Micro feed

Thoughts tagged "privacy"

Short thoughts, notes, links, and musings by Molly White. RSS

It's interesting to me that the Fifth Circuit only considered "control" at the smart contract level, and does not seem to consider the role of validators in their opinion. A substantial portion of ETH blocks are built with relays that censor transactions with OFAC-sanctioned contracts, and it seems to me there is now an open question as to whether validators that use non-censoring relays could be sanctioned directly.

The software codes here—the twenty Tornado Cash addresses for immutable smart contracts—are tools used in providing a service of pooling and mixing the deposited Ether prior to withdrawal. Indeed, the immutable smart contract provides a “service” only when an individual cryptocurrency owner makes the relevant input and withdrawal from the smart contract; at that point, and only at that point, the immutable smart contract mixes deposits, provides the depositor a withdrawal key, and, when provided with that key, sends the specified amount to the designated withdrawal account. In short, the immutable smart contract begins working only when prompted to do so by a deposit or entry of a key for withdrawal. More importantly, Tornado Cash, as defined by OFAC, does not own the services provided by the immutable smart contracts. A homeowner may own the right to trash-removal services and a client may own the right to legal services performed by a lawyer, but neither the homeowner nor the client owns the person performing the trash-removal services or the lawyer—for good reason. Similarly, Tornado Cash as an “entity” does not own the immutable smart contracts, separate and apart from any rights or benefits of the services performed by the immutable smart contracts.76

(Not saying they should, just remarking on the fact that it seems to have gone completely unaddressed.)

Of course this was a concern already, but what with the Treasury focused on the Tornado Cash contracts, it was less central than I suspect it might be soon. This strategy would be somewhat in keeping with legal theories around other "malicious" code, where it's broadly speaking legal to write a devastating computer virus, but a whole lot less legal to run one.

The Fifth Circuit has just opined that the smart contracts that comprise the Tornado Cash cryptocurrency tumbler are "not property because they are not capable of being owned", and thus cannot be sanctioned by OFAC.

The six plaintiffs-appellants are users of Tornado Cash. They argue that Tornado Cash’s inclusion on the SDN list exceeded OFAC’s statutory authority. The district court disagreed, granting summary judgment to the Department and finding Tornado Cash subject to OFAC’s sanctioning authority. Van Loon and the other plaintiffs appealed, making the same principal argument here—that Tornado Cash’s open-source, self-executing software is not sanctionable under the Act (as opposed to the rogue persons and entities who abuse it). OFAC’s concerns with illicit foreign actors laundering funds are undeniably legitimate. Perhaps Congress will update IEEPA, enacted during the Carter Administration, to target modern technologies like crypto-mixing software. Until then, we hold that Tornado Cash’s immutable smart contracts (the lines of privacy-enabling software code) are not the “property” of a foreign national or entity, meaning (1) they cannot be blocked under IEEPA, and (2) OFAC overstepped its congressionally defined authority.

The immutable smart contracts at issue in this appeal are not property because they are not capable of being owned. More than one thousand volunteers participated in a “trusted setup ceremony” to “irrevocably remov[e] the option for anyone to update, remove, or otherwise control those lines of code.” And as a result, no one can “exclude” anyone from using the Tornado Cash pool smart contracts. In fact, because these immutable smart contracts are unchangeable and unremovable, they remain available for anyone to use and “the targeted North Korean wrongdoers are not actually blocked from retrieving their assets,” even under the sanctions regime. Simply put, regardless of OFAC’s designation of Tornado Cash, the immutable

Full opinion

Please do not record your abortions on the blockchain

I must once again urge you: please do not record your abortions on the blockchain.

There are a lot of very worried people right now, fearful of an impending regime that may well crack down on things like reproductive care, gender-affirming care, or the ability for immigrants to even continue to remain in the US. Some have suggested people get familiar with cryptocurrencies in the event they might have to circumvent an authoritarian state.

I’ve said it before and I’ll say it again: in very bad situations, bad solutions can sometimes still be better than nothing. I make no secret of my views on the cryptocurrency industry, but I am the last to judge a person for using whatever means they have available to them to take care of themselves and others.

But please remember that most popular cryptocurrencies use public ledgers, where every transaction is visible to anyone who cares to look (no warrant required), where true anonymity is extremely challenging, and where tracing technology is getting only more sophisticated. Popular on-ramps like Coinbase and Gemini and other exchanges require customers to provide similar kinds of identification as banks, linking your future transactions to your real-life identity. (And many of these companies have thrown themselves wholeheartedly behind Trump, by the way, despite their “anti-authoritarian” claims).

There are cryptocurrencies that are more anonymous than the bitcoins and ethereums of the world (privacycoins like Monero and Zcash for example), though there are still attempts to trace these types of tokens and you have to be knowledgeable and very cautious about how you use them so as not to inadvertently reveal your identity.

If you’re in a bad situation, do whatever it is you need to do. I’m certainly not going to judge you. But please be very cautious, and be highly skeptical of anyone who presents cryptocurrency as a magic solution to authoritarianism.

Further reading: “Abuse and harassment on the blockchain”, “Anonymous cryptocurrency wallets are not so simple”

PSA: Paying for a subscription on the crypto version of OnlyFans using a public blockchain does not give you "true privacy", regardless of what the models there might say.

The allure of Only1 extended beyond a different option for sharing exclusive, gated content. Jaylene highlighted the platform's unique features compared to traditional platforms like OnlyFans.

"I like the fact that Only1 being on-chain allows the customer to have true privacy," she said. "From a creator's perspective, the biggest issues with traditional platforms such as OnlyFans are issues with payment processing. Only1 solves this issue as the payments go directly to your wallet, providing creators with peace of mind and full control over their earnings."

There’s people who are really angry about a lot of tech stuff who disagree with each other about everything, including whether or not they really even have a problem. But all of their problems start with the fact that there’s a lot of commercial surveillance. So these people might disagree about everything else, but they will agree that their problem could be solved if we could do something about commercial surveillance.

So if you think Mark Zuckerberg made grampy into a QAnon, or if you think Insta made your teenager anorexic, or if you think that TikTok is convincing millennials to quote Osama bin Laden, right? Or if you think that it’s ugly that red state attorneys general are following teenagers into out-of-state abortion clinics, or that Google reverse warrants reveal the identity of everyone in a black lives matter demonstration or for that matter, the January 6th riots, or if you are worried about deep fake porn, or if you’re worried that people of color are having the surveillance data captured about them mobilized to discriminate against them in employment and financial products, right? All of these different things all start with cutting off the supply of surveillance data.

– Cory Doctorow

"it's all stored locally" is not a panacea for these alarming privacy-invading products!

what exactly is stored locally? what data is extracted from that local data and sent to the company's servers? is that local data being backed somewhere?

what additional risks are now being posed to people who share devices, whose devices might be accessed by others or compromised, or who might not realize these tools are running? what is the risk that the company might later change its decision on local storage?

back in my day we called this spyware

New Windows AI feature records everything you’ve done on your PC

Recall uses AI features "to take images of your active screen every few seconds."

"have you ever wanted to install a keylogger to spy on your spouse or kid? well have we got news for you"

hi hello i see it's time for our semi-regular reminder that your browser's incognito mode does not protect you from surveillance!

Page