June 2020

32 minute read

Hello world! :computer: Welcome to the first issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

moth"moth" by With all due respect, Sam is licensed under CC BY 2.0

Table of Contents

  1. Blockchain Analysis or Financial Surveillance?
  2. Coinsquare Data Breach
  3. Europol Cybercrime Report on Wasabi Wallet
  4. Coinbase Offers Blockchain Surveillance to IRS, DEA
  5. Running RoninDojo
  6. Rebroadcasting and Network Privacy
  7. Human Rights Foundation Launches Dev Fund
  8. WabiSabi and CoinPool
  9. BlockFi Hires New Chief Security Officer
  10. Anti-Money Launderers Indicted For Laundering
  11. Introducing JoininBox
  12. zkChannels for Second-Layer Privacy
  13. Compliance Is Kink: A Chainalysis Guide
  14. When Elliptic Met Curv

June 1st - BLOCKCHAIN ANALYSIS OR FINANCIAL SURVEILLANCE?

Messari’s Mainnet 2020 virtual event hosted a debate between Elliptic co-founder Tom Robinson and Human Rights Foundation (HRF) director Alex Gladstein, titled “Blockchain Analysis or Financial Surveillance?” Robinson argued that blockchain analysis will “prevent Bitcoin from being misused on a large scale” and is “key for the mainstream adoption and support of Bitcoin,” because otherwise regulators would “shut down the pools of liquidity that make it usable.”

They discussed the link between censorship resistance and privacy, and whether companies like Elliptic were performing “analysis” or “surveillance.” Robinson repeatedly attempted to separate the operations of his company from the enforcement decisions by exchanges and governments. But Gladstein countered that their marketing reflected the opposite. “According to you, without you, they can’t do it. They need you to help identify who is CoinJoin-ing.”

Elliptic’s proprietary database delivers auditable proof of identity for millions of addresses in multiple cryptocurrencies including Bitcoin, Ethereum, Bitcoin Cash, Litecoin & others across thousands of real world entities.

Robinson painted a picture where regulators would act more harshly against Bitcoin without blockchain surveillance. “Regulators and banking partners of exchanges are putting huge pressure on those exchanges to delist privacy coins… I think without blockchain analysis, we will also see that with bitcoin itself. Therefore we will just be back to Bitcoin being a niche tool used by a very small number of people.” He added that the “huge pools of liquidity” only exist because “compliance solutions have been found to make regulators comfortable with Bitcoin,” and agreed with moderator Peter McCormack’s suggestion that “financial surveillance comes with the scale of spends” because “the risk also comes with the scale of the spending.” This would seem to clearly conflict with his supposed commitment to “everybody’s right to financial privacy.”

An unspoken point here: reality is the complete opposite. Financial surveillance does not come with the scale of spends. The wealthy have much greater opportunities for achieving financial privacy than those with less. The ultra-wealthy use the state to not only opt-out from the restrictions and consequences of these financial regulations, but wield such onerous legislation as a weapon against smaller competitors who threaten their power. The large-scale criminal enterprise that Robinson claims to be preventing, is in fact the “legitimate” system his tools willingly serve. The reference recorded in Bitcoin’s genesis block is a protest against that reality.

As I explained last year, the difference between blockchain analysis versus surveillance has to do with three factors: intent, consent, and transparency. Both analysis and surveillance involve “the process of inspecting, identifying, clustering, modeling and visually representing data” on the blockchain. A few of these tasks are things that all full nodes do in order to maintain consensus, yet no one would say that nodes are “surveilling” each other by default. Similarly, such processes may be performed as part of operating a blockchain explorer service, or devising tests for academic research that will inform the public about something of note. In contrast, blockchain surveillance conducts analysis with the intent to (help) deanonymize activity for intelligence or law enforcement purposes (with or without warrants), often aided by the aggregation of personally identifiable information (PII) that was not provided knowingly or consensually. This is achieved through the use of proprietary tools and secret partnerships that are deliberately hidden from the public eye, and the results are rarely accessible even to those being targeted.

Towards the end of the debate, Robinson stated, “I absolutely do think there is a moral responsibility on companies like ours to decide who we should and should not be providing these capabilities to. For example, we would never provide them to any kind of authoritarian government.” It is curious that, after trying to separate the ‘capabilities’ of Elliptic from the actions of their government clients, he now acknowledges a moral responsibility for those results. Gladstein asked whether they would take the U.S. government as a client.

“I mean, there’s always gray areas, right? We have to decide on a case-by-case basis.”

June 2nd - COINSQUARE DATA BREACH

VICE Motherboard tech journalist Joseph Cox published an article warning that an unidentified hacker or group intended to use data stolen from Canadian exchange Coinsquare for carrying out SIM swapping attacks on impacted customers. He was able to verify the authenticity of the data – consisting of “5,000 rows” of user names – by “attempting to make accounts on Coinsquare with a random selection of email addresses,” contacting “a number of people listed,” and providing “a limited set of screenshots of the data to Coinsquare.” Coinsquare general counsel Stacey Hoisak claimed that they “became aware of the issue about a year ago,” and it was “the result of employee theft of information contained within a client relationship database used for prospecting.” At this point, the company had not yet disclosed the data breach publicly.

Their first direct public disclosure was not posted until June 5th, on the Bitcoin Canadian subreddit. CEO Cole Diamond claimed that they had “spent the better part of this week preparing and then communicating with all our users, both affected and not affected,” and implemented “precautionary measures” to prevent unauthorized withdrawals. He linked to three different versions of the email that had been sent out to customers, of which 3,653 “did have some form of ‘Personally Identifiable Information’ (PII) leaked,” including names, emails, phone numbers and postal addresses. These emails were written by Hoisak and Chief Privacy & Anti-Money Laundering Officer Charlene Cieslik. Two days later, the report from Diamond was copy-pasted almost word-for-word to their company blog and shared on social media.

In all of their public communications, including the published emails to customers, Coinsquare not only refused to link to the Motherboard article which broke the story, but made no mention of the explicit threat made to SIM swap customers. They emphasized that the intent was to “embarass the company,” and that “there is no risk to your Coinsquare account,” despite the fact that they happened to update and republish a blog post about “How to Increase Your Coinsquare Account Security” only one day after the article was published. The blog post recommends turning on two-factor authentication and using password managers.

:warning: If you know or suspect that you were impacted by this breach, I recommend reading Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “The Dos and Don’ts of Bitcoin Key Management,” and “A Modest Privacy Protection Proposal.”

June 4th - EUROPOL CYBERCRIME REPORT ON WASABI WALLET

CoinDesk journalist Alyssa Hertig shared a report, intended for law enforcement only, from Europol’s European Cybercrime Centre (EC3). Produced in two parts that were internally published within April and May respectively, it explains how Wasabi Wallet works and “the possibilities for law enforcement investigations. Spoiler alert: things are not looking good.”

The report begins by remarking that “in the last period, Europol’s EC3 started to notice an increasing number of investigations involving Wasabi Wallet.” To the question ‘How popular is the service?’ they reply: “Certainly popular enough to spark our interest.” Their blockchain analysis graphics appear to be sourced from Chainalysis software, and at one point they cite Chainalysis as having identified Wasabi addresses.

They make clear that in terms of tracking funds and deanonymizing users of Wasabi, the going has been tough. Under the section ‘Can Wasabi transactions be demixed?’ they write that “realistically speaking, in most cases the answer is negative.” There may only be “a glimpse of hope if the suspect makes a mistake and decides to group the mixed coins together,” an act known as consolidation.

Due to Wasabi’s non-custodial nature, “the AML (anti-money laundering) legislation including Europe’s latest AMLD5 (the 5th Anti-Money Laundering Directive),” which entered into force in July 2018, “does not apply to this service.” The legislation made an effort to include virtual currency-related services as “obliged entities,” but this was mostly limited to custodial wallets and exchanges. They were aware that centralized custodial services did not encompass a significant portion of virtual currency users:

inclusion of providers engaged in exchange services between virtual currencies and fiat currencies and custodian wallet providers will not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment will remain anonymous because users can also transact without such providers. To combat the risks related to the anonymity, national Financial Intelligence Units (FIUs) should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency. In addition, the possibility to allow users to self-declare to designated authorities on a voluntary basis should be further assessed.

In May 2019, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) had come to a similar conclusion, distinguishing “service providers” from “software providers.”

An anonymizing software provider is not a money transmitter. FinCEN regulations exempt from the definition of money transmitter those persons providing “the delivery, communication, or network access services used by a money transmitter to support money transmission services.” This is because suppliers of tools (communications, hardware, or software) that may be utilized in money transmission, like anonymizing software, are engaged in trade and not money transmission.

June 5th - COINBASE OFFERS BLOCKCHAIN SURVEILLANCE TO IRS, DEA

The Block managing editor Michael McSweeney published an article which pointed to documents in two U.S. federal contracting and grant-making databases, System for Award Management (SAM) and GovTribe. They showed that “the U.S. Drug Enforcement Administration (DEA) and the Internal Revenue Service (IRS) intend to buy licenses from Coinbase for an analytics platform called Coinbase Analytics.”

The IRS request comes from the Cyber Crimes Unit (CCU) of their Criminal Investigation (CI) division. On June 19th, it was reported that IRS-CI had previously “paid approximately $20,000 for access to the Venntel platform,” subsidiary of Gravy Analytics, “a major data broker that sells location-tracking information to advertisers and other clients.” IRS-CI claims that they let the subscription “lapse after it failed to locate any targets of interest during the year it paid for the service.” Regardless, Oregon senator Ron Wyden, member of the U.S. House Committee on Oversight and Reform, characterized the action as “an end-run around the Fourth Amendment.”

The DEA application, which has been substantially redacted, claims that Coinbase Analytics will provide “investigators with identity attribution and de-anonymi[ze] virtual currency addresses domestically and internationally,” using “the most conservative heuristics… in commercial blockchain tracing tools. This is critical in avoiding false positive during target identification.” For the IRS, it will provide “analysis and tracking of cryptocurrency flows across multiple blockchains that criminals are currently using.” They also note that Coinbase Analytics was ‘formerly known as’ Neutrino, an Italian blockchain surveillance company acquired by Coinbase in February 2019.

Its two flagships, XFlow nSpect and XFlow nSight, are billed as “comprehensive solution[s] for monitoring[,] analyzing and tracking cryptocurrency flows across multiple blockchains.” nSight was built to help exchanges and financial service companies like Coinbase to stay regulatorily compliant. nSpect, on the other hand, was built for “criminal investigations and intelligence gathering” and is specifically marketed toward law enforcement.

Neutrino was one of many splinter companies that were created or joined by former members of Hacking Team, notorious for selling offensive surveillance technology to clients around the world, no matter their human rights record. However this was not the group’s first foray into bitcoin tracking; when they were hacked themselves in 2015, it was discovered that the Egyptian and Saudi governments had emailed support questions about a ‘Money Module’ in their Remote Control System (RCS) suite. Alberto Ornaghi claimed the tool could do the following:

the information we can get are: addressbook (list of all contacts and local accounts of the target), files (the wallet itself, containing the money and spend it for private keys), transactions (transaction history in/out of the target , useful for making correlations).

Luckily, Hacking Team was recently declared “dead, definitely dead” by CEO David Vincenzetti at the end of May. If Brian Armstrong is to be believed (debatable), Neutrino and Coinbase parted ways in March 2019 after they finally noticed “a gap in our diligence process,” though outrage clearly can’t keep them apart for good. It is not publicly known what the capabilities of Neutrino’s XFlow nSight and nSpect products are, but you could say that this news of a potential partnership between Coinbase and the DEA represents a “full circle.” In the same email about the ‘Money Module’ from 2014, Ornaghi asked:

we can also make a bitcoin transaction to buy drugs and see in the form of correlation to those who got that money (DEA: anyone interested? :P)

On June 17th, the U.S. Department of Justice Office of the Inspector General released a redacted version of the audit they performed on the DEA’s “income-generating, undercover operations,” referred to as ‘Attorney General Exempted Operations’ (AGEO). While concluding that all AGEOs will “require additional oversight,” they note specifically that:

the DEA did not establish strict internal controls, risk mitigation techniques, and appropriate record keeping practices for AGEOs involving virtual currency, which we believe increased the potential for fraud, waste, abuse, and unauthorized investigative activity.

It is nearly five years since one of their own was sentenced on charges of extortion, money laundering, and obstruction of justice, yet the Silk Road scandal did not stimulate change. Despite the DEA seeing “an exponential increase in cases that involve virtual currency,” in the past few years, “we found the DEA devoted only two DEA headquarters employees within OGF [Office of Global Enforcement, Financial Operations] to the DEA’s Virtual Currency Initiative.”

June 7th - RUNNING RONINDOJO

The author of Bitoin Q+A published a blog post about their experience running RoninDojo, an installation assistant and user interface for Samourai’s self-hosted Dojo full node backend which automatically syncs with their privacy-focused mobile wallet. It bundles the Whirlpool command-line interface and Electrum Rust Server (Electrs) as well. Samourai Wallet released the Dojo one year ago as of this month, removing the need to trust Samourai’s servers or logging policies.

One of my favourite parts about RoninDojo is that although the team have done a fantastic job of simplifying the setup process, they haven’t obfuscated everything so far away from the end user that they don’t know whats going on under the hood. Prior Linux experience is not necessary at all to run RoninDojo but for those who want to get under the surface and play around, you absolutely can do and the team are all too happy to help.

June 9th - REBROADCASTING AND NETWORK PRIVACY

Bitcoin & Co. Podcast host Anita Posch interviewed Core contributor Amiti Uttarwar about her work on the peer-to peer layer of the Bitcoin protocol, particularly her latest merged pull request to improve wallet privacy / transaction anonymity. Bitcoin Core version 0.20.0 included PR #17243, which added “PoissonNextSend method that returns mockable time.” This relates to how nodes relay transactions to their peers; Poisson-distributed ‘broadcast events’ replaced the “trickling” method used prior to version 0.13.0. If that is too much developer-speak for you, let Uttarwar explain the broader picture at play (note: edited for readability).

“This is part of a project around improving transaction privacy. Let me explain what I mean when I say ‘transaction privacy.’ The idea is, you want your on-chain transactions to not be linked with your real-life identity. One way someone could make that link is this: if a spy can identify that this IP address, this node, is the first one to announce a transaction, then you can make the jump between the Bitcoin addresses and your IP address as the source. When you broadcast a transaction, you’re announcing it for the first time. All of the nodes that find out about a transaction also broadcast it to their peers. You can add a little bit of logic around timing to make it harder to identify whether you are the origin, or just relaying it from your neighbor, or from your neighbor’s neighbor. Privacy is about not revealing who the origin / source of a transaction is.

One way that this information leaks is through transaction rebroadcasting. I’ve announced my transaction to the network once, but now I’m going to announce it again. The reason you would do this is because your transaction might have been ‘forgotten’ about; it might not have made it out to the network. For whatever reason, it was not mined. So you give everyone a friendly nudge, ‘Here’s this transaction.’ Maybe it got evicted or expired from their mempool. They’d say, ‘Cool, great.’ … Rebroadcasting is important to guarantee that your transaction can get mined.

But the existing way that rebroadcasting has worked is not very good for privacy, because the only node that will rebroadcast it is the originating / source wallet. If there’s a spy that has many connections open and sees that this node has already told them about this transaction, and is now announcing that same transaction, then that spy can know with certainty that that transaction originated from that node. Thus less privacy…

I was able to reduce the frequency of the rebroadcasting. Previously it was once every approximately fifteen minutes and after my PR it’s once every day… I’m still working on a grander project, so that even when we do rebroadcast, we’re not leaking privacy, but this was a big first step in the right direction.”

Uttarwar had previously discussed these efforts in April on episode #154 of Tales from the Crypt with hosts Marty Bent and Matt Odell, and created a comic about mempools as follow-up.

On June 18th, the OKCoin and HDR Global Trading Limited / BitMEX exchanges announced that they would each be giving “a US$75,000 grant, totaling US$150,000 over 12 months,” toward her work on “increasing test coverage for the P2P layer to ensure a robust codebase.” Uttarwar said that the grant “enabled me to continue my mission to make the Bitcoin network more reliable, private and understandable to the benefit of everyone.” You can follow her progress here.

:information_source: Find out about other changes and bug fixes in Bitcoin Core releases here. Check out the Bitcoin Optech Newsletter for weekly summaries of recent technical developments beyond Bitcoin privacy.

June 10th - HUMAN RIGHTS FOUNDATION LAUNCHES DEV FUND

The Human Rights Foundation (HRF) announced their new ‘Bitcoin Development Fund,’ focused on “making the Bitcoin network more private, decentralized, and resilient so that it can better serve as a financial tool for human rights activists, civil society organizations, and journalists around the world.” The first grant, which according to Bitcoin Magazine is “worth close to $50,000,” has been gifted to Bitcoin developer and privacy expert Chris Belcher. HRF sourced this money from a private individual who wished to donate $100,000 to Bitcoin development, no strings attached. HRF also states their intent to continue helping other developers through an ongoing crowdfunding campaign in USD and bitcoin. Bitcoin donations can be made through their BTCPay server integration, designed by @artdesignbySF.

Chief strategy officer Alex Gladstein said:

“Human rights defenders and reporters around the world face increasing financial repression in the form of frozen bank accounts, restrictions on foreign funding, payment surveillance, and general difficulty in earning income or receiving donations… With more support, developers like Chris can make it possible for activists to receive donations and continue their important work under increased pressure.”

Belcher was chosen not only for his previous work on JoinMarket, the comprehensive privacy guide for Bitcoin Wiki, and Electrum Personal Server, but because he recently published a software design spec for CoinSwaps, titled “Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility.” He argues that “CoinSwap is the next step for on-chain bitcoin privacy,” especially when used in combination with two-party ECDSA multisignature addresses or (if adopted) Schnorr signatures with Musig.

He also supports the goal of improving financial tools for activists and journalists doing ‘important work under pressure.’ A week prior, Sci-Hub creator Alexandra Elbakyan had asked about whether “people find it hard to use bitcoins for donating to Sci-Hub.” Elbakyan, recently nominated again for the John Maddox Prize, has been relying on bitcoin donations for years, especially after payment processors such as PayPal began deactivating her accounts in response to complaints from scientific journalis and publishers. A 2018 eLife study, analyzing the impact of Sci-Hub, had calculated that known Sci-Hub “addresses have received 1,232 donations, totaling 94.494” bitcoin. Like others, Belcher suggested that Elbakyan modify her donation page to generate “a brand new bitcoin address to each visitor,” rather than the current static method which enables address re-use. He remarked that “without Sci-hub my work would be much harder to do now that I no longer have access to scientific journals (because I left university).”

This echoes a similar sentiment to what Core developer Greg Maxwell wrote in July 2011, when he himself shared thousands of scientific publications in protest of the criminal charges against Aaron Swartz. (He was also the one to first propose CoinSwaps in October 2013.)

The liberal dissemination of knowledge is essential to scientific inquiry. More than in any other area, the application of restrictive copyright is inappropriate for academic works: there is no sticky question of how to pay authors or reviewers, as the publishers are already not paying them. And unlike ‘mere’ works of entertainment, liberal access to scientific work impacts the well-being of all mankind. Our continued survival may even depend on it.

Belcher and Gladstein talked about this news on the What Bitcoin Did podcast. Awkwardly, the show begins with a sponsorship ad for the lending and wealth management company BlockFi; besides the fact that it’s a KYC’ed platform, you will hear more about them further along.

On June 27th, Square Crypto announced that Belcher would be a recipient of their grants as well.

:triangular_flag_on_post: If you plan on donating to HRF’s developer fund, make sure you are visiting the correct website. A malicious individual has been trying to impersonate the foundation using a similar domain to scam people out of bitcoin.

June 11th - WABISABI AND COINPOOL

Ádám Ficsór, István András Seres, and Yuval Kogman released the draft for a new variable-amount Chaumian CoinJoin protocol dubbed “WabiSabi.” The paper states it will utilize “a keyed-verification anonymous credentials (KVAC) scheme” and “homomorphic value commitments.”

The use of KVACs replaces blind signatures’ standard denominations with homomorphic amount commitments, similar to Confidential Transactions, where the sum of any participant’s outputs does not exceed that of their inputs while hiding the underlying values from the coordinator.

Yuval also published a gist “using a real world analogy intended for readers who are already familiar with the concept of a CoinJoin” to explain WabiSabi. “We’d like to solicit feedback and criticism about our scheme and inputs with regards to its potential applications before proceeding,” he wrote to the Bitcoin-dev mailing list. The next day, ‘ZmnSCPxj’ proposed combining the CoinSwap scheme with WabiSabi clients and servers:

It would be better if the server in the WabiSabi created outputs from independent outputs it owns, acquired from previous clients. Then the outputs would, onchain, be linked to previous clients of the server instead of the current clients. This is precisely the issue that CoinSwap, and the new swap scheme Succinct Atomic Swaps, can be used to solve. By using Batched CoinSwap, makers can act as WabiSabi servers, and batched takers can act as WabiSabi clients.

I participated in a long group discussion with the three authors about how WabiSabi works and Bitcoin privacy in general. About halfway through, I asked how they decided on the name ‘WabiSabi.’ Ádám said they were originally going to call it “Confidential CoinJoin Construction,” then István explained the meaning and significance of the Japanese term wabi-sabi (侘寂).

It is a Japanese worldview about accepting the world, its imperfection, and finding beauty in this imperfection. Yuval was referring to this… We kind of acknowledge the imperfection of Bitcoin privacy, but still we try to improve upon it.

Adam Back originally proposed using homomorphic encryption for transaction privacy in October 2013, and confidential transactions have since been implemented in the Liquid sidechain.

Separately, Antoine Riard and Gleb Naumenko proposed CoinPool, “a low-latency, generic off-chain protocol… based on shared UTXO ownership.” Using “the Script capabilities of today,” Pool_Tx would enable cooperative updates to the pool, while Split_Tx would allow timelocked “unilateral exit from the CoinPool, in case it’s not possible to use a cooperative Pool_Tx path.”

The state of a CoinPool is represented by one on-chain UTXO (a funding multisig of all pool participants) and a set of transactions stored by the participants along with signatures allowing to spend that UTXO. This UTXO is a Taproot output, where the leaves in the Merkle tree represent pool participants.

They argue that, similar to CoinJoins, this would help with obfuscating “payment sender/receiver linkability for an on-chain observer,” though pools will want to employ “extra Sybil-resistance” measures, such as requiring some out-of-band communication to join, or options proposed for existing CoinJoin systems, such as fidelity bonds and proof of discrete log equivalence (PoDLE) commitments. Again, ‘ZmnSCPxj’ suggested combining CoinPool with WabiSabi:

As all participants in the CoinPool are needed in order to ratify each new state anyway, they can simply elect one of their number by drawing lots, to act as server for a particular state update. Then the participants can operate as WabiSabi clients.

:information_source: Check out Bitcoin Optech Newsletter #100 and #102 for summaries on CoinSwap, WabiSabi, CoinPool, and other recent technical developments beyond Bitcoin privacy, written by David Harding, Mike Schmidt, Carl Dong, and others.

June 16th - BLOCKFI HIRES NEW CHIEF SECURITY OFFICER

BlockFi announced that they had hired Adam T. Healy as their new chief security officer (CSO), in an effort toward “strengthening our commitment to security.”

Last month, BlockFi had disclosed to customers that their personal information had been breached, supposedly as the result of a SIM-swap attack on an employee’s phone. The “unauthorized third party” used their credentials “to access a portion of BlockFi’s encrypted back office system.” The personally identifiable information, which “BlockFi typically uses for retail marketing purposes,” included at least names, email addresses, birth dates, postal addresses, and account activity history. They have still not published any notice about this on their website; Healy only mentions it as “the recent SIM swap attack” in a post about his plans for a security program. (I discussed the incident and disclosure in more detail here.)

As Chief Security Officer, Healy will be responsible for leading and strengthening BlockFi’s security-first approach across the organization which includes protecting client data, digital assets, and other proprietary information. His work will span cybersecurity and physical security.

In describing their new hire, BlockFi notes that his prior employers include “the U.S. Intelligence Community,” “Department of Defense,” “Microsoft,” and “Palantir Technologies.” Founded in 2003, building off of PayPal’s fraud detection system, Palantir has been constructing data analytics products and services for corporate surveillance, counter-terrorism, immigration enforcement, predictive policing programs, and thwarting whistleblowing, while sidestepping public information laws in the process. An early investor was the CIA’s In-Q-Tel venture capital fund, the same one which provided “strategic investment” to the precursor of Google Maps and Earth.

When enough jurisdictions join Palantir’s interconnected web of police departments, government agencies, and databases, the resulting data trove resembles a pay-to-access social network—a Facebook of crime that’s both invisible and largely unaccountable to the citizens whose behavior it tracks. (Wired)

In the book The Finish, detailing the killing of Osama bin Laden, author Mark Bowden writes that Palantir’s software “actually deserves the popular designation Killer App.” (Forbes)

According to Healy’s LinkedIn profile, his first foray into the intelligence community appears to be as an analyst for the Virginia-based Science Applications International Corporation (SAIC), a government services contractor, from August 2006 to June 2007. You can get an idea of what they do by reading the résumés of their other employees and contractors. His work for Palantir as a “cyber security strategist” lasted from February 2014 to May 2016 in New York. Between September 2009 and August 2012, his employment with the U.S. government does not specify any agency or department, but his name and email address Adam.Healy@ic.fbi.gov appear in the ICWatch database, indicating that the FBI was probably one of them too.

On the bright side: he knows what it feels like to have your name and email address breached.

Update: You can listen to Healy in his own words on Charlie Shrem’s Untold Stories podcast.

:warning: If you know or suspect that you were impacted by this breach, I recommend reading Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “The Dos and Don’ts of Bitcoin Key Management,” and “A Modest Privacy Protection Proposal.”

June 18th - ANTI-MONEY LAUNDERERS INDICTED FOR LAUNDERING

A U.S. grand jury has indicted Rowland Marcus Andrade for wire fraud, money laundering, and other charges related to his role as CEO of the National AtenCoin Foundation. Since at least July 2017, Andrade had been promoting and operating a scheme known as AML Bitcoin, which he claimed would “comply with anti-money laundering (also referred to as ‘AML’) and know-your-customer (‘KYC’) regulations and laws by using ‘biometric technologies’ among other methods to confirming the identities of participants in transactions.”

In August 2017, Coin Center had commented on rumors of a “bizarre” and “poorly drafted” digital currency bill supposedly being circulated to Congress by the project. The draft advocated for creating separate requirements for merchants that accepted “anonymous” versus so-called “compliant” digitial currencies. They also highlighted that AML Bitcoin “recently teamed up with disgraced former lobbyist Jack Abramoff, who served time in federal prison for fraud, corruption, and conspiracy, to produce a reality TV show about lobbying Congress on digital currency.”

Unsurprisingly, the grand jury has since filed a criminal complaint against Abramoff as Andrade’s co-conspirator, but also for failure to register under the Lobbying Disclosure Act. After being released from prison, Abramoff has spent the last several years marketing himself as a penitent “reformer.” In their statement on the complaint, the U.S. attorney’s office noted that “this is the first ever known prosecution of a lobbyist for a criminal violation of the Lobbying Disclosure Act.”

Abramoff was aware of the obligations to register as a lobbyist in part because Congress amended provisions of the Lobbying Disclosure Act in 2007… as a reaction to Abramoff’s past conduct as a lobbyist.

Additionally, the SEC charged them both with “conducting a fraudulent, unregistered offering.”

June 21st - INTRODUCING JOININBOX

In their ninth episode of Potzblitz!, Fulmo’s weekly breakdown of Lightning Network development featured ‘Openoms,’ who is working on a graphical interface for JoinMarket called “JoininBox,” running on the RaspiBlitz full node.

During the pre-conference hackathons of April to September 2018, the desire to combine CoinJoin with the Lightning Network was a frequent topic of discussion. Builders of full node hardware and software also see the appeal of integrating more features and tools that will make these devices useful beyond just maintaining Lightning channels. ‘dammkewl’ has recently written a guide for installing LND on the Dojo, and connecting to mobile apps like Zap and Zeus.

Openom’s motivation for starting JoininBox is JoinMarket’s reputation as the “longest standing, most flexible, decentralized CoinJoin implementation,” but one which has so far “neglected” the graphical interface, and “integrating a CoinJoin service” on the RaspiBlitz “was a priority for me.” In development since January, he says it is “now ready to be tested more extensively.”

Hopefully this brings us one step closer to a “fungibility toolchest” for both on-chain transactions and off-chain micropayments.

June 22nd - ZKCHANNELS FOR SECOND-LAYER PRIVACY

Venture capital foundation Access Ventures interviewed J. Ayo Akinyele, the CEO of Bolt Labs, which is one of their ‘Blockchain Initiative’ portfolio companies. In April, they had published a proof-of-concept and high-level overview of zkChannels, a second-layer protocol using zero-knowledge proofs and multi-party computation (MPC) for off-chain payments.

Implementation: We have released a proof-of-concept libzkchannels library in Rust that consists of the core functionality for establishing a channel, anonymously updating the off-chain state via secure MPC, and closing the channel. We have integrated this library as an extension of the Lightning Network Daemon (LND) developed by Lightning Labs. Our version is called zkLND. You can take a look at the protocol overview here and test it out by following the tutorial.

In the interview, Akinyele said that his team was taking “a chain-agnostic approach that will bring the benefits of privacy and scalability to blockchains across the ecosystem,” though at this point they are focusing on Bitcoin, Zcash, and Tezos. He notes that their target users are those “accessing services or protected web content,” such as VPN services, cloud computing and storage. He believes that “strong privacy protections are required for cryptocurrencies to be suitable for many use cases.”

On the same day, Elias Rohrer and Florian Tschorsch from the Technical University of Berlin published “Counting Down Thunder: Timing Attacks on Privacy in Payment Channel Networks.” The paper showed that “the privacy guarantees of the Lightning Network may be subverted by an on-path adversary conducting timing attacks on the HTLC state negotiation messages.”

In particular, an on-path adversary may reduce the anonymity set of potential sender and receiver nodes based on the payment amount and the HTLC’s time-lock delta value. Following this initial reduction of privacy, the adversary may apply timing-based estimators to infer the likeliest payment path end-points, potentially deanonymizing the sender and receiver of a payment. This attack is especially fatal, since countermeasures directly conflict with the design goal of secure and rapid payments.

While media coverage has been characterizing zkChannels as an application of “Zcash technology” to Bitcoin, this is not the first use of zero-knowledge proofs for bitcoin transactions. In February 2016, several months before the launch of Zcash, Greg Maxwell made “the first successful Zero-Knowledge Contingent Payment (ZKCP) on the Bitcoin network,” a protocol he had originally proposed in 2011. Furthermore, Zcash proponents have focused on the potential of zkChannels for “cross-chain” transfers that harness their anonymity set as a “valuable public good,” despite Zcash’s anonymity guarantees being themselves quite poor, with only about 5% of the total coin supply in shielded pools.

June 24th - COMPLIANCE IS KINK: A CHAINALYSIS GUIDE

Chainalysis published “The Ultimate Guide to Security and Compliance for Cryptocurrency Businesses,” which is actually an advertorial for their partnership with Fireblocks as part of a new compliance service offering. The first half of the post looks at three categories of compliance that they believe cryptocurrency businesses may need to deal with: Know Your Customer (KYC), transaction monitoring, and responding to risky activity, defined as “activity indicative of money laundering, terrorism financing, or other forms of financial crime.” The second half summarises popular “attack vectors,” or rather the targets of them, based on prior examples of compromises.

We in the industry need to make sure cryptocurrency has consumer protection measures and compliance processes comparable to what users are accustomed to getting when dealing in fiat currencies.

In the section on KYC, they provide a very short list of information items or documents that may be collected. I say “very short” because, when you look at the actual privacy policy of a custodial service, you will get a more realistic picture. People should be aware that any data a service collects about them could be used for KYC. When people say “KYC,” they are usually referring to the provision of government-issued identity documents, but that vastly oversimplifies and obscures how invasive the process can be. Some services will say that certain information, like email addresses, is just for ‘marketing purposes.’ Some will try to defend the automated collection of device and browser fingerprints with some line about how ‘it is necessary for the operation of the Service.’ While that may be somewhat true (ex. to maintain a login session, to offer customer support), they often retain far beyond what is actually necessary. Your privacy and safety are not allowed to come before due-diligence negligence.^

They rarely mention how the data collected as a result of these procedures can itself easily present a consumer protection risk, as we’ve seen in this very newsletter with Coinsquare and BlockFi. They know this fact quite well though, because personal information about employees and executives is also exploited for spear-phishing and impersonation, as ClearSky identified in their threat intelligence report published on the same day.

^ ‘Due diligence negligence’ refers to policies and regulations that are ostensibly created and enforced on the basis of preventing or reducing harm, while in practice increasing potential and actual instances of harm. P.S. I have appropriated this term from a funny award referenced here.

June 25th - WHEN ELLIPTIC MET CURV

Elliptic announced a new partnership with Curv, a New York based company defined by a mission statement resembling buzzword bingo cards. Apparently they think private keys are “the single point of failure” (SPOF) for blockchains, and they have solved this problem using “revolutionary cryptography” in the form of a multi-party computation (MPC) protocol that generates “shares of cryptographic material instead of private keys.” This protocol is simultaneously “cloud-based” and “air-gapped,” where “any organizational machine can be converted into an air-gapped machine” with “limited training.”

For anyone who isn’t aware, MPC secret-sharing schemes have been around for decades. “Cloud-based” and “air-gapped” are on opposite sides of the internet connectivity spectrum. Air-gapping machines is a very involved process that will require expert guidance, especially if you want to do it properly for digital assets worth millions of dollars. But let’s pretend these claims do not show a terrible understanding of blockchains, SPOFs, computers in general, and move on. :grimacing:

This combined service integration, Elliptic’s transaction risk scoring with Curv’s interface and API, is meant for “crypto exchanges, liquidity providers, brokers and banks.” Rather than being calculated according to established compliance laws, transaction risk scores reflect the client’s “risk appetite,” configured according to their whims. The conflation of ‘risky’ and ‘illicit,’ something that even Chainalysis showed a nuanced perspective about in their May webinar, illustrates the subjective and fickle nature of compliance policies that users are somehow expected to follow.

Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’