a good thing.

There are groups who think property rights are inane and tyrannical. One way to ignore those laws is breaking and entering. Is it only a good thing when it conveniently aligns with what you consider inane and tyrannical?

Yep, more or less! If I argue for equality based on some abstract principle and someone else argues women should not be allowed to drive alone because that's against god's will, we have no common basis to argue. So it's "the ones I consider", more or less. Still, we could both agree that e.g. a law prosecuting a private practice of religion is tyrannical and tools to bypass it are good to have.

What is your position? That tools primarily intended to break any law are inherently suspect and it's good to ban them?

> What is your position? That tools primarily intended to break any law are inherently suspect and it's good to ban them?

I think a tool's primary use is important. And that's nuanced, and subjective.

Let's take guns for example. Guns are regulated in most western countries, some more heavily than others. Gun advocates often cite needing them to hunt animals or to defend themselves from predatory animals in rural environments. Sometimes they also cite using them to defend themselves against other humans. Mostly though guns seem to be used for self harm and to shoot others.

In a more tyrannical setting, guns could be used for revolution and to overthrow oppressors. I assume you're OK with things like banning assault rifles for civilian use in your country even though that use case is a possibility elsewhere in the world?

When Tornado Cash's primary uses are speculation, tax evasion, and money laundering in a country like the US -- I don't disagree that it should be banned or heavily regulated even if in some specific setting it could possibly be used for other purposes.

A lot of folks in the west very loudly cite Tornado Cash (and other things in the crypto space) as a means for oppressed peoples to bypass government control. I wonder if they're not similar to the people who want to own an AK-47 because they sometimes like to hunt ducks or want to protect themselves from home invasions.

The primary purpose of an AR-15 in the US, comparing the number of guns in circulation and the number of crimes/suicides/self-defenses, is sitting idly forever in someone's gun safe, or being used on a shooting range. I happen to be on-board with gun possession by law-abiding citizens, with minimal licensing requirements (no more obtrusive than for driving for handguns, or driving a semi for a rifle). However that's not the point.

" I don't disagree that it should be banned or heavily regulated even if in some specific setting it could possibly be used for other purposes." - but wouldn't that apply to everything? It is obvious that a typical govt would try to clamp down on things that are a threat to itself, be it guns on anonymous defi.

The question is (1) how much do you trust the current government / an average government on Earth / support whatever the current laws / average laws are in the first place, (2) how much do you trust the government / laws to not deteriorate in future (e.g. abortion ban with financial punishment for violators, Canadian trucker style, how about that?), (3) is the government less or more likely to deteriorate when checks on it are removed?

Imagine a person who lives in a dictatorship country and used it to send a donation to an opposition journalist. Because otherwise he would go straight to jail. Is it a good use of such a service or bad?

I personally think that's the point of privacy. To protect people from the government. Otherwise it easily becomes a tyranny if they have a full control and visibility over the citizens.

It’s extremely irresponsible to suggest someone use cryptocurrency in such an environment. The public ledger is a godsend for the secret police giving them evidence for retroactive prosecution and good odds de-anonymizing people, receiving funds from a notorious money laundering site could be used to persecute the journalist, statistically nobody has adequate opsec to conceal their use of these applications, and having sent them tokens would obligate them to take on additional risk converting them into something useful.

Cash is much safer because the risk is only at the time of transfer.

Maybe it's irresponsible, but so far is the best working approach.

How you send the cash, btw? By mail? How do you ensure that post office is not going to learn who is the sender of the envelope with cash?

Something with that many serious problems can’t be best even if you have a profit motive to pretend otherwise.

Re: cash - if you think about the problems I listed, you can see how it’s better in each case, all stemming back from not creating a permanent public ledger of potentially risky activities.

The US has financial laws. Enforcing those laws is not tyranny.

The simplest way to understand this is that money from crime is tracked so that investigators can follow it to the bad guys. We have laws that financial providers have to keep records so we can find the bad guys. A tool whose explicit exclusive purpose is to obfuscate bad guys money will not satisfy the legal requirements of operating financial services in the US. No one should be surprised by this.

That is a very exceptionalist view of the US. Imagine if a Chinese national said:

"China has financial laws. Enforcing those laws is not tyranny" to justify an incredible government over-reach into what any one in the world may publish, and how any one in the world may encrypt their digital financial transactions.

>>The simplest way to understand this is that money from crime is tracked so that investigators can follow it to the bad guys.

While there is abundant evidence that these laws impose massive costs on law-abiding citizens and companies, there is little to no evidence that they are effective at reducing crime:

https://www.tandfonline.com/doi/full/10.1080/25741292.2020.1...

They do support the burgeoning regulatory compliance industry though.

I doubt that you'd be allowed to "encrypt your digital financial transactions" in China.
This is irrelevant to the point the parent made.
This person does not live in the US, why should they be subject to US laws?
Because his service facilitates financial crimes in US and interpol is a thing? You can be extradited from any two countries with treaties.

Which seems unlikely in his case as he is based out of Russia.

US can and will restrict his access to US persons/assets (incl. vice versa).

They're doing business in the US. Only their US business is directly affected. Most crypto sites have different operations in the US because different countries have different laws, and you technically have to follow all of them.
A tool that could be used for laundering money was used for laundering money. Developer is shocked that the US Government doesn’t like this
Meanwhile a hammer was used to bash someone's head in.
what use outside of money laundering did this tool have?
Having private transactions using a public blockchain ledger.

It's the same as asking "why do people need E2E encrypted chat," because they want to and there's nothing wrong with them not wanting you to read their chats, that's why.

100% this. I use ETH, USDC, etc to pay friends back for a trip, in much the same way that one would use Venmo or cash. I'd love to be able to do this without showing the recipient ALL of my other crypto transactions, and as such have seriously considered using Tornado Cash in the past (but haven't because of fears of exchanges blacklisting my address).
That is a reason to launder money, it's still money laundering. It's valid to believe that this justifies money laundering and to believe that money laundering should be legal, but it is what it is.
Money laundering is the act of hiding the source of funds from *illegal activity*, all my funds that I want to privately transact with are legitimately earned.
prove it
(comment deleted)
Yes, "prove you're not guilty of a crime", a classic phrase used in free societies.
I know this is a troll, but Tornado Cash literally provides a frontend that lets you prove where funds came from / went to auditors and law enforcement.
> Having private transactions using a public blockchain ledger.

The question was what other use the tool had. "Private transactions" are 100% isomorphic to money laundering, the only difference is the words you use to explain it.

In fact, "private transactions" are, in fact illegal. You're not allowed to do that in the industrialized world. It's true that small-value cash transactions are de facto private, in the sense that the government decides to look the other way and focus its laundering enforcement on larger players.

But no, that ship sailed decades ago. You're not allowed to have private transactions, because if you have them then the criminals will, and we as a society have made a bargain to give them up to reduce crime and corruption.

> Money laundering refers to a financial transaction scheme that aims to conceal the identity, source, and destination of illicitly-obtained money.

https://www.law.cornell.edu/wex/money_laundering

It's not just "private transactions."

And exactly as I said, the words you use to explain it may differ, but the action does not. You can't have "private transactions" in the sense you imagine. They aren't legal. They haven't been legal in the United States for a half century since the Bank Secrecy Act of 1970.
From what I can tell, the BSA does not prohibit a private individual from paying a large sum of cash to another private individual. It simply adds reporting requirements to businesses.

https://en.wikipedia.org/wiki/Bank_Secrecy_Act

If you know a specific provision of any law that does prohibit such transactions, please post a link.

This is so frustrating to argue. I genuinely don't understand how you think circles like this will ever lead back to "huge private transactions are totally valid".

Where exactly do you expect to get that "large sum of cash" except from a bank? (Or conversely, what is the recipient expected to do with it except deposit it?) You're right that the enforcement of the law focuses on the entities (banks and other financial actors) who manage large transactions. If you had an "individual" doing that sort of thing regularly[1], you should absolutely expect to seem them regulated under AML statues.

What you want you can't have. You don't have it now. You won't have it in the crypto future. We've decided to make what you want illegal, and no amount of arguing on HN is going to change that.

[1] Like, for example, an operator of a money laundering tool on the ethereum network.

Ok but you're making unsourced claims again. I'm just asking for a source. You mentioned the BSA before, and when I looked it up it didn't seem to apply.

There are people who occasionally sell expensive things for cash, and people who keep a lot of cash in safes. My claim is that those activities are legal. You have not provided a statute or regulation saying it's illegal.

(There's no way for me to reference a statute for my claim, because we write laws saying what's prohibited, not what's allowed.)

> There are people who occasionally sell expensive things for cash

There are not, not in practice. And to the extent there are they they do so by converting that cash to traceable assets in banks subject to know-your-customer rules who are able to attest to the validity of those transactions. To the extent that you have private entities doing very large, regular cash transactions that are not visible to AML regulators, that practice is not presumptively legal (nor common, except for literal criminals). You know this. I know you know this. Just ask a lawyer if you think you could get away with that. You can't.

Hiding behind a "if this and this and this were true then you could evade AML rules" as a technicality (effectively: that there are edge cases not covered under existing statutes) is not arguing for the legality of the kind of pervasive laundering enabled by a crypto mixer, and you know it.

I never claimed it was legal for "regular" large transactions, which would imply the person is in business. I do claim it's perfectly legal for occasional, large personal transactions. (Of course it's also legal for regular small transactions.)

But I'll quit since it's clear you're not going to reference any sort of law saying this is illegal.

What are you talking about my dude, every transaction you do with cash is inherently "private". Nobody is tracking your identity to that transaction.

This is just a digital form of that.

It seems different from end to end encryption in a key way: we need things like TLS because sending a message unavoidably requires network traffic to traverse networks outside of your control. In contrast, using cryptocurrency is a choice to use a system modeled on the wrong data structure for either privacy or efficiency. Trying to kludge privacy on top of that seems like a very expensive and highly risky alternative to acknowledging that the system is incorrectly architected for the problem.
What use cases does E2E encryption have besides hiding criminal activities from law enforcement? Exactly the same goes here. As long as you're not doing illegal things and file your taxes, everything should be perfectly fine.
It may be interesting source code to read.

Or is that also an illegal/illegitimate use now?

Cash is also could be used for laundering money and actively used for such purposes. Let's add Federal Reserve to SDN list too
Maybe we should heavily regulate cash transactions, limit the sizes of cash deposits, implement strict know-your-customer rules for any entities dealing with cash, and enforce reporting rules for transactions between any accounts involving significant cash-derived balances instead?

That argument doesn't work. In fact yes, the government understands that printed money is untrackable and we have extensive tools to deal with that, up to and including the formal sanction of entities that try to evade these controls.

Haha my goodness. Yes, if you're the state, all that is theoretically true, but the catch is of course the problem of legibility. The state is well aware of that, as you noted, but so many transactions themselves are untrackable, some because of explicit state policies (undocumented immigrants line up to purchase money orders to pay taxes a notable example of a collective and voluntary effort to overcome state obstacles that are put in place, but also the many many unbanked individuals in the country, especially those not on the payroll for various reasons). That argument absolutely works if you simply realize that a) the state is never going to be able to actually capture 100% of cash transactions and b) the state's primary goal is not recordkeeping per se but to collect its perceived share, so the greater punishment it dishes out and the more complex laws get in regards to consumer finance, the more likely that those on the cusp simply opt out of the formal system if they're in a position to do so and disappear from all that heavy enforcement measures, much of which the average consumer do not understand fully anyway.

This viewpoint issue is not limited to financial legibility of course. We do know that the underground economy, because data is only reported by authorities, is inflated or deflated for political purposes, further muddling any potential estimations. Oh, and plenty of what the IRS wish to do is just that - wishful, and only when it's convenient for the other party. You can try to regulate cash transactions domestically in a more heavy handed manner, but you're mostly going to affect those least able to afford it to begin with, and the costs involved may not be worth the effort. Oh, and US currency is commonly used abroad, including in place of native currencies in some countries. When it comes to cash, there are only estimates as to how much the government can reasonably regulate the transacting of, and the government's policies have undermined efforts to do so even when they could. Not everyone is in the cohort that posts on HN.

briefcases are used for money laundering, don't remember the last time the government banned them