Topic: Crackdown on mixers and privacy tools is ineffective: it may even help criminals - page 2. (Read 653 times)

KYC policy exists for a good reason; to reduce the likelihood of money laundering going undetected and for them to stem it right when the transfer is taking place. It is absolutely necessary, because there is no way platforms would take the initiative to stop these transfers or perform their due diligence to prevent the transfers from taking place on the platform.

Generally, you need to have the data (ie. their real identity) to be able to link and investigate possible money laundering. There is no way around this in the area.
Swiss KYC is quite active, and even if there is no KYC for most services, anything that involves money transfers be it deposits or withdrawal will reveal some information about the customer. If you're talking about normal crypto, for eg. POS payments, services payments, then KYC is of course not necessary. It is prevalent where there is a chance for money laundering to take place.

Thanks. Money transmitter is not illegal, but being an unlicensed money transmitter would be. They lack the capabilities to conduct the appropriate due diligence, evidently and they can potentially aid money launderers in achieving what they want. In the eyes of the government, having the threat of doing so is a good enough reason to charge them with it.

Banks, and all of the financial institutions are also compliant to all of the laws and regulations as stated.

Now, just to further our discussion a little:
I'd like to pose this question as well. Let's say the community wants to see a legalized mixer, but the key benefits of a mixer is maintained (No KYC, no logs, no freezing of coins, and let's say minimal cooperation with the authorities (see protonmail). How would they operate considering all of the AML/KYC laws? I don't think a pushback from these measures are possible unless met with an alternative that is equally effective at stopping money laundering and terrorist financing.

Ransomware is actually a quite good argument in favour of my proposal of an "agreement" between mixers and law enforcement. If you are threatened to pay for ransomware, you can tell the authorities the transaction you made. Perhaps you can even tell a whitehat hacker group and these will contact mixers for you if the ransom attack involves a kind of extorsion you don't want law enforcement to know about.

If the criminal is trying to mix the ransom coins through a mixer which participates on this agreement, then these funds could be very easily frozen. If instead he does an atomic swap or CoinJoins the probability is high he can hide. The easier these tools become to use and the higher the anonymity degree is, the more criminals will choose these options instead of mixers.

Most bigger fishes will of course know about the mixers participating on such an agreement. But criminals are not perfect, they often are not overly competent, above all if they're script kiddies, so there are chances for some to be caught.

Fiat is used more often because fiat is used for everything thousands of times more often than Bitcoin. And Bitcoin is not attractive for laundering because it's hard to establish a convincing story of how you got supposedly clean coins.

But you know what Bitcoin is good for? Paying ransoms. A very considerable share of ransomware payments is done in Bitcoin, because it solves the problem of fiat payments - they can't get frozen and have no KYC, so it's a very safe and convenient method for criminals.

I'm aware that the type of "regulation" or "agreement" between mixers and authorities I proposed in the OP would mean a backward move in some jurisdictions like EU and US from requiring KYC from such services.

You could argue of course that the tendency always will go against privacy. But that's why I actually included the last part of my OP which talks about educating people and politicians and supporting organizations like EFF. I believe that even in the jurisdiction where already a hard KYC policy exists, a move back is possible if there are political changes. This will take some time, but perhaps at least we can stop them at the status quo. I've written elsewhere that there were actually successful fights of pro-privacy groups in several countries, including for example Germany where a project to store all phone connection data was stopped some years ago (this is for me an example of a "neutral" government). Perhaps in the EU there is still a way to stop AMLD6, even if the likelihood is quite low.

There are however other jurisdictions where some KYC-free crypto services are still possible (Switzerland, for example, or Argentina if the service's revenue is lower than a certain threshold). People should be encouraged to defend the status quo in these countries, or even roll back some recent laws (in Argentina's case, the KYC requirement for bigger services was introduced very recently to comply with the FATF travel rule).

Until this change reaches the point where FATF itself (and thus the majority of major countries) could be influenced to change their policies it will take some time, of course. Some will say it's impossible. However FATF is not a lawmaking body. The groundwork in every country to limit anti-privacy excesses is much more important.

Of course my "proposal" in the OP is immature. This is a forum post, not a scientific paper But perhaps some discussions in this forum can actually reach people active in pro-privacy/civic right organizations and even political parties, for example in the liberal/libertarian spectrum. Perhaps wishful thinking (above all in this subforum ...)

Just for completeness, not to disregard any of your points:
They actually were charged with three things: money laundering, sanctions evasion and money transmitter. Having read some material about both the Samourai and the Tornado Cash cases, I believe the both first accusations cannot be justified without the "money transmitter" accusation or, alternatively, evidence that they have cooperated with criminal groups. If what they said publicly is all they have, however, evidence is very thin.

There are several more linked in Coinjoins.org, for example joinstr.xyz (which is in beta however). (By the way, Github [Microsoft] is not necessary for software development, even if it's an extremely popular service. Git can even work in a P2P fashion).

If restricting their citizens privacy is evil, then i think i can argue that most, if not every government is evil. However, i respect your opinion in trying to come up with something that can work, and a situation were mixers and the government will partly cooperate and they would not have to be shut down, but i am certain that cooperation clearly defeats the purpose of using a mixer and many bitcoiners would not want to use such a service.

Aaand from reading this it doesn't even sound like they used mixers. They just deposited and withdrew the stolen money into/from various sites, and converted it into altcoins, and so forth.



It is only one solution now and so it can easily be banned or sanctioned, or de-platformed by Github.

More anonymity services are required, but they must be made by

1) non-US persons
2) people who use pseudonyms online and
3) don't already have mini-fame tied to them elsewhere.

Isn't Joinmarket.net one of the possible solutions?


They already pay a 5% fee to mixers for the service, I don't see what will stop them from directly selling Bitcoin minus such a percentage. They will surely have interested buyers.
I think it is a matter of time before some kind of offshore zone appears for this kind of services.

These organizations have the ability to mix money and hide its source, even without using mixers, but hiding the source of millions of dollars is not an easy matter, and I do not think they will trust a single mixer that may sell them data.
Criminals always leave their traces, and after more than 5 years, using chain hopping to move between several blockchains, and using fake identities to create online accounts, the authorities were able to arrest them.


Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency

The only harmed by the closing of the mixers are those who want to enjoy privacy, as their alternatives will be limited and more complicated than using the mixers.

I (as a guest) took a peek using Tor Browser at the more incompetent criminals on the public darknet boards - most of them don't even have a clue about bitcoin mixers. I doubt they could tell the difference between a legit mixer and a fake.

They are at least well-informed enough to use Monero though.


This is the more likely thing they would do. Put it on the clearnet so that everyone can access it, without giving away any information about who is running it.

It falls down to the fact that better criminals will still find a way. The ones that just dumped stolen / illegally obtained coins into a mixer to 'clean' them will have to either get another way or just hope for the best.

Well funded criminal organizations will probably just set up some sort of phony anonymous exchange that they run. Get other peoples coins and send out theirs.

-Dave

Totally agree with this, it's weird that authorities have been doing all of this thing ever since and a lot of studies have already proven that prevention of something is much better than outright intervention and prohibition. This is the same thing that's happening during the prohibition era in USA, they banned alcohol and then the people got craftier with how they will smuggle or make alcohol, same with drug smuggling, the more money that's involve, rest assured that people will innovate in terms of getting the most out of whatever that thing they're using/selling/buying to make money.

The same principle with prison, weapons are crafted based on what's available to them and you would be surprised to see what the inmates make but I digress, when the authorities completes the crackdown on this mixers and privacy tools, there's going to be that one developer that will create an innovation and revolutionize privacy tools in crypto space, once that happens, it will cascade into more and more people learning about that new tool and that new tool is going to be replicated, improved, and upgraded then it's another race with the authorities again, it's a never ending cycle of prohibition and innovation to avoid prohibition.

Lol the banning of things/services by the government does not stop whatever it is they are trying to ban, they are just “illegalizing” it. Yes, they can not stop it but they hope that those who continue to do so will be punished and by that people will be discouraged to follow on their footsteps.

People are creative and I am sure they will find other methods to do this.

Unfortunately, coming under regulations means KYC is necessary, for the current regulations. This is to ensure absolutely 0 illicit transactions are going through. There is no way whatsoever that any country will come up with a middle-ground because there would still be illicit transactions going through, and that is unacceptable for any authorities. Samourai was actually charged with money laundering, instead of being an unregistered money transmitter. As mentioned, the authorities would set a bar so high, that it would appear that they are valuing your privacy but is in effect having full knowledge and control of your privacy. None of us should trust them with their words, we should've learned the lesson by now.

I disagree with the point about the status quo. Having privacy means that you should be able to use basic tools to protect your own, you should be able to use Tor and ensure that there is no privacy leakage during the mixing process. What I imagine legal mixers to be like would be having your coins mixed, but the tracing of the transactions to be readily available to the authorities and their ability to halt and identify any users at will.

If there is ever a regulated mixer, I doubt the community would use it. The community is fine without having a government honeypot mixer.

---

To further expand on this point:
- From the government perspective, their argument for shutting down mixers are always because of money laundering or the evidence of money laundering. It is unlike exchanges where they are required to have a license to operate. In a similar vein, exchanges are granted the license because they can prove that their platform has the ability to track, freeze and report suspicious transactions because of the stringent KYC/AML policies. This is unlike the concept of mixers where users are supposed to be anonymous, and privacy should be guaranteed. Any subpoenas will take too long to serve and that logically mixers would find that most of them should be challenged before freezing coins, or handing over information -> See Protonmail for example. Hence, this would probably never happen and doesn't fit what the community would want to see in a mixer.

- An ideal solution that I can see for a mixer to exist and legalized is that the mixer should be able to conduct KYC/AML on their users, flag suspicious transactions to the authorities, and be ordered to turn over data at will. This essentially functions like a bank, but that is the final "goal" of the government to defeat and make money laundering harder. The argument within the thread mostly points to the ideal solution being that privacy conscious users should be knowledgeable enough to use decentralized mixers, which are sufficient to break the link and that centralized mixers being both legalized and trustable to be a far fetched dream.
Has it ever been established that ChipMixer stored logs? I don't recall them doing so, other than the fact that they retained the keys, which doesn't lead to the loss of privacy since it's quite obvious on-chain just that the connection is difficult to establish. All the more reason why I don't trust centralized mixers.
I don't think both should be acceptable, or we are setting the bar too low and giving up too much of our rights. Delaying or freezing the funds would be unfair for the users, Bitcoin is fungible and for the mixer to be the judge of whether your funds are clean or not is not acceptable at all. This would be akin to exchange arbitrarily freezing funds of their users. This is not something that I can get behind.

If mixers were to freeze or delay funds, then they would probably collect whatever data you have to prove either your innocence or if you're guilty. Either doesn't bode well for Bitcoin.
For the sake of discussion, I'm interested in knowing the neutral governments that supports their citizens to retain their own privacy. Generally, national security laws covers that part and doesn't need justification to obtain user data as long as it poses an inherent threat to the government.

Well, running a commercial mixer for example in Europe under MiCa would be a CASP service ("crypto-asset service provider"). And if Samourai was accused to be a "money transmitter" (not that I agree with this at all! But the accusation says so ...), then a centralized mixer would fall under this definition in the US too. And these services are regulated.

So the "status quo" (at least if we look at "legal" options for providers of mixing services, not necessarily for users) is not very satisfying. The problem is that if the trend doesn't change then it will be increasingly difficult to offer mixers legally in most countries.

This argument is a bit weird in my opinion. We have had several examples of mixers that seemed to run completely fine and seemed to protect their users' privacy (ChipMixer for example) but in the end, when they were shut down, it was revealed that their privacy policy was much less satisfying as advertised and that they stored a lot of users' data actually. And they were not exactly known to cooperate with authorities. So I think you can't deduce that a "minimally-cooperating" mixer like I described would also compromise the users' privacy. I personally would even trust a mixer more with clear rules (in the style I wrote) than one that promises that everything will be fine but could be a honeypot, selling data to chain analysis companies or hackers, or even be incompetently run (like probably in the Chipmixer case).

I think there is a big difference between the delaying or "freezing" of funds coming directly from a heist on one hand, which I would accept (as written in the last post), and privacy violations on the other hand, e.g. if the mixer records IP addresses and connections between the mixed funds. The latter is something I would not accept when using a mixer.

Of course if you distrust any state authority no matter what then "no cooperation" is the only thing you can accept, I totally agree with that. But for me there are neutral governments and evil governments.

Any mixer that complies with law enforcement defeats the purpose as to why people use mixers. As long as a mixer cooperates with law enforcement, there is no way you can be certain that users' privacy isn't going to be compromised, and surely it going to grow from a small form of cooperation to a total one, so it is a no.
I do not agree, no one would want to deposit coins into a mixer that could treat their bitcoins as non fungible, no matter how clear the rules are and even if the loss of fungibility is only temporary. The bitcoin community have always stood against privacy services that treat BTC as non-fungible, i.e. Wasabi and zkSNACKs, they faced a lot of 'attack' from the BTC community the moment they started offering selective privacy and blacklisting certain utxo's from their CoinJoin.

Any form of cooperation or agreement should be construed as a total agreement. Mixers achieves the exact opposite of what the government wants; total surveillance, zero privacy, etc. It goes far more than just combating money laundering, China didn't want anything to do with Bitcoin because it results in huge capital outflows, etc. Governments always and will always put themselves first before your rights.

IMO, most people who are paranoid about privacy will never accept any mixer that cooperates, or otherwise allows governments to dictate their service. So long as the mixers are within any jurisdiction, US for example; there are covert and overt means for the authorities to get the data that they want. Bottom line is that if there is a mixer that is approved by the government, the large majority would think of it as a honeypot.

In that regard, it is not necessary for us to change the status quo at the moment. Mixers can still be used and most jurisdiction would never outlaw it.
Fungibility should not be compromised, IMO and coins probably wouldn't be moved that quickly regardless. The pre-conditions above makes it such that it is easy to circumvent to introduce plausible deniability no matter what. Mixers would probably be freezing more funds, and perhaps even liberally to toe the line with the law enforcement. Any money laundering that goes through them would be subjected to regulatory actions - Even bankers have to go to jail and banks are fined.

I think this is a legit point of view. However, in my opinion, there is a large area beween total non-cooperation up to total cooperation (e.g. let's think about a "KYC mixer") a mixer can do. And I would be comfortable with a mixer who cooperates in some ways as long as they don't compromise the users' privacy, if this would be a condition for the mixer to become legal in a country.

The fungibility problem is indeed a difficult one. I would accept a very short, temporary loss of fungibility of a certain set of coins if the services have clear rules to retain funds in some situations. I would for example accept the following rule in a mixer's ToS: if someone deposits the coins on the mixer, and there is a direct and clear link to funds which were recently (e.g. in the last 24 hours) stolen, without other funds mixed in, then coins can be retained. But a mixer freezing even coins of hacks commited months ago would not have my approval.

This is true but that is also something a centralized mixer couldn't change. If tainted coins enter a mixer, the mixer's owner will need to sell them to another user which will then end up with the tainted coins. For atomic swaps the problem is immediately visible, but for mixers exactly the same applies. I don't know exactly how mixers operate in such cases, but I guess that they will try to move the coins around for some time using different strategies like CoinJoins until the link to the tainted address becomes very blurred and then only sell the coins again. Users of atomic swaps can try a similar strategy. In general I think CoinJoins are also an important part of the "decentralized privacy" puzzle, atomic swaps alone are probably not enough.

This is true, but on the other hand, atomic swaps break the link between transactions in different blockchains, but onchain bitcoins remain the same. If my Bitcoin address is put on the OFAC list, I can deposit to atomic swaps and exchange Bitcoin for LTC, but someone will receive my Bitcoin and when v CEX, It will be frozen, the other party will need a mixing service at some point so using criminals will using atomic swaps is a strategy to make the mixing more complex and difficult to track.

My view of mixers is that it is a double-edged sword that has no good solution. I agree that banning or cracking down on mixers is a futile endeavour, but it doesn't mean that whatever the government is doing is wrong, nor is it right.

The day that your mixers cooperates with the government is a critical failure of what mixers is trying to do. Your mixers should provide a single function of mixing your coins, and removing the links between the previous coins and the current coins. If they have any say otherwise, lets say they want to freeze your coins because it seems to be from a dubious origin, then it becomes non-fungible and your privacy is impacted. Mixers, nor any party for that matter should never freezing their customer's funds and should only carry out its purpose only. Censorship and funds seizure goes against the ethos of Bitcoin. I personally would not want any mixers who is dealing with my funds to be able to freeze it for no good reason, nor have any form of cooperation with any authorities; it becomes a rabbit hole for, let's say if they cooperate to track down political dissents, sensitive individuals, capital control, etc. Even if the mixers doesn't want to cooperate, there is no choice because they are a registered entity within their jurisdiction.

Government cracks down on mixers because they shoot at anything that is tainted with illicit activities. From a government perspective, it is rightfully so; mixers are always off-shore and out of their jurisdiction. If they have an opportunity to do something, you bet that they will close it down. Having them closed doesn't mean that it is bad, it just exposes the fact that centralized mixers are not infallible and we should be moving off to alternatives which cannot be tracked nor influenced by authorities.

Uniswap has centralized components, including a premined token. This token is probably the reason why the SEC is going after them: the token was sold to investors and also a part is held by the founders, so it is not only an utility/governance token. I have analyzed that case a bit in this thread in the altcoin forum (from the permalinked post on). The problem is that such a token of course is very likely passing the Howey Test.

Really decentralized atomic swaps don't need a centralized provider, not even a "market maker" platform like for example AtomicDEX/Komodo is. It does only need a P2P network of people running a software. Software in many countries is protected as literature or free speech and cannot be banned easily, and this is also why in the Tornado Cash case for example the authorities have clarified that they're not against "development" but against "services". At least, the level of "BigBrotherism" would have to be dramatically upscaled if some democratic country wanted to ban software, or using swaps.

I hope Bitcoiners are already strong enough to pressure politicians that this would never happen, and being 5-10% of the population it is likely that we already aren't ignored (for example, the European Parliament had wanted to pass a CEX ban for Bitcoin due to "ecologic" reasons, but pro-Bitcoin MPs avoided that). That's also why I think it's so important to educate your friends, your neighbors, your social media contacts, and your (at least local-level) politicians.

But if a non-KYC mixer/service ban is ineffective like I wrote, then there is no reason to ban that either, at least it's not really justified. Non-KYC mixers are normally easier to use for normal people, but criminals laundering millions don't need so much assistance as they can pay someone to arrange atomic swaps even if the software is hard to use. So a mixer ban only will target average people looking for privacy, not criminals.