54 minute read

Welcome to the twenty-first:sparkles: issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

Southern Buff-tip (Phalera bucephaloides)

"Southern Buff-tip (Phalera bucephaloides)" by Bennyboymothman is licensed CC BY 2.0

Table of Contents

  1. Overflow
  2. RaspiBlitz and Jam
  3. FINMA Lowers KYC Threshold, Again
  4. Quantitative Measuring of Fungibility
  5. Client Whom Thou Used to Know
  6. Coinsquare Data Breach, Again
  7. Anti-CBDC Campaigns
  8. Tornado Cash Update
  9. Legends of Lightning Finalist: NoLooking


This section is for stories that would have been included for September and October:


In TMIBP20, I mentioned a new Lightning and Tor onion-based exchange called RoboSats. All you need is a Lightning wallet that is compatible with their escrow process, and you are ready to trade for/to any preferred fiat payment method, from gift cards to bank transfers, and even swaps of on-chain bitcoin. And in TMIBP01, 03, 10, 16, 19, and 20, I have covered grants from the Human Rights Foundation (HRF) toward “making the Bitcoin network more private, decentralized, and resilient.” On September 6th, chief strategy officer Alex Gladstein announced another round of grants, and RoboSatsreceive[d] $25,000 to continue development, offer multilingual support and build out guides for the product.”

The funding will specially help us to migrate to more resilient and censorship resistant infrastructure that was too costly for our small project until now. RoboSats current coordinator is to become redundant across countries.


In March, the Biden administration issued Executive Order (E.O.) 14067, “Ensuring Responsible Development of Digital Assets.” U.S. Secretary of State Antony J. Blinken published a statement that “our embassies and missions around the world are ready to partner with the private sector and international bodies to support the development and use of digital asset technology in ways aligned with U.S. values,” which supposedly includes “protecting against arbitrary or unlawful surveillance; defending privacy and the exercise of human rights; and supporting financial inclusion.” The usual lip service (TMIBP19).

We must support technological advances that promote responsible development and use of digital assets. The technological architecture of different digital assets has substantial implications for privacy, national security, the operational security and resilience of financial systems, climate change, the ability to exercise human rights, and other national goals.

The order required that various secretaries and “heads of other relevant agencies” would “submit to the President a report on the future of money and payment systems” after a certain number of days. To date, the nine reports submitted are:

The Treasury had opened requests for public comment on two topics it was tasked with researching: “potential opportunities and risks presented by developments and adoption of digital assets,” and “the illicit finance and national security risks posed by digital assets.” The comment periods closed on August 8th and November 3rd respectively.

On September 16th, following a background press call, the White House published a “fact sheet” summarising these “frameworks and policy recommendations that advance the six key priorities identified in the EO.” Note: To the staff who wrote this sheet – would it have killed you to actually cite these “nine reports submitted to the President” somewhere? :confounded: I had to go search for them all separately across different agency websites, with the bureaucratese of the original order as my only guide!

Garland’s report was written in collaboration with “the Department of Justice’s National Cryptocurrency Enforcement Team (NCET),” which was formed almost one year ago (TMIBP18). The report also “serves as an update to the Cryptocurrency Enforcement Framework” issued under former Attorney General William “Bill” Barr (TMIBP05).

It proposes actions designed to enhance law enforcement’s ability to gather evidence and prosecute crimes; strengthen certain laws and penalty provisions that play an important role in digital asset prosecutions; support proposed regulations that would enhance customer-identification efforts and other anti-money-laundering requirements under the Bank Secrecy Act; and ensure that law enforcement and regulatory agencies have adequate resources to conduct the technologically sophisticated investigations inherent in the digital assets space.

Under a sub-section on ‘Decentralized Finance (DeFi),’ they note that “enforcing applicable statutory and regulatory obligations can be challenging,” and “several DeFi projects have affirmatively touted the lack of money laundering controls as one of the primary goals of decentralization,” citing ShapeShift (TMIBP08) and Tornado Cash (TMIBP19, TMIBP20) as examples.

After a lengthy third section that exhibits key “U.S. regulatory agencies,” their respective roles, and notable cases, the fourth section lists “several legislative and regulatory actions that, in the Department’s view, would facilitate efforts to investigate, prosecute, and otherwise disrupt digital asssets-related criminal activity.” This includes “extending the statute of limitations for crimes involving digital assets from five years to ten,” and “strengthening of the Sentencing Guidelines applicable to certain BSA violations,” such as “tying the base offense level to the amount of funds involved.” Regarding the Financial Crimes Enforcement Network (FinCEN)’s rulemaking on the collection of personal and financial information of cryptocurrency users (see TMIBP07, TMIBP08, TMIBP09), the Justice Department intends to “support FinCEN in enforcing the rule and encouraging its implementation throughout the digital assets industry.”

Under the final sub-section ‘Proposal to Ensure Adequate Funding of Law Enforcement Operations,’ the report urges that “the President’s budget should seek funding from Congress for additional tools and technical resources specific to digital assets that can support investigations and search-and-seizure operations, including blockchain analytical tools and the technical infrastructure (e.g., server space or cloud access) needed to ingest and maintain potentially voluminous and complex data and to analyze that data.”

Cato Institute Center for Monetary & Financial Alternatives (CMFA) policy analysts Nicholas Anthony and Jack Solowey published their initial review on several aspects of the framework, including insights about underlying interagency conflicts. “When the market is supplying the innovation, the Administration — and Congress — have a responsibility to do no harm.” On September 19th, Anthony began a five-part series breaking down the reports by the Departments of Justice and Commerce, and three from the Treasury.

To monitor risks, the Treasury called for the expansion of Bank Secrecy Act (BSA) in addition to what is already in the third recommendation. Considering that the BSA has been expanded legislatively through several acts over the years and has been expanded practically through inflation since 1972, further expansions are not warranted until the government can prove how effective the BSA has been. And if what evidence that is already available is any indication, the BSA should be limited or repealed, not expanded.

I have previously included the CMFA’s research on financial privacy and surveillance in TMIBP06, TMIBP12, and TMIBP20. On October 18th, vice president Norbert Michel and Jennifer J. Schulp releasedRestoring Financial Privacy,” a dynamic study of the BSA’s history and impact. Backing up Anthony’s claim that it has been “expanded practically,” they again pointed out that if the original $10,000 reporting threshold for financial institutions had been adjusted for inflation, it would be “nearly $75,000 today” (meanwhile, the penalties are adjusted to “maintain their deterrent effect:neutral_face:). On October 27th, Anthony also wrote for the American Institute for Economic Research (AIER) about these reports, and the ineffectiveness of FinCEN:

Despite [FinCEN] Acting Director Das’s claim that the program is effective, it appears to have high costs with little or no benefits. The current regime is estimated to have cost US businesses $26.4 billion in 2019. And while FinCEN has not reported any numbers regarding how many criminals the regime stopped, FinCEN has shared that it received 20 million reports in 2019. Separately, the Bank Policy Institute found in 2018 that law enforcement only followed up with banks on 3.85 percent of suspicious activity reports (SARs) and 0.44 percent of currency transaction reports (CTRs). Moreover, Norbert Michel and David Burton found in 2016 that money-laundering investigations by the FBI had fallen between 2001 and 2011, despite the number of suspicious activity reports rising significantly.

The issue isn’t just one of government waste, though. As the government gathers more data, there continues to be a greater risk that it will use the data. For example, as noted by Lawrence White, “Innocent family businesses have been charged with structuring, and had tens of thousands of dollars seized by the federal government, merely for making repeated deposits or withdrawals below the $10,000 [CTR] threshold.” Moreover, Operation Chokepoint, Canada’s freeze on protestors’ bank accounts, and ICE’s recent collection of money-transfer data all showcase how this data is being used to target citizens.


In TMIBP11, I reported that hardware wallet company Trezor had plans to support CoinJoin and coin control features in their Suite interface. While the CoinJoin part remains in limbo (apparently delayed due to external issues with the implementation of WabiSabi), they finally announced that version 22.9.3 adds manual coin/ transaction output selection.

Coin control is an advanced feature that allows you to specify which UTXOs you want to spend in a transaction. Used properly, it can improve privacy, though we only recommend that you use it once you are familiar with the principles.

… When making a payment, your wallet may need to spend the contents of several UTXOs to make up the total purchase amount. Without Coin control, your wallet automatically chooses which to spend, favoring the cheapest option.

Each of those UTXOs has its own lineage of previous transactions, some of which may offer hints that reveal information about you that you don’t want to share. To protect your privacy, you can enable Coin control and specify which particular UTXOs to use in a transaction.

In November, in collaboration with the peer-to-peer exchange Hodl Hodl, they also introduced the option to buy bitcoin from within the Suite, no KYC verification required. Amidst news of the FTX scandal, Trezor warned:

Leaving bitcoin on an exchange increases their power and influence. In crypto, many of the tokens that end up collapsing are under the sphere of influence of exchanges, tied to risk-hungry investment firms.

The disrepute brought to Bitcoin by association has repeatedly held back progress and threatened the Bitcoin ecosystem. By giving custody of bitcoin to a major exchange, the majority of people who believe they own bitcoin are in fact centralizing power in the hands of a few entities.

The saying “rules, not rulers” is also often applied to Bitcoin. The golden rule is that whoever controls the keys, controls the Bitcoin. The sooner the broader community learns to take control, the sooner Bitcoin will be decoupled from the influence of playboy economics.


In April, Michael Bazzell, author of “Extreme Privacy: What It Takes to Disappear,” “Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information,” and host of the weekly “Privacy, Security and OSINT Show,” had announced the launch of a new independently published magazine focused around the same topics, and inspired by the style of 2600: The Hacker Quarterly. This month, he published the fourth issue of Unredacted, which includes two pieces about Bitcoin privacy: “Bitcoin Privacy Tools & Tactics” and “Tracking Bitcoin: Tools for OSINT” by analyst ‘Ergo’ (see TMIBP03, TMIBP07, and TMIBP15). The first article outlines “basic building blocks to thwarting effective bitcoin tracking,” and the second advertises the features of Samourai Wallet’s OXT blockchain analysis tool (TMIBP18) to “OSINT practitioners” interested in “incorporat[ing] bitcoin tracking and information into their investigations.” You can email submissions to staff@unredactedmagazine.com.


In TMIBP19, I included that the European Council had announced “a mandate to negotiate with the European Parliament on a proposal to update existing rules on information accompanying transfers of funds,” also known as the ‘Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR),’ with the intent to “extend the scope of the rules to certain crypto-assets” in a way that was ‘synchronised’ with the ‘Regulation on Markets in Crypto Assets’ (MiCA). In TMIBP20, I summarised key points of the provisional agreement reached in the trilogue negotiations.

According to a draft obtained by Blockworks editor and journalist David Canellis, the amendments to the FTR/TFR 2015/847 focus on the requirements of crypto-asset service providers (CASPs), which include “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis” (see TMIBP14). They also state that the European Banking Authority (EBA):

shall clarify, in particular, how the risk factors listed in Annex III shall be taken into account by crypto-asset service providers including when performing transactions with persons and entities which are not covered by this Directive. To that end, the EBA shall pay particular attention to products, transactions and technologies that may favor anonymity such as privacy wallets, mixers or tumblers.

Where situations of higher risk are identified, the guidelines shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks, including the adoption of appropriate procedures to detect the origin or destination of crypto-assets.

The guidance published by the Financial Action Task Force (FATF) last year lists “the use of anonymizing techniques for VA funds transfers (e.g., AECs, mixing and tumbling services, the clustering of wallet addresses, privacy wallets)” as an element for virtual asset service providers (VASPs) – a category of ‘obliged entities’ essentially equivalent to CASPs – to consider in their AML/CFT risk assessment (TMIBP17).

Blockchain analytics are also widely used by VASPs and some FIs to monitor their own exposure to risk (e.g., VA transfers that have passed through mixer servicesor come from privacy wallets). It is important to consider any potential implications for privacy and data protection in the use of such tools, if they allow transparency that is not otherwise available (e.g., on public blockchains).

On October 10th, the committees on Economic and Monetary Affairs (ECON) and Civil Liberties, Justice and Home Affairs (LIBE) held a joint vote on “the provisional agreement resulting from interinstitutional negotiations” in the trilogues. Everyone, except MEP Milan Uhrík from Slovakia and MEP Patrick Breyer for Piratenpartei Deutschland (plus three abstentions), voted in favour. On December 1st, the committees plan to hold “a joint public hearing on anti-money laundering,” with a panel that includes “the risks of crypto assets.”

On October 12th, Bitcoin Amsterstam hosted a panel about the FATF with Patrick Hansen, Kevin Murcko, Sjors Provoost, Matt Odell, and Stephan Livera, who had just published an opinion piece that the organisation “is a natural enemy of those who favor financial freedom.” Provoost brought up the AOPP debate (TMIBP18) and noted, “I don’t see pull requests coming in [to Bitcoin Core] saying ‘we’re going to implement a Travel Rule’ or such things. You want to make sure it stays that way.”

On October 21st, the EBAissued a call for expression of interest” in joining a ‘Technical Expert Group’ (TEG) that would “provide expertise on the financial crime risks to which CASPs are exposed and challenges that market participants may face when implementing the revised TFR.” The deadline for submission of responses was November 15th.

On November 15th, CoinDesk regulatory reporter Jack Schickler, who was formerlya speechwriter and policy analyst at the European Commission” and Her Majesty’s Revenue and Customs (HMRC), wrote about “a leaked draft of a money laundering bill.” To be clear, like MiCA, it does not appear that this draft bill would ban the use of privacy coins by private individuals:

“Credit institutions, financial institutions and crypto-asset service providers shall be prohibited from keeping …anonymity-enhancing coins,” said a legislative draft seen by CoinDesk, dated Nov. 9, which has been circulated to the bloc’s other 26 member states for comment.

… The Czech proposal responds to a demand from countries negotiating the text, said the diplomat, who spoke on the condition of anonymity on negotiations taking place behind closed doors.


The Hackers Congress at Paralelní Polis (HCPP) is an annual conference held by the Institute of Cryptoanarchy in Prague (TMIBP05). Founded by members of the Czech art and hacker scenes in 2014, their events cover a wide range of subjects concerning economic, social, and digital freedom. This year, I gave a talk titled “Blockchain Surveillance, Cyber Mercenaries, and Intelligence” (slides) about “the overlap between blockchain analysis companies, private spyware firms, and government intelligence agencies.” :collision:

This presentation will explore the corner of our industry that is occupied by so-called blockchain analysis companies, who (dis)claim many guises: analysts, scientists, artists, crime-fighting detectives, and spies. Where is the line between analysis and surveillance? What is their relationship with existing techniques, infrastructure, and norms shared with private hacking and spyware businesses, as well as nation-state intelligence apparati? And what could we do about it?


People often ask, “How did you become interested in [Bitcoin] privacy?” Well, seven years ago on this day, I attended my first ever Bitcoin meetup at University College London (UCL). I had been conscious of Bitcoin for two years, but in comparison to my work today, I knew nothing and no one. The topic of the meetup was – coincidentally – a paper about coin mixing, “CoinParty: Secure Multi-Party Mixing of Bitcoins” by then communication and distributed systems PhD Jan Henrik Ziegeldorf et al. from Rheinisch-Westfälische Technische Hochschule (RWTH) in Aachen. I understood very little that was said, except this was a proposed method to improve Bitcoin’s privacy. While I already deeply cared about personal privacy, if you had told me this would soon become a central professional focus of mine, I don’t think I would have believed you! Here’s to the next seven years.:blue_heart::closed_lock_with_key:


In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Since June, the Tor network has been under a distributed denial-of-service (DDoS) atack that remains unresolved (TMIBP20).

Until we are able to determine mechanisms for rate limiting this activity, through development, experimentation, and testing, this DoS activity will continue to cause performance and reliability problems on the network. For details, see a recent thread on our tor-relays mailing list.

This month, Riccardo Masutti (TMIBP03, TMIBP05, TMIBP08, TMIBP10, TMIBP12) launched a “Save The Onion Router” (STOR) crowdfunding “campaign to configure and manage new guard/middle relays.” On November 16th, he shared a technical guide for managing multiple relays. According to the site’s counter, over $10,000 has been raised so far, in addition to “a big private donation that will be sent directly to” the Tor Project.

In TMIBP04 and TMIBP06, I highlighted that the Tor Project was considering “a token-based approach” for “prioritiz[ing] good clients over malicious clients when a denial of service attack is happening.” On November 15th, Adam Gibson gave his thoughts on this during his talkIdentity Is The Problem” at the Adopting Bitcoin conference in El Salvador. He then outlined his RIDDLE proposal (TMIBP20):

RIDDLEs let nodes buy Chaumian tokens (CTs) anonymously from peer nodes to allow routing to work. In baseline operation, the cost in CTs per routing attempt is very low. Ordinary user won’t see a cost worth mentioning. Rep[utation] tokens could also be spent as an ’optimistic mode’ thing. If traffic starts to get higher, start to ramp up the CTs per routing attempt cost. For a user who just wants to do one payment, they should still be fine but an attacker sending a stream is going to use up a lot of resources.


Given the large amount of excitement and investment going into rollup technology, and given the alignment of trustless validity rollups with the trustless ethos of bitcoin, one might wonder: are validity rollups a good fit for bitcoin, too? To answer this question, we must first take a step back and answer the more foundational questions: Is it even technically possible to build validity rollups on bitcoin? And if it is technically possible to build validity rollups on bitcoin, what would be the benefits, costs, and risks associated with doing so?51

In TMIBP19 and TMIBP20, I followed John Light’s research fellowship into zero-knowledge (ZK) rollups for Bitcoin. This month, he published his extensive final report, with over 20,000 words and almost two hundred citations:

Regarding terminology: these protocols are often called “zk-rollups.” This can be a misnomer, since not all protocols called “zk-rollups” use “zero knowledge” proofs. But they do all use validity proofs! So for the report I used the more accurate term “validity rollup.”

He first outlines the history of both zero-knowledge proofs and, more recently, blockchain scaling solutions, particularly off-chain transaction execution protocols like payment channels on the Lightning Network. Next, he proceeds to define validity rollups, their variants, how they function in practice, and what has been learned from existing implementations, such as shielded transaction rollups on Ethereum.

In the years since Satoshi Nakamoto first contemplated how zk proofs could be used to improve bitcoin privacy, cryptographers have invented new protocols that greatly improve the quality and usability of private cryptocurrency transactions. Validity rollups make it possible to implement these new privacy protocols on bitcoin while inheriting the full ownership security of BTC owned on L1. This would provide bitcoin users with state-of-the-art privacy without having to give up self-custody of their BTC. Additionally, with a flexible enough proof verification system implemented in the bitcoin consensus rules, bitcoin can be future-proofed so that new advancements in privacy protocols can be adopted without requiring any further consensus-level changes to bitcoin.

… Despite the popularity of using Turing-complete programming languages to build rollup smart contracts, it would be possible to build a validity rollup on bitcoin using bitcoin’s native Turing-incomplete programming language, Script, with relatively small changes (in terms of code footprint) to the opcodes Script supports.

The final sections explore the (mostly technical) costs and risks in terms of bandwidth, data storage, verification, miner extractable value (MEV) and algorithmic incentive manipulation (AIM) attacks, vulnerabilities in the cryptographic proof system that allow for supply inflation, and lastly “the possibility of provoking a crackdown on bitcoin by authoritarian governments who may be opposed to the strong privacy and censorship-resistant applications these protocols enable.”

Discussion about the potential of validity rollups for Bitcoin continued on the developer mailing list with Greg Sanders, Adam Gibson, Trey Del Bonis, Russell O’Connor, and ‘ZmnSCPxj.’

:information_source: Are you a mathematician or cryptographer? (Me neither! :sweat_smile:) There be dragons, but maybe you would like the new Ask Cryptography forum, a place to accumulate research papers, knowledge, and even more questions around cryptography.


In TMIBP19 and TMIBP20, I noted Ruben Somsen’s ‘Silent Payments’ proposal, “a new scheme for private non-interactive address generation without [extra] on-chain overhead.”

Since then, Somsen and others discussed both Silent Payments and ways to improve BIP-47 during the Pizza Day celebrations at Paralelní Polis. The second version of the implementation by ‘w0xlt’ was released in August. With the third version in September, Somsen also wrote about ways “the sender can be sure that the address it receives from the server belongs to the recipient” when a third-party server is involved, whether with BIP-47 PayNyms or Silent Payments. On October 11th, with the fourth version’s release, “Silent Payments now use all inputs to create transactions. Previously, they only used the first input. This change increases privacy and makes Silent Payments compatible with Coinjoin.”

On October 1st, Samourai Wallet reiterated that the Bitcoin Improvement Proposal (BIP) process has become a “sham,” and “should be reserved solely for consensus critical proposals.” Despite still being labeled as “unanimously discourage[d] for implementation,” BIP-47 PayNyms have been adopted by two wallets (TMIBP18), a mining pool operator (TMIBP20), and a non-profit for receiving charitable donations (TMIBP10).

If Silent Payments has legs to stand on, someone will implement it, and it can compete in the market with PayNym and in that scenario, users win.

On October 15th, Somsen delivered a mainstage talk, “Silent Payments and Alternatives,” for the last day of The Atlanta Bitcoin Conference (TABConf). He outlined the various non- or semi-interactive constructs for paying people, and how they compared from a privacy and scaling perspective. Bryan Bishop later published a rough transcript.


The name “Jam” is a backronym, stands for JoinMarket’s Awesome, Man, and shouldn’t be taken too seriously. However, it works on multiple levels (Let’s jam the signal!) and “cooking jam” is also a fun metaphor for mixing something in a tasty way (and putting it in jars).

In TMIBP01, 03, 05, 10, and 20, I’ve followed the building of one “fungibility toolchest” with the integration of JoinMarket into RaspiBlitz, “a do-it-yourself Lightning Node based on LND.” For more than a year now, Gigi, Dennis Reimann, Thebora Kompanioni, and others (building on the prior work of Shobhitaa Barik, Abhishek Anantharam, and Gibson) have had a web interface for JoinMarket in the works, and it was officially announced on October 10th as “Jam.” ‘Openoms’ noted that RaspiBlitz had a pending pull-request with “the latest versions on Jam, JoinMarket and Joininbox with a one-click install,” and encouraged people to run tests. Jam had already been merged into the v1.7.2 release back in February, shortly after Jam’s “first ‘public’ version” release, but was not yet displayed in the main menu. On November 1st, the pull-request was merged toward the upcoming v1.9.0 release.

On November 15th, at the Adopting Bitcoin conference in El Salvador, ‘Openoms’ hosted a workshop with a live demonstration of RoboSats; the next day, he also spoke about various “Lightning Native Privacy Tools.”

You can install Jam on RaspiBlitz, Umbrel, or Citadel by following these instructions.


The Swiss Financial Market Supervisory Authority (FINMA) has confirmed its decision to lower the threshold for KYC-lite or KYC-less purchases of bitcoin and other cryptocurrencies. In January 2021, they had already lowered the daily “client identification threshold values from CHF 5,000 to CHF 1,000.” In March of this year, their Anti-Money Laundering Ordinance was tightened even further, and “now states that the threshold of CHF 1000 applies for linked transactions within thirty days (and not per day).” In May, during the public consultation period, the Swiss-based Pocket app submitted comments that they “consider the proposed change highly discriminatory and disproportionate,” and encouraged other people to send letters.

[DE] Zahlreiche Anhörungsteilnehmende haben.. geltend gemacht, dass mit der Einschränkung des Schwellenwertes auf 30 Tage die Technologieneutralität, die Privatsphäre sowie das Verhältnismässigkeitsprinzip verletzt würden. Ferner existiere für den Geldwechsel mit Fiat Währungen keine solche Einschränkungund das Regulierungsvorhaben beruhe nicht auf genügend recherchierten Fakten.

[EN] Numerous participants in the consultation.. argued that the restriction of the threshold to 30 days would violate technological neutrality, privacy and the principle of proportionality. Furthermore, no such restriction exists for fiat currency exchanges and the proposed regulation is not based on sufficiently researched facts.

On November 2nd, after reviewing comments received up until June 10th, FINMA announced that they remain firm on that decision:

FINMA received numerous responses concerning the specification of the threshold for transactions with virtual currencies. In view of the risks and recent instances of abuse, FINMA stands by the rule that technical measures are needed to prevent the threshold of CHF 1000 from being exceeded for linked transactions within thirty days (and not just per day). However, this duty only applies to exchange transactions of virtual currencies for cash or other anonymous means of payment.

This corresponds with crackdowns on ATMs in other European countries, to align with the FATF’s guidance (TMIBP04, TMIBP19).


Intuitively, by fungibility, we think of measuring the uncertainty any observer of the public ledger has about the origins of coins residing at a specific address. On the other hand, anonymity measures the uncertainty of a possibly more potent adversary about the source of some coins. In particular, when measuring anonymity, we allow the adversary to have external knowledge or additional heuristics about the flow of cryptocurrency. This external knowledge might come from the peer-to-peer (P2P) layer or any source other than the public ledger. Therefore, we treat anonymity as a subjective measure of an adversary’s uncertainty, while fungibility is the measure of the maximum uncertainty given only the public ledger as an information source.

… Privacy and fungibility are closely linked, as reduced fungibility can result in reduced privacy, and conversely, privacy-enhancing technologies tend to improve fungibility as well.

Domokos Miklós Kelen and István András Seres (TMIBP01, 05, 07, 10, 20) have published a new paper, “Towards Measuring The Fungibility and Anonymity of Cryptocurrencies.” On the basis that “there is currently no formal quantitative framework” for money or cryptocurrencies,” they “apply absorbing Markov chains combined with Shannon entropy” to “both the stationary and the temporal transaction graph variants for each network” (mainly Bitcoin, Ethereum, and Zcash), with the goal to “help users select the coin with sufficient fungibility/ anonymity required to perform a privacy-critical transaction.”

Generally, we can observe many different fungibility characteristics in the studied cryptocurrency networks. Some of the results are largely unsurprising, such as the relatively low mean expected number of steps in account-based currencies, as account balances can quickly absorb random walks. Similarly, a significant fungibility variance in Zcash is expected, as different kinds of transactions exhibit different fungibility characteristics.


:musical_note:Somebody That I Used To Know” by Hildegard von Blingin’ inspired this title.

The entire system may be less a tool for crime prevention than a means of bureaucratic ass covering, with a rich dollop of authoritarian surveillance on top.

— “The Perverse Impacts of the Anti-Money-Laundering System” by David Z. Morris

Attorney Nicholas A. Pasalides, representing the blockchain surveillance company Chainalysis, filed a notice to the Delaware court handling the bankruptcy proceedings for FTX Trading Ltd., identifying his client as a creditor to the exchange, and requesting “that all notices to which Chainalysis Inc. is entitled… shall be directed to the undersigned.”

In September 2019, FTX CEO Sam Bankman-Fried had announced that FTX “has partnered with Chainalysis to revamp our AML/KYC system,” and linked to a page in the exchange’s help center about ‘Individual Account KYC.’ It outlines the platform’s supposed “three different tiers of KYC” and states “all deposits and withdrawals are subject to inspection using Chainalysis.” Below illustrations of the user identification and verification processes, they explain:

FTX has recently engaged with Chainalysis to monitor suspicious cryptocurrency transaction alerts in the Chainalysis Know Your Transaction (KYT) product, the real-time anti-money laundering (AML) compliance solution for monitoring cryptocurrency transactions. It is the first compliance alerts solution available across 15 cryptocurrencies. By monitoring our transactions in the Chainalysis KYT, FTX is able to receive real-time alerts to help their business mitigate exposure to regulatory and [reputational] risk. Their system will help our compliance teams focus on the most urgent activity and enforce compliance policies while better allocating resources.

According to Forbes, as of at least August 24th 2022, FTX was still claiming to be doing business with Chainalysis, in addition to other compliance vendors such as “Plaid (Cognito)” (TMIBP02, TMIBP06, TMIBP20) and “Refinitv (World-Check)” (TMIBP05, TMIBP11). Many are wondering, as Chainalysis breathlessly publishes market intelligence reports and speaks of “forensic analysis” on the “unexpected potential collapse of an industry stalwart like FTX,” how they failed to see this coming. According to a report they published in June, Chainalysis clearly indicated that they were monitoring on-chain “flows into and out of CEXs,” including FTX:

By contrast, the top five centralized exchange services – Binance.com, OKX.com, Coinbase.com, Gemini.com, and FTX.com – supported roughly 50% of all on-chain CEX transaction volume during the time period studied. However, it is worth noting again that on-chain CEX volume represents only the flows into and out of CEXs, not the trading volume of their off-chain order books.

On November 22nd, CEO and co-founder Michael Gronager appeared on CNBCTechCheck’ to “discuss FTX exposure, market changes in Bitcoin and expectations for FTX bankruptcy in court.” Co-anchor Deirdre Bosa asked how much they were owed, and Gronager refused to disclose a number because “we don’t share the details of our customer contracts,” but said there were no FTX tokens (FTT) involved. “I can just say that they’re a regular medium to small customer of ours.” Then Bosa asked the right question:

BOSA: Michael, your company provides compliance and investigation software to ‘hundreds of top institutions,’ but the biggest scandal in crypto was right under your nose, with one of your own customers. How do you think about protecting customers or your clients from potential bad actors in the space? How much do you know about your own customers?

GRONAGER: What we know about our customers- Our customers buy our compliance solutions. For example, transaction monitoring. They want to ensure that their customers are not involved in criminal activity in one way or another. That is basically the involvement we have with our customer. We cannot say whether their balance sheet is okay, and we would not do that check. It’s very similar to a company like AWS or any other cloud provider.. they would not go in and check the balance sheet of customers. They simply assume that businesses are liquid, especially when you see them backed by big names and have a lot of interest around them.

Blockchain surveillance companies want to have their cake and eat it too. They will disclaim that they could have had any insight into what their mega-wealthy delinquent clients do with the blockchain-based assets in their custody, and yet, when the regulators come knocking to declare this catastrophe an inevitable symptom of the ‘Wild West’ that is peer-to-peer digital money, they will nonetheless happily indulge in the opportunity to make millions selling tools designed to ‘tame’ the rest of us. Those who actually use the technology as it was designed to be used, who seek financial sovereignty and encourage others to do the same.

Speaking of regulation, where were the regulators in all this? Same place they were during l’affaire Madoff — working on other things! They did less to provide false confidence to consumers in the FTX case than they did in Bernie Madoff’s because Madoff’s went on for years.

… What cryptocurrency requires is a user base of people who practice self-custody of their assets, demand proof of reserves (i.e., direct consumer oversight, which blockchain makes possible), and otherwise protect themselves in financial worlds. In other words, cryptocurrency demands users who are more sophisticated. The social change that aligns with the technology is coming at a glacial pace — a pity further revealed by FTX.

— “Lessons from the Collapse of Crypto Exchange FTX” by Jim Harper

As always, we remain to face the storm, while those who advocate for financial surveillance and control will forever abscond to distant beaches when the ruse of their lobbying is exposed and no longer bears them enough fruit.


… I guess the best we can do is pray to the computing gods that everything works out!

— “Criticizing Computers” by Anna-Sofia Lesiv

In TMIBP01, I covered the much-belated disclosure of a data breach, and ongoing threats to customers, from the Canadian exchange Coinsquare. Not long after – unrelated to the breach – the Ontario Securities Commission (OSC) announced that they had “approved a settlement agreement with Coinsquare Ltd., [CEO] Cole Diamond, Virgile Rostand and Felix Mazer” (who no longer appear on the website) for “market manipulation on the Coinsquare platform, misleading statements to investors and a reprisal against an internal whistleblower.” They were forced to “resign from their positions,” pay large “administrative penalties,” and banned from acting as registrants, directors, or officers for a few years. However, it appears their security and disclosure practices haven’t changed much.

On November 19th, Coinsquare tweeted that they had “detected unusual activity on our platform and out of an abundance of caution, we decided to undergo an unscheduled maintenance period while we address this issue.” They repeatedly insisted that “no client funds have been lost. To be clear, 100% of client funds are safely held in cold storage 1:1 against client liabilities. Client funds are not at risk.” At the time of writing, they have not tweeted anything further about the ‘unusual activity’ and there is still no notice about the incident on their website. A week later, some of their customers began to publish copies of an email that had been sent out by their chief privacy officer:

On November 19th, Coinsquare observed unusual activity in our systems, which led us to suspend the platform temporarily in order to thoroughly investigate. We identified an intrusion and took immediate steps to block access points. We have now safely brought our platform back to full functionality. As a result of this incident, we believe that a customer database with personal information was exposed and may have been accessed by a third part. This personal information is limited to: customer names, email addresses, residential addresses, phone numbers, dates of birth, dvice IDs, public wallet addresses, transaction history, and account balances. No passwords were exposed. We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution we wanted to make you aware.

… We are offering you complimentary access to one (1) year of credit monitoring via Equifax. If you’re interested to learn more about this program, please reach out to support@coinsquare.com by December 15th, 2022.

On Reddit posts, they have been replying with the same additional message:

We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution, we wanted to make our users aware. We notified all clients, but only identified 3 clients [whose] accounts were accessed. No client funds were ever at risk of being stolen. No client funds are held on our platform. They always remain secured in cold storage at our external, licensed custodians.

We are notifying the Office of the Privacy Commissioner of Canada of this incident. We also implemented additional security measures to minimize any future occurrences. If you have any questions relating to this incident, please email us at privacy@coinsquare.com.

Similar to the last incident, their only “precautionary measure” recommendations are to “change your password on your Coinsquare account to a strong, unique password,” and enable two-factor authentication (2FA), which are nice to encourage but provide no protection whatsoever against this type of compromise. On November 28th, CoinDesk reported that they had “suspended activities on its platform after detecting the vulnerability last week, triggering speculation of possible liquidity issues,” and “the exchange is yet to respond” to requests for comment.

:warning: If you are vulnerable to this type of breach, I recommend Kraken’s “Security Advisory: Mobile Phones,” Lopp’s “A Home Defense Primer,” “A Modest Privacy Protection Proposal,” the Electronic Frontier Foundation’s “Doxxing: Tips To Protect Yourself Online & How to Minimize Harm,” and Bazzell’s “Privacy, Security, & OSINT Show.”


The technology for issuing virtual money in a centralized way existed long before the invention of the blockchain.

— “The Case for Central Bank Electronic Money and the Non-case for Central Bank Cryptocurrencies” by Professor Aleksander Berentsen and Fabian Schär, der Universität Basel (2018)

Arguably, the advent of cryptocurrencies has provided much of the impetus behind the possible creation of a U.S. CBDC. Scholars and policymakers alike are intrigued by the potential of the various technologies associated with cryptocurrencies. But this doesn’t mean that an eventual U.S. CBDC would necessarily look anything like a cryptocurrency. Indeed, a U.S. CBDC might employ little or none of those technologies. Instead, it may end up looking a lot like forms of digital money that long preceded the introduction of cryptocurrencies.

— “Fed Eyes Central Bank Digital Currency” by John Mullin, senior economics writer for Federal Reserve Bank of Richmond (2022)

In TMIBP05, 08, 12, 14, 17, 19, and 20, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). This month, Bitcoin activist artist ‘cryptograffitilaunched a ‘NoCBDCcampaign, warning about the risks of CBDCs through custom street signs and stickers. He is renowned for repurposing objects of the fiat money system – from paper bills to credit cards to bank branch pens – to create works that help spread awareness about Bitcoin and what makes it special.

The ‘NoCBDC’ promotional video begins with a question posed to a woman sitting in front of Cupid’s Span in Rincon Park, San Francisco. “What are CBDCs?” She doesn’t know, and neither do the two men he also asks. But these world leaders certainly do: Rishi Sunak, Chancellor of the Exchequer at the U.K. Treasury; Bo Li, deputy managing director at the International Monetary Fund (IMF); Agustín Carstens, general manager at the Bank for International Settlements (BIS); Christine Lagarde, managing director at the IMF; and Klaus Schwab, founder of the World Economic Forum (WEF). Alarm bells go off, and the remainder of the video follows the installation of signs and stickers around the city, to the tune of Rockwell’s “Somebody’s Watching Me” (1984).

On the same day, Gladstein announced the opportunity for an 8-month paid fellowship to create an online interactive resource that “tracks the progress of Central Bank Digital Currencies (CBDCs) in every country in the world and flags their risks for civil liberties, with a focus on authoritarian regimes.” The deadline for applications is January 15th, 2023.


Since September 21st, Fight For The Future (FFTF) and “a dozen civil society organizations including the ACLU” have supported the ‘NoSpyCash’ campaign and petition to “preserve the inclusive, human rights respecting qualities of cash in any efforts to create a digital dollar.”

The campaign comes on the heels of the White House Office of Science and Technology Policy issuing a new report that promotes the idea of a certain sort of digital currency — a CBDC issued by the Central Bank rather than a digital dollar from the US Mint — and one that has government surveillance and control built in.

On November 29th, FFTF and Amnesty hosted their tenth virtual salon “to discuss the privacy concerns raised by government-backed digital currencies.” The moderators were FFTF campaigns and communications director Lia Holland, and Amnesty International USA director Michael Kleinman. The panelists included: Surveillance Technology Oversight Project (STOP) founder and executive director Albert Fox Cahn; Digital Dollar Project (DDP) executive director and World Economic Forum (WEF) Digital Currency Governance Consortium member Jennifer Lassiter; Sex Workers Outreach Project (SWOP) co-executive chapter director Alexandria LaRue; and Willamette University College of Law assistant professor Rohan Grey. Lassiter didn’t have answers on whether a U.S. CBDC will have privacy, but believed they “can strike an appropriate balance” based on “empirical data” that organisations like hers would collect. On the question of whether the ‘stability’ from state control of money outweighed the harms, Grey argued that the central banks would rather acquiesce to the NSA than listen to or protect the public, especially minority groups. LaRue emphasised that in discussions about CBDCs, it is our duty to include the perspectives of people who often aren’t part of the conversation, and the people in charge of this decision-making should not be those with the privilege of political power. During final thoughts, Cahn, who believed that ‘surveillance is baked into the very DNA of international finance,’ stated: “Low-tech is good tech; when we keep things analog, we keep them private.” [Note: I’ll link to the video when they publish it.]

Artists and activists are not the only ones putting up resistance to the implementation of a CBDC. On September 7th, members of the U.S. House Committee on Financial Services had written to Federal Reserve vice chair Lael Brainardregarding the Fed’s authority to issue a CBDC absent specific authorizing legislation from Congress,” among other follow-up questions to Brainard’s testimony during their May virtual hearing, “Digital Assets and the Future of Finance: Examining the Benefits and Risks of a U.S. Central Bank Digital Currency.” The letter requested that she respond by no later than September 30th; it is unclear whether she did, but according to a letter the Committee sent to Garland in October, they believe “the Federal Reserve does not have the legal authority to issue a CBDC absent action from Congress. Both Federal Reserve Chair Powell and Vice Chair Lael Brainard have also testified on the need for authorizing legislation.” As Anthony cited in his commentary, the Federal Reserve Bank of Richmond has also written:

The Fed expressed reluctance to get into retail banking (a move that might require congressional authorization). Instead, the white paper favored an intermediated approach that would work through private financial institutions to take advantage of their existing systems for complying with anti-money laundering laws and Know Your Client laws.

On November 18th, Anthony and Michel released a new working paper arguing that “Congress should explicitly prohibit the Federal Reserve (the Fed) and the Department of the Treasury (Treasury) from issuing a CBDC in any form.” They counter the claims of “financial inclusion,” “faster payments,” “preserving the dollar’s status as the world’s reserve currency,” and “improv[ing] the implementation of monetary and fiscal policy,” and then touch on the threats “to financial privacy, financial freedom, free markets, and cyber security that a CBDC would pose.” The final section makes several recommendations for how Congress could limit the Fed and Treasury legislatively.

Regarding cash usage and the un(der)banked, the paper includes the following:

The Federal Deposit Insurance Corporation’s (FDIC’s) survey of the underbanked and unbanked households in America reveals that the issue of financial inclusion is more nuanced than solely being a question of “access.”7 Over 72% of the unbanked households surveyed said that they were not interested in having a bank account (Figure 1).8 When asked why they feel this way, respondents most commonly said that they lack enough money to open an account, avoid the banking system to secure their privacy, and have a distrust for banks in general (Figure 2).9

Relatedly, in “The Future of Money and Payments” report prepared by the Treasury for the Biden administration, they state that “the percentage of the United States that is unbanked is higher than the percentage in all other G-7 countries.42” Figures 1 and 2 show the results of surveys conducted by the Federal Reserve, most recently “2022 Findings from the Diary of Consumer Payment Choice,” regarding payment method choices made by consumers between 2016 and 2021. During this period, they found that while cash as a medium has gone down from 31% to 21% of payments (credit cards have increased from 18% to 28%), it is still the primary payment method (36% of payments) for those with an annual household income below $25,000.

On the topic of CBDCs, the Treasury report states that because it “could potentially be used at much greater scale and velocity,” a design as anonymous as cash would be too risky, and then seems to echo the ‘threshold’ model suggested by the European Central Bank (TMIBP19):

These risks could be more easily mitigated in an identity-verified system, in which intermediaries collect and verify customer information. Other strategies, including zero knowledge proofs, could also be explored. A CBDC could also have tiered accounts to allow for different functionality, tied to different levels of identity verification and monitoring. Controls could be embedded into the design of any tiered system to enable intermediaries to identify instances of structuring designed to avoid compliance thresholds. Tiered accounts could enable customers without identity credentials, who are often unable to access traditional financial services, to access CBDC. While models that allow different levels of identity verification and monitoring could reach wider user bases and do more to promote inclusion than accounts requiring full customer due diligence, they would need to be carefully assessed and calibrated to appropriately mitigate the illicit financing risks. In addition, a tiered model would need to regularly assess the illicit finance risks and, if necessary, change the tiering to adapt to an ever-changing risk environment.


Back in March, the ECB released “commissioned research on citizens’ payment habits and their attitudes towards digital payments in order to gain a deeper understanding of user preferences as part of the digital euro project.” When the “general public and tech-savvy participants were asked to imagine a future where most payments are digital,” and what features were most important to them, “instant payments, universal acceptance and risk-freeness are non-negotiable features.” Like the Federal Reserve surveys, they found “the main payment method used by unbanked, underbanked and offline individuals is cash.” However, cash usage has still been more broadly popular in Europe than the U.S., even during the pandemic, where it was “used to settle 38% of the transactions at supermarkets, 57% of the transactions in small shops for day-to-day items, and 63% of the transactions at restaurants, bars and cafés.”

More importantly, this report provided insight into what is envisioned regarding the privacy ‘thresholds’ (TMIBP19, TMIBP20). “Three different privacy settings” for a theoretical digital euro wallet were offered: ‘high,’ ‘medium,’ and ‘low.’ The so-called “high privacy setting” allowed users to “download money” that would be “usable even when there is no internet or phone connection,” and “payments remain private as long as they do not exceed the legal limit for compliance,” restricted to just “lower value payments (e.g. <€150) and not for online shopping.” Unsurprisingly, most preferred the so-called “medium privacy setting,” which required that “the user’s bank stores the user’s personal data and monitors the transactions, including for small amounts,” but does not impose spending limits:

A medium level of financial privacy is preferred for the new wallet, as it avoids the restrictions imposed by the high setting and the advertising found with the low setting. However, most participants say privacy is not a key feature. They assume that no truly private digital transaction is possible, so privacy is not something they really think about. Nevertheless, most participants would like to have the choice to opt for a privacy level according to the payment situation.

On July 13th, the ECB published a document summarising “key objectives and design considerations” for the digital euro, stating unequivocally that “it would complement cash, not replace it.” They recognised that the decline in cash usage weakened “the strategic autonomy of European payments and monetary sovereignty,” particularly “in the event of geopolitical tensions,” given that “most electronic payments solutions are at present run by companies with headquarters outside the European Union.” According to CoinDesk, a supposedly leaked paper “authored by senior Treasury officials from France, Germany, Italy, Spain and the Netherlands” echoed similar concerns, suggesting a “digital euro could play a vital role to strengthen the strategic autonomy of the European Union.”

The lesson Russia learned in February was also learned by the Canadian truckers (and many others in recent history) and brings into sharp relief a question that hits at the core of the current monetary and political arrangement; what is money and who has the power to decide? Money is an expression of power. The power to decide what is money — and who can or cannot use it — is a unique and consequential power. How such power is wielded — whether in the hands of a state, across blocs of competing states or among a distributed consensus of individuals — will shape much of the future.

— “The Future Geopolitical Order and Bitcoin: An Initial Assessment” by Matthew Pines, national security fellow at the Bitcoin Policy Institute (July 2022)

On September 29th, the ECB released a progress report “on the investigation phase,” which “elaborates on the foundational design options that were recently endorsed by the Governing Council.” The Governing Council, headed by Lagarde, plans to make a decision on whether to advance into the “realisation phase” in autumn 2023. In the section on privacy, they define the “baseline scenario” as one where “a digital euro would provide a level of privacy equal to that of current private sector digital solutions18” and only promise to “explore two options” with co-legislators that “go beyond this baseline scenario.19 These could allow the digital euro to replicate some cash-like features and enable greater privacy for low-value/low-risk payments.”

Further work is needed to explore how the two options could be enabled in the regulatory framework (e.g. how to exempt low-value/low-risk digital euro transactions from certain AML/CFT obligations).22 In this context, the Eurosystem is in discussions with the Commission and European Data Protection Authorities.

On October 10th, the European Data Protection Board (EDPB), chaired by Andrea Jelinek, issued a statement on the digital euro project; this follows their detailed consultation submitted to the Commission in June. They caution “against the use of systematic validation and tracing of all transactions in digital euros,” and argue that “the design choices adopted by the ECB should be based on a documented impact assessment of all risks concerned still privileging innovative, privacy enhancing technologies (such as e-cash, Zero Knowledge Proof).”

In order to meet the policy objectives enshrined in Articles 7 and 8 of the European Charter of Fundamental rights and the high privacy standard that only the public sector can offer, it might not always be appropriate to foresee a validation of transactions by a third party. The regulatory checks, if needed, as a rule should be run ex post and on a targeted basis, in the presence of a specific AML/CFT risk. A validation of all (each and every) transactions in digital euros might not be in line with the data protection principles of necessity and proportionality, as interpreted by CJEU case law.6

… Furthermore, the EDPB recommends the digital euro to be modelled as closely as possible to a peer-to-peer modality, available both offline and online, as opposed to an account-based model.

Dutch engineer and financial history consultant Simon Lelieveldt (TMIBP11, TMIBP14) commented that he was satisfied with the EDPB’s “clear stance on [anonymity] and it is well in line with the analysis I made previously” in June, namely that “we must design from the perspective of a digital euro that will ..not allow any monitoring, oppression and pursuing of specific political objectives in the future.”

This is not just about: ‘privacy-by-design.’ This is about: ‘human-rights-by-design.’

On October 12th, I joined a Bitcoin Amsterstam panel, “The Spectre of CBDCs,” with Grant McCarty, Frank Holmes, Allen Farrington, and Christophe De Baukelaer, the Belgian member of Parliament who had announced in January that he would be converting his salary into bitcoin. Like the OFF panel in May, we were in agreement that CBDCs were bad news for various reasons. Regarding the digital euro project, De Baukelaer said that the plans seem to be changing month to month. “When you begin a project [out of] fear, it’s rarely a good idea… What I feel is, for sure, there will be no anonymity… There is no advantage for us, for the citizen.”


In TMIBP20, I covered a decision from the Treasury’s Office of Foreign Assets Control (OFAC) to designate the Ethereum-based mixer Tornado Cash as a sanctioned entity, and the arrest of developer Alexey Pertsev in the Netherlands. After already having a bail request and its appeal denied, this month Pertsev has once again been ordered to remain in custody until February 20th 2023, because the court believes he is a flight risk.

At the hearing on Tuesday, Dutch public prosecutor Martine Boerlage announced money-laundering charges for the first time. Boerlage had said little more about the case than a press release, but has now accused Pertsev of facilitating the processing of dirty money by writing the Tornado Cash code.

Dutch journalist Aaron van Wirdum commented, “The way it’s shaping up, it looks like this case will resolve heavily around the legal implications of a DAO.” Provoost, who also attended the hearing, predicted that “politically, this may be the most import crypto court case in The Netherlands (and will set EU precedent).” It is worth mentioning that according to the government’s own website, “the total time spent in pre-trial detention may not exceed 110 days.” As of this decision, Pertsev has already been detained for 104 days, and will reach 194 days on the date set by the judge. Coin Center director of research Peter van Valkenburgh described this as “an affront to human rights.” Coinbase chief legal officer Paul Grewal noticed that “recently OFAC removed, and then re-added, Tornado Cash its US sanctions list.” According to this blockchain data visualiser tool, Tornado Cash activity has dropped from over seven hundred ‘unique users per week’ at the start of August, to less than fifty.

But Pertsev will not be alone with his court battle. On September 8th, six users of Tornado Cash – Joseph Van Loon, Tyler Almeida, Alexander Fisher, Preston Van Loon, Kevin Vitale, and Nate Welch – filed a civil lawsuit against the U.S. Treasury Department through a Texas district court for “unprecedented, overbroad action [that] exceeds Defendants’ statutory authority, infringes on Plaintiffs’ constitutional rights, and threatens the ability of law-abiding Americans to engage freely and privately in financial transactions.” Given that two Coinbase employees (Almeida and Welch) are involved, the company “is paying the legal bills of the employees and four other plaintiffs.” They later also released a video interview with four of the plaintiffs (Van Loon, Fisher, Vitale, and Almeida). CEO Brian Armstrong and Grewal published long statements about why they were funding the legal action:

… Congress passed the International Emergency Economic Powers Act (“IEEPA”), authorizing the President to freeze the assets of, and prohibit transactions with, any person determined to be a threat to the United States, and the President delegated this power to Treasury to issue sanctions. However, this delegated power only authorizes OFAC to target persons or their property.*

We are supporting the legal challenge to the Tornado Cash action because the Tornado Cash smart contracts are neither person nor property. This means OFAC exceeded its authority from Congress when it recently added these to the SDN List — effectively banning the technology for all U.S. persons. The outcome sought by this challenge is to have OFAC remove these crypto addresses associated with software from its SDN List, so that U.S. persons can once again use this privacy technology.

On September 14th, FFTF put out a statement in response to a number of clarifications published by the Treasury, including that “U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts” (as a result, GitHub has since restored the Tornado Cash code repositories in read-only archive mode). Holland considers this “inadequate to address our concerns related to human rights, free expression, privacy, and the right to write open source software code.” On September 29th, she and director Evan Greer also wrote for the Lawfare blog that “Tornado Cash Sanctions Are Unduly ‘Creative’ With the First Amendment.”

On October 12th, Coin Center announced that they had filed their own lawsuit with three other plaintiffs against OFAC “to delist Tornado Cash privacy tools from sanctions.” This is in addition to the lawsuit they opened against the Treasury in June, where they challenged the constitutionality of the Bank Secrecy Act (TMIBP20).

The criminalization of Tornado Cash infringes on associational privacy by outlawing the use of an essential privacy tool and forcing users of that tool to disclose their activities to the federal government and the public. It thereby chills the associational activities of Mr. Doe, Coin Center, and their donors.

The next day, renowned security technologist Bruce Schneier and Professor Henry Farrell published counter-arguments to both Opsahl’s legal assessment and the Holland/Greer piece, mostly focused around characterisations of Tornado Cash as one of many decentralised autonomous organisations (DAOs) “wreaking havoc on the world” which “need to be subject to regulation.” Valkenburgh contends that this is “an irrelevant red herring,” and “the sanctions are not calibrated ‘regulation’ of bad actors, they are a full ban on every American’s use of the tool for any reason.”

The Tornado Cash tool itself is not a DAO. There’s no group of DAO token-holders or DAO members who control the operation of the smart contracts. There is a Tornado Cash DAO that performs non-essential activities to support continued development of Tornado Cash privacy software, however that DAO does not and cannot control the operation of Tornado Cash. Remarkably, the Ethereum address of that DAO is not one of the sanctioned addresses announced by OFAC, and none of the designations contested in pending lawsuits challenging the sanction have anything to do with that DAO.

On October 27th, NSA whisteblower, Freedom of the Press Foundation board member, and author Edward Snowden remotely spoke at Decrypt Media’s event in Napa Valley, California. He described the OFAC sanctions and the Dutch government’s decision to imprison Pertsev as “deeply illiberal and profoundly authoritarian.”

We should resist that ‘suggestion.’ In my opinion, we should simply gift ‘the city’ a new ‘water fountain.’ Sneak into the ‘park’ at night, wear a mask, wear gloves if you must. But make sure that if people are thirsty, they can find something to drink. Because the human right to privacy is non-negotiable.


In TMIBP11, 12, 13, 16, 19, and 20, I have featured progress with Chaincase, an iOS client based on Wasabi. While the original beta wallet was sunset on November 1st, the project has since pivoted to combining PayJoin and Lightning.

Funding channels on a lightning node can be a pain. First, I need to send funds to my node on-chain. Then I need to make another transaction to open channels. Instead, we can use the BIP 78 PayJoin P2EP protocol to fund and open channels in a single transaction.

On October 14th, lead developer Dan Gould opened the ‘NoLookingproject as part of the six-week Legends of Lightning online global development tournament. He had publicly announced the project a few days prior with co-developers Armin Sabouri and Nick Farrow, and performed a mainnet demo. They documented their progress and problems over the subsequent weeks. By the second and third, they had “experimented” with Cashu e-cash, opened two Lightning channels from a Sparrow Wallet PayJoin transaction, and a Halloween-themed alpha version of their app was running on Umbrel; by the fourth, the app had “well over 400 downloads.” During the fifth week, they focused on “delivering the minimum delightful product.. to the market,” and scheduled a public call in December with the Bitcoin Design community to discuss the user experience of PayJoin. On November 23rd, the hackathon’s host ‘Bolt Fun’ livestreamed another ‘NoLooking’ demo. In the wrap-up, Gould summarised their achievements and future plans, laid out in the “NoLooking Roadmap.”

We want to push beyond hobbyist adoption. In order to get PayJoin as the standard, we need to move into enterprise products and services. To do this, we need introductions to bitcoin organizations who believe in human freedom and are willing to step to the cutting edge.

To smooth this offering, we are in the process of vetting the free and open source code we have built and depend on. We need to get it tested and reviewed by some rust & bitcoin wizards. The easier it is for us to recruit this help, the faster bitcoin gains privacy.

We’re talking livelihoods. It needs to be bulletproof.

The window for us to deliver privacy as an alternative to the CBDC pantopticon may be running out. Legends of Lightning has us speeding up.

Project submissions for the tournament officially closed on November 24th, and the judges announced a shortlist of finalists for each track on Nov 28th. ‘NoLooking’ was included in the list of ten finalists for the Global Adoption track.

The finalists will then get an extra week to continue working on their projects, putting in any extra features or finishing touches. On Dec 6th, we will host a Finals day live stream for each track, giving founders a chance to re-pitch their projects live to the world! (This can also be done with a pre-recorded pitch). Our judges will then rescore the projects and announce the winners on Dec 7th!

:information_source: Check out the Lightning Privacy Research project to “investigate potential improvements to Lightning on both the protocol level and in how it’s used,” by Ben Carman, Evan Kaloudis, Max Hillebrand, Paul Miller, and Tony Giorgio.

:information_source: Check out Bitcoin Optech Newsletter #216, #217, #218, #219, #220, #221, #222, #223, #224, #225, #226, #227, and #228 for other recent technical developments beyond Bitcoin privacy.

:evergreen_tree: In case you don’t hear from me until next year — bonus moths for the holidays!

Spot the Buff-tips. (Phalera bucephala)

"Spot the Buff-tips. (Phalera bucephala)" by gailhampshire is licensed under CC BY 2.0

Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’