Topic: Crackdown on mixers and privacy tools is ineffective: it may even help criminals (Read 653 times)

In my opinion this doesn't have to do much with that it's "within Bitcoin world". Generally the world of retail commerce is so big that it would be impossible to control everything to prevent criminals can spend even a single cent. Normally they concentrate on bigger sums (USD 1000 upwards).

If you can spend the money directly on goods and services, there is thus no need to "launder" it. Criminals usually can buy small goods directly with the stolen (or otherwise illicitly funded) money, because retail merchants are no "obliged subjects", they don't have to do AML checks. So if spending money on retail goods was all they wanted to do, there would also be no need to use cryptocurrencies for anything. They only would have to be fast to prevent that banks freeze their money once the investigation is advancing, or retire cash as soon as possible.

The exception are luxury goods and gold and other materials which are used as a store of value, like platinum. But that's the reason why normally the merchants of these products are "obliged subjects" and have to do AML checks. That also applies to those merchants who accept Bitcoin. So staying inside the "Bitcoin world" would also not bring much of an advantage.

I would guess that it is only when the money turns to fiat that it matters. In reality, of course you can spend bitcoin to get something, but the government or the law enforcement will rarely care about it as long as it is within bitcoin world, they will not care about it in the end.

However, the moment you want to turn that into fiat, that is when they will care, because if there is some money that you can't explain in your bank account, they will retrack it and see where that came from, and if it was from a mixer that they can see, then they will consider that as illegal money, could be drug money, could be money laundering, whatever they want to name it. So, if you want to make some fiat, you need to be able to provide proof. Or just keep it at bitcoin, can always do that.

This is a fantastic resource and I may reconsider adding back a list of CoinJoin services on my website.

You can run a Git server on just about any server, but preferably one hosted with a company that doesn't take abuse letters too seriously as they could pull the plug on your account.

100% true. The low-to-mid-level gov't hacks who run these take-downs probably believe they're fighting crime, but what they don't know is they're just doing the bidding of the biggest fish in the criminal pond


Right-on. Some of the entities you list have been caught laundering billions for drug cartels. But since they're "too big to jail", there's nothing to do but allow them to continue business as usual. When relatively small operations like Samurai or Agoradesk become targets, this is not at all about fighting crime, but rather about the biggest crooks in the game taking out their competition.

Most definitely, they will always find a way how to continue what they are doing. Do remember, mixers were not existent when terrorism and other illegal activities started. It is just that in today's situation, they are finding that mixers is also one good route to hide their privacy. And if this one closes, they will surely find another route. It is not the end of the line for those people who want to continue what they are doing.

I think this is the crux of the matter, there will always be a way for the criminals to continue their business. If the authorities could not stop terrorism financing which most of the funds are not passing through cryptocurrency but charity organizations and foundations and other fiat payment systems, as I have read in some articles, then I doubt there is much they can do to stop criminals. I completely agree with you that the more they fight mixers and other privacy infrastructures, the more they help the bad eggs because, from your explanation, they will just be pushing them into the atomic swap that I am grateful for learning more about it tonight.

This seems to be the rule in several jurisdictions, particularly the US, but crypto assets service providers are not regulated this way in all jurisdictions. This depends of the status of cryptocurrencies. If they are classified as "goods", like it occurs in several countries, then exchanges until specific legislation is approved are basically bartering services (at least in the case of crypto-to-crypto).

What I was proposing in the OP was not "seizing" the funds but to "delay" them until there is a decision made if the funds come from a theft/illicit action or not. In the case the funds are finally seized, of course there has to be a court order. But the possible "delay" can be clarified by the mixer in his ToS. There are several crypto services already operating this way, including mixers, although with much less clear rules, thus I can't really mention a service which *today* is already operating as in this proposal.

At least if we take the proposal I made in the OP, then there would not be such a time pressure.
First, there has to be a direct connection with a heist, thus a simple "tainting" because the funds were some months ago used for an illicit purpose would not be enough. That's what I discussed with ranochigo: this would seriously put Bitcoin's fungibility into question, so in the case this is implemented the "loss of fungibility" should only occur for a short time.

The OP proposal instead covers the typical case of somebody who has paid a ransom or got coins stolen from their wallet. This person would be able to immediately communicate this to the mixer through a specified communication channel, proving that the funds come from his wallet (this process could be totally automated, e.g. as a function in wallet software, so there's no technical barrier). It would enable the mixer to delay the funds, even if they pass through 3 intermediate steps like in your example. But the mixer can specify that if e.g. in 24 or 48 hours there is no authority response, the coins will be delivered to the person who requested the mixing. So the victim would have to denounce the stolen coins to the authorities. If this wasn't the case then you could simply pay for any good/service with BTC and then try to recover your funds this way ...

Let's put this through practice and what really happens in the whole process.
Users have coins on address A, which is marked as tainted by the authorities. He sends coins ^{from address A} to the newly created address B, and at that moment unknown where and how it was created. After a 1-hour delay, some other coins were sent to the never-used address C, which the user provided.

So, the question is, If the service is well coded and automated, how the hell can anyone recognize in an hour who generated address B, request the blocking of funds, and at the same time the hosted service respond as soon as possible?

mixers and coinjoins that have a manager/coordinator that processes the funds on behalf of others for a fee will be classed as MSB (money service businesses)

if they do not register and get licenced as a MSB. that can cause trouble for the service manager/coordinator
if they do get licenced they then have to log, monitor, investigate and report on their customers(amongst other requirements)
if a action of the customer or the funds of the customer are suspicious to a point of illicit acts. they have to report it to authorities and its the authorities that would then get a court order to allow the service to withhold releasing funds back to the customer

no regulated service can just seize funds without a court order. most they can do without a court order is switch off the internal service for that customer, ask that customer to withdraw funds and then be banned from returning

unregulated services can seize funds without a court order but they are then liable for theft, however they probably are too hiding behind proxies and stuff to not allow the customer to know who the service is to chase the service for that theft

I understand this point in the world of fiat, because in this case a real risk exists that criminals end up with seemingly "clean" money in the case of "cooperating" banks/fintechs, and I think in this case KYC/AML requirements are mostly reasonable. In a crypto setting (crypto-to-crypto, like mixers and exchanges) the KYC requirement however doesn't help because of the point I'm making in the OP - mixers don't deliver "clean" money, only "crypto-assets of unidentifiable origin", and atomic swaps and CoinJoins can deliver the same thing.

My opinion is a bit different: the more KYC you require, the more identity theft you'll provoke, because you're opening a new attack vector. And there will always be a spectrum of "safer" and "unsafer" services. It's possible that many organizations are handling data security well. But there will be always an arms race between blackhats and these organisations and even those handling it well today may lose tomorrow. Software is never perfect, the problems of bugs and vulnerabilities haven't been "fixed one for all time" even 50 years after personal computers became omnipresent, and cybercrime is at least as successful as it was 10-20 years ago despite of technological progress and increased quality management. I think it's as easy at it sounds: The more organizations are required to store users data, the more hacks there will be, even if the "error rate" was falling due to increased requirements (e.g. due to GDPR-style laws).

That's again why it's important to act against these excesses.

I think the logic expecting an increasing anonymity set/degree for decentralized privacy tools is reasonable if the number of (trustworthy) mixers decreases. Liquidity above all for atomic swaps is still low.

Yep, I didn't interpret that you were actually against privacy

However, the consequence of your argumentation is that you're ok with a "two-tier" crypto ecosystem: a KYC-bound "legal" tier and a "grey" tier composed of "unregulated" mixers and offshore services. The problem is that this "grey" tier is increasingly driven into a darker shade of grey due to increasing legal attacks, and also is getting bigger (see Samourai's Whirlpool, which should normally a perfectly legal "messaging service" as afaik it never signs transactions, but is now under attack), without that helping with the fight against crime, but mainly impacting normal users looking for privacy.

This is why I wrote before that the status quo is unsatisfying. I could have agreed with maintaining the status quo five years ago (before e.g. AMLD6 was a thing) but I think we'll not return to that if a mentality change isn't happening.

(This also answers the problem I have with your last paragraph).

We could imagine a policy of "either KYC or delay and react". Basically similar to the recent regulations of harassment in social media.

Mixers could be required to provide a communication channel for freezing requests. In addition to authorities (=police) in an ongoing investigation, if a Bitcoin/crypto user can demostrate that coins were stolen or taken as a ransom (signing a message with the private key used for the transaction), then a "cooperating" mixer has to retain this information and freeze funds which are directly connected with them. In addition, this class of "minimally cooperating" mixers could be required to delay all funds for an hour (close to the 6 confirmations) before they are transferred to the withdrawal address. We could even think about a protocol which includes a timelock and an IF_ELSE clause in the withdrawal transaction, where the user would only be able to move the funds after several hours, and previously the mixer could transfer it back. Taproot would allow that in a reasonably private way.

Such a policy would lead to time pressure for the criminal. Of course the criminal would then probably try to CoinJoin/atomic swap before, but the mixer's importance in the "laundering" process would then decrease. Most mixers of this class would never be used by criminals or only by the "small fishes", and thus could concentrate on the legal "privacy" market. For someone wanting to increase the privacy of his coins, the "delay" process would not be a problem.

The mixer would be liable only if he fails to demostrate that he did everything to try to freeze these funds: react in time to the "freezing request" and/or not implementing the "delay" protocol.

This is of course only an idea, and the work to convince the authorities that his may be a better approach would probably be very hard, but perhaps it can be done if public pressure (from voters) goes in that direction.

Great points, and I think it serves a question, but probably not the right question. I don't think these crackdowns are to deter criminals. They know who they were pursuing, and they wanted them down, so they clamped down on whomever and whatever they thought were connected.

The bigwigs surely know since Silk Road crypto makes up a tiny fraction of all money laundering. They also surely know by now, after capturing so many mixers, they've not got hordes of criminals, but the one or two they were pursuing. This is probably why they haven't outright cracked down on every mixer, everywhere.

The accompanying ridiculousness of litigation, and perhaps later, blanket bans, etc are simply tying up procedure, not policy. Could be wrong, but that's I think the reality of the situation. It isn't as philosophical or as existential as even I wondered at first.

Good writeup op, but let's be real. Only a small percentage of crypto investors are aware of all this complicated stuff and even they listen to their respective governments when it comes to avoiding banned products like mixers etc.

This forum itself is a great example to justify whatever I stated. World governments are also filled with people who are too dumb to properly understand whatever you stated.

Correct, KYC doesn't stop money laundering or terrorist financing. However, KYC does make it harder by the logic of requiring the users to identify themselves to transmit funds. That by itself provides them with the ability to track and otherwise shutdown many crime syndicates and ensures that those who are regulated are accountable of their operations. If governments cares about your privacy, then the world would be pretty different today; Edward Snowden wouldn't have anything to share, there wouldn't be NSA, significant number of terrorist attacks wouldn't be twarted, etc. It is far easier to just impose a blanket ban than a soft KYC, which doesn't benefit the community either.

Identity theft is a whole other topic; that has to do with the multitude of mismanagement of individual organisations rather than the government. GDPR and other similar laws are enacted precisely to tackle this problem. If done properly, KYC is not an issue with proper data security and governance and this shouldn't be the reason why we shy away from KYC; organizations should do better to protect our personal data. FWIW, I've had the opportunity to see how data governance works in competent organizations and I don't see how identity theft would be a problem for them, as opposed to certain less competent companies.

You can expect proportionality to be thrown out in court for cases involving surveillance or national security, as historically seen by v. NSA for surveillance related lawsuits.

A ban on conventional mixers doesn't result in better opportunities for criminals to launder their funds; atomic swaps or other anonymizing methods were always available to all and it is widely and easily accessible for everyone. Banning these centralized mixers never really increased or otherwise exacerbated the rates of money laundering, decentralized mixers has always been preferred as opposed to centralized mixers. Even for the average Joe, this is the way to go.

For the record, I'm not advocating against privacy. Giving basic rights to the citizens seems to be detrimental in the eyes of the government and if they are able to make money laundering harder, then I don't think they would be reversing their decisions anytime soon.

Lawmakers might not, but they probably wouldn't care. However, inaction is seen as incompetence.

KYC and AML policies has resulted in banks being able to detect and stop these transactions. These are policies proven effective in the real world, and whenever it seems to fail, they punish the banks and smack them with a lawsuit. I bet this would happen if you were to legalize mixers. My question is: How do you answer the points about how criminal proceeds has been funnelled over through mixers, and the steps taken towards stemming them. Given that these aren't detectable, save for the large ones, how should we ensure that the principles of Bitcoin is upheld (no censorship, fungibility, etc).

If we were to continue with mixers and lawmakers discovers that criminal proceeds were to be funnelled through the mixer, then would the mixer be liable (and thereby should the owners be shouldering responsibilities) or should we just blame it on the privacy restrictions that affects how a mixer can conduct due diligence? If not, then why should banks be treated any differently than them?

I think that this topic has brought up numerous points about how privacy is important, and how we should balance the importance of privacy and stemming the funds from dubious origins. However, I personally don't think regulating mixers would be the way to go. It would be difficult to try to convince them otherwise, and a waste of effort because it would inevitably result in draconian restrictions and regulations if it happens. Keeping it decentralized and difficult to shutdown makes the most sense.

That's a challenge I think the Bitcoin community should never give up. Bitcoin was not created to be only useful for a small cult of darkweb enthusiasts. Potentially, it was created as "the currency of the Internet".

My hope is essentially what I recently also wrote in a Monero thread: that a growing number from the already hundreds of millions of Bitcoin users could slowly trickle into the "world of decentralization and privacy". On a first glance, the current situation doesn't look like that: essentially, Bitcoin is about to conquer exactly the opposite group, traditional financial investors who "expose" themselves to the BTC price with ETFs, futures, options and other financial products. This demographic group will be difficult to convince. But the ETF news are also draining new "retail investors" into Bitcoin. Google Trends for example showed quite sizeable interest spikes in March and April particularly. And these users are the ones which can slowly educate themselves, adopt the "not your keys not your coins" model, and eventually be convinced that censorship resistance is an important ideal to fight for.

And once they get more and more, they can become a sizeable political force. In Argentina, it is possible that Bitcoiners helped to decide the 2023 election in favour of a liberal/libertarian candidate.

I have already written that pro-privacy organizations like the EFF are important to continue the fight. One particular thing which worries me is that not all organizations of this group think positively about Bitcoin. I can only speculate about the reasons but the stereotype of the "get rich fast" Bitcoin cult member is quite common in some of them. I think there needs to be more work done to convince these folks that while this stereotype exists, it is much less dominant among Bitcoin users than they think. And that there are good reasons to support a censorship resistant digital money.

---

@ranochigo: I think there is a general point I simply disagree with you. If I understand you well, you think from a state/government's perspective it will never make sense to allow non-KYC mixers, because a hard KYC requisite is the only way to be able to stop cybercrime. I believe that this is not true. First I would like to refer again to 1miau's text about the dangers of KYC. If the State really wants to protect us from crime, why does he provide a gift to criminals -- lots of personal data stored on thousands of servers -- and a big risk for most people because identity theft is a growing problem, unlike most other types of crime which are declining?

There is an important principle in law which is the principle of Proportionality. If a basic human right of a citizen is limited by a law, the limitation has to be justified. Privacy, which includes that nobody, not even the State, should see what I'm buying with my cryptocurrencies, can be seen as such a basic human right. If a mixer ban is ineffective because it could even result in better possibilities for criminals to launder their funds, then how can such a ban be justified?

The problem in my opinion is often that law enforcement authorities still don't understand the whole possibilities of crypto. I doubt lots of them have heard about atomic swaps, perhaps some more about CoinJoins, but too few. If they don't know that their measures are ineffective they will try to continue the traditional way - more restrictions, more KYC obligations. So it's necessary for crypto advocates to educate them that this is ineffective and they should concentrate on other methods. Like they do when investigating money laundering with cash. And of course my "minimal cooperation" proposal for mixers comes into play here. But this cooperation probably has to include the freezing of funds.

Everyone you say, it is only the government that is attacking mixers and any other privacy solution.
Your only line of defense is to protect your coins, store it in cold storage and add extra layers of security. I don't fully grab what your point is from your post, but if your funds gets stolen, do not expect to get it back.
Take note that privacy is not for criminals or people involved in illicit activities, anyone who wants privacy deserves it, even if they have stolen nothing from anyone and have nothing to hide. What's your worry here? Protect your funds yourself and don't store it in centralized exchanges that can be hacked, why do you want a crackdown on privacy solutions?

^--- did you have to quote the entire OP? It is very long and makes reading obnoxious.

I'm sure people would just find a way to classify atomic swaps as anonymity-enhancing tools and outlaw them though. That's not to difficult to see.

I always said this.  Cracking down on Mixers and Privacy solutions is in the advantage of CRIMINALS and the disadvantage of innocent people.

A criminal will NOT care if a Mixer is banned or not.  There will always be at least one such solution available over Tor.  You can find all sorts of weird stuff over there.  Does any body really think a crack down would stop them from creating a simple Mixing Service?

The real toll is taken by us who simply want Privacy and are innocent.  Every single time our Privacy is restricted, it is the only real thing happening.  Our Privacy is increasingly being limited, the leash is shorter every time and criminals only continue to do their thing.  But besides us Bitcoin Talk users, who will even listen?  Governments know this very well.  They know that criminals will not suffer from this.  They know it only affects our Privacy.  They just do not care because I am very confident this is precisely the reason they are cracking down over Mixers.

They tried so many things before.  Cracking down on Mining and trying to convince every body that Bitcoin is more environmentally friendly if it moved to Proof of Stake.  Cracking down on Miners for supposedly disturbing the energy distribution.  Introducing so many difficult regulations to induce fear of mistakenly reporting the wrong thing, not having enough evidence to fill a report or to make us give up using Cryptocurrency at all due to the burden it is to file your Taxes.  Know Your Customer every where so you feel supervised and controlled at all times.  They are doing this knowingly and willingly to us.

I really do believe there will be a time when we will have to move to a more Private place to discuss.  I believe there will be a time when 'The Deep Web' will become a much more comfortable place for us Privacy advocates to hang around than the Clear net.  And like I said before.  This crack down will do nothing to me if I am using Monero in conjunction with Bitcoin.  It will do nothing if Atomic Swaps exist.  By the time they will come after me for Mixing or Atomic Swapping Bitcoin that came from legitimate sources, I just know this world will be so fucked that jail will probably provide more Freedom than the outside world would anyway.

They are tightening the leash onto us and I used to be afraid of the future, but now I have to accept it.  Either we obey or we will have to find alternatives to escape their control.

I will forever be among those who find alternatives to escape.

When the government can't find the root of the problem, they do things like crackdowns where I think they're just trying to control users. As we recognize the case with the crypto market. When the market starts to be bullish, there are preparations to file various cases against organizations like the SEC and thus they control the market. As the number of users of Mixer increased, the authorities noticed that closing Mixer would end activities like money laundering, which is completely wrong. Those involved in money laundering will certainly want to recover their money in fiat if the authorities are able to do that properly, the volume of money laundering can be greatly reduced.