For what it's worth, I'm a google workspace administrator and we've had issues with legitimate business emails going to our spam folders. We used various tools in the workspace admin console to whitelist the sender, but their mails kept going to our spam. We contacted google support, they verified our settings were correct, then kind of shrugged and said they can't explain why gmail flags things as spam. They clarified that it wasn't just that they weren't allowed to tell me, but that it was literally impossible for them to know.
So I'm not sure if there is such a thing as a "quality score", but there certainly is a machine learning black box.
Yeah but the same argument could be made for the web. Why build a react app that complicates everything instead of just a plain HTML site. The simple answer is use cases, if you're delivering a simple email with a notification then no you do not need something like this, but some will have a case where they do need to reach for something like this. It's no different than web or mobile development. If we shunned every piece of tech that had potentially nefarious uses cases then we would still be stuck in the stone age.
> Yeah but the same argument could be made for the web. Why build a react app that complicates everything instead of just a plain HTML site.
Yes. Yes!! Exactly the same argument can be made about the web. Why is the answer to this "let's do the same in email" and not "why don't we work to reduce overengineering and complexity"?
Humans prefer to have barriers to completing a task removed. No clicks is much better than one click and privacy is almost completely dead. Privacy will slowly die unless there are major changes legally and culturally. It’s worthy to fight against the loss of privacy. I think it will be a losing fight though.
So you're saying that microsoft has more money to work with? Everything I know about the legal system shows that the more money you have, the easier it is to get your way.
This is breathless but misleading. With recent conservative judicial decisions the notion of general privacy is on the ropes, but KYC has always precluded financial privacy at any scale other than unstructured cash transactions, and you're still supposed to report those in your taxes. This is in line with the treatment of other entities that fail to maintain KYC compliance.
The state has the power to levy taxes and prevent transactions with entities that it considers harmful (OFAC is effectively this); this is the state taking steps to do so, while GitHub is deciding that people who are attempting to evade those laws are outside the risk profile of "who we want to provide services to".
You ask this as if there are only non-legitimate uses. Do you think businesses often give away their revenue data to their competitors for free? Of course not, so if you want to do business on an open ledger then you have to have a way to obscure transactions so that your competition doesn't get to know exactly what your revenue stream looks like.
There's nothing sinister about privacy. It would be a logical fallacy to assume that just because sinister things happen in private that privacy itself is sinister.
Totally agree. One damning aspect of Tornado is we know it was used to launder money. Criminals used it. This was publicly reported and certainly known to the Tornado team.
If you know your product is being used by criminals to do crime and you respond by shrugging your shoulders, I’m not sure what the expected outcome is supposed to be other than getting dinged.
> If you know your product is being used by criminals to do crime and you respond by shrugging your shoulders, I’m not sure what the expected outcome is supposed to be other than getting dinged.
You are aware that criminals use all the same thing as you an me right? They use toothbrush too... should Coldgate not shrug their shoulders? Sure they don't commit crime with them, but they do use them. Want something they use to commit crime? Guns to kill, cars to evade, bags to carry the money, etc... what should all theses companies do? Let's go even closer, about privacy, what about balaclava manufacturer, it's the default thing considered for banks robbers, yet they still sell them!
I don't have all the details in this case, my guess is that Tornado Cash were aware that it was used by theses countries and could have stopped theses specific accounts (it would keep going for sure without their knowledge using alternative accounts obviously, just like many of theses countries still are able to get Windows illegally, but at least they would no longer be aware of theses accounts). In that case it does makes sense and I agree with the direct sanction of Tornado Cash. I would still disagree with the blanket sanction over the open source contributors, as they might have contributed without knowing it was used by sanctioned country.
Writing all that made me think of a question: do you believe contributor to Windows should be sanctioned too knowing that Windows is used in some of the sanctioned countries?
> would still disagree with the blanket sanction over the open source contributors
No contributors have been sanctioned. Three leaders had their GitHub accounts deleted, from what I can tell, and are trying to misrepresent that as a threat to everyone who ever touched the project.
I like to ask myself what money laundering even is and whether it makes sense and ideally it wouldn't even be illegal. Money laundering isn't the crime - it's just a convenient tool to dissuade crime. Ideally there would be no crime without violence and there is nothing but consenting individuals involved in money laundering. The crime happened before the laundering and that's what we should be preventing.
Otherwise you end up in situations like this where innocent people are going to get screwed over because they utilized a tool that criminals utilized. This isn't fair or just by any standard and I personally don't accept the collateral damage as worthy.
This doesn't even begin to touch on the vast majority of laundering that happens in fiat across international banks . That would take a while just to list all the infractions that are constantly happening, yet those entities are still not only operating in the free market, but they have federal insurance and backing.
> crime happened before the laundering and that's what we should be preventing
Covering up a murder is a crime because we don’t want people helping murderers cover up.
> like this where innocent people are going to get screwed over because they utilized a tool that criminals utilized
People who used Tornado Cash aren’t getting screwed. Even the developers aren’t. They aren’t personally sanctioned. Their work, which has been used to launder money, is.
Third parties, like Microsoft, are choosing not to associate with them. (The developers who knew about the laundering, e.g. through the public announcements law enforcement made, and kept working on it are far from innocent.)
> doesn't even begin to touch on the vast majority of laundering that happens in fiat across international banks
Yes, there are other crimes.
People laundering money through banks get sanctioned and jailed. When banks make a habit of laundering money, they too get sanctioned. There is ample historical record of all of this.
> People who used Tornado Cash aren’t getting screwed.
Incorrect, as per sanctions putting the onus on private entities to get things right, circle has blacklisted any USDC address that has been owned by the tornado cash protocol, which means anyone using tornado cash for legit purposes will lose every dollar they had in USDC. I'm really not sure how you came to the conclusion innocent people weren't getting screwed here, but it's irrefutable that they are, unless of course your definition of guilty is someone that used tornado cash, which would be a silly definition. I've used mixers plenty for completely legit reasons. I don't want people knowing how much crypto I have and I don't want to manage tons of addresses so when I transact in open ledgers I have at times had people pay me via mixers to hide the addresses I own and thus hide how much crypto I own from people doing business with me. All completely white market business dealing with buying/selling electronics too, for that matter.
> People laundering money through banks get sanctioned and jailed. When banks make a habit of laundering money, they too get sanctioned. There is ample historical record of all of this.
Incorrect, they pay fines that rarely even cover the profits they made to begin with.
> circle has blacklisted any USDC address that has been owned by the tornado cash protocol, which means anyone using tornado cash for legit purposes will lose every dollar they had in USDC
Wasn’t aware of that. Fair enough. Innocent people will get harmed.
That said, innocent users whose USDC was frozen haven’t lost their money. They’ll have to show they weren’t laundering money. When they do, they should be able get it unfrozen. If that doesn’t work they can pursue legal remedies, though the law in all of this is obviously undeveloped. We are in dire need of stablecoin legislation; something to add might be controlled redemption for users the issuer no longer wishes to associate with.
Their situation is analogous to getting money stuck at PayPal. If you don’t want to take that risk, don’t use PayPal. If you don’t want to run the risk of your stablecoin getting stuck, don’t use mixers. Particularly after they’ve been publicly identified for laundering money.
People have been talking about all of this for years. It was continuously shouted down, or claimed to be impossible because blockchains are above the law or something. I get that there was a lot of noise above that signal. But like, it’s North Korea. On the balance of harms, of course this is what happens. There was never another endgame. The wheels of justice just turn slower than bullshitters spin yarn.
> They’ll have to show they weren’t laundering money. When they do, they should be able get it unfrozen.
I hope you're right, but the process to make this happen will be painful and slow and the damages will not be compensated I suspect.
> If you don’t want to run the risk of your stablecoin getting stuck, don’t use mixers. Particularly after they’ve been publicly identified for laundering money.
Following this logic, should people stop using HSBC or any of the top international mega-banks? We're talking about banks that didn't "accidentally" let money laundering happen. They actively facilitated it. HSBC specifically laundered money for one of the most violent cartels in the world and not a soul went to jail.
Bit of a rant, but my point is that exactly where should people keep their money that is safe from being caught up in laundering? Such a place doesn't exist as far as I'm aware.
Morally speaking? Yeah, you should probably not use those banks if you care about the ramifications of money laundering.
Practically speaking? HSBC laundered $881 million in 2012 – but they had trillions of dollars of assets under custody. They may have to pay a big fine, but your ability to get at your money will not be impacted.
And even if you deposited your money into your account at "Money Laundering Bank N.A." where everyone but you was a specially designated national, you still have legal recourse to those funds backed by decades of case law. That same case law might help you if you keep money from a mixer in stablecoin that becomes frozen, but it's going to get way hairier.
Nothing wrong with writing code. Code is speech, that's settled law. But the Tornado Cash team wasn't just publishing. They were building a tool. Semenov styled himself as a co-founder and the group advertised open positions on its website.
Okay, how does that relate to open source contributors? Can you retroactively read their minds and determine their intent? Why does their intent even matter? What they were doing was not illegal at the time, and now they are being punished by the US.
It doesn’t. Tornado was used to launder money. That’s all that matters.
My guess is the only people in real legal jeopardy are those who kept working on it after its involvement in laundering was exposed. (I’m assuming they weren’t in on the laundering.) For GitHub, figuring out who those people are is impossible. So they’re being cautious and cutting ties more broadly.
There is a creep problem to sanctions. Some companies in Russia are banned. Suddenly everyone from Cyprus is under extra scrutiny, since you don’t want to be the dupe they used to launder their money. Tornado and its developers were those dupes. But it has been illegal to help North Koreans launder money since before Tornado was founded. It remained illegal when it became known North Korea used Tornado to launder money. Anyone going into money services knows, or is negligent in not knowing, that these laws apply to them. It’s tough to have sympathy for anyone who kept ties. Particularly when the punishment, so far, is simply ostracism.
The US didn't mandate deletion of their Github account. The US isn't punishing them – you can tell because they didn't put them explicitly on the SDN list.
Microsoft made the choice to remove their accounts. Their compliance team likely looked and said "$ we make from these devs < $$$ we'd pay to our lawyers to simply decide if we should keep them on our platform."
This is why I'm surprised more people aren't way more terrified about OFAC than there are. It's probably one of the nastiest diplomatic tools the U.S. has in its arsenal.
I think this thread has a lot of today's 10,000 finding out what it's like to interact with the US gov't as non-citizens by way of this tiny tiny little taste.
Nice, what's next? Jailing everyone who ever had an abortion? Why aren't y'all americans doing that yet, if it's apparently acceptable to punish people for things they did before the supposed crime was made illegal?
Look, the legal system, and political edifice is scary as all hell to anyone actually paying attention. It's literally a game where those in power have a large warchest with which to ruin people's lives, with the only limiting factor being that someone has to do the paperwork, and that paperwork will be checked.
With technology obviating the burden of actually doing paperwork, and essentially cranking the efficiency of the bureaucratic state sky high, as well as equipping it with the tools it needs to keep the checkers/whistleblowers at bay, you've got a frightningly powerful tool poised to crush anything in it's way. These aren't the days of "no man can do much damage in 4 years" anymore.
One of the great Checks, is becoming much less of one every day. It's scary as hell.
Writing software isn't illegal. Timeline goes like this:
1. Developers write open source software
2. Open source software is deployed for money laundering purposes by other people
3. Developers who wrote software at point (1) are now being punished for something they did before the US deemed it to be illegal.
Let's say the speed limit is being decreased. Would it be fair to jail everyone who went over the speed limit in the past, before this decrease was even announced?
The 3 owning accounts of the github tornado cash org were banned or suspended. This is not a legal punishment for a crime, but github covering their own ass legally.
Github banning someone is categorically different from the US government jailing someone. You are conflating two entirely different things.
You seem to have taken the outrage bait that this tweet presented and ran with it without verifying the situation.
There are interesting things to discuss around both the precedent of the sanctions and the ability of large corporations to terminate accounts at will. However the "github is banning people who just contributed to open source and this is wrong because what they did wasn't illegal when they did it" outrage meme is misinformed, confused about how law works, and is generally distracting from all the actually important topics.
> It's easy to spend decades making crappy software.
But here's the important question: are the problems that are caused by ignoring the aforementioned differences enough to prevent people from being able to use your software? Or, conversely, are they enough to weigh more heavily than the functionality that you provide for your users?
Because somehow even Electron based software is pretty popular in the desktop, oftentimes looking and feeling rather different from most of the native software. But apart from nitpicks and rightfully complaining about those annoying inconsistencies, does it really matter enough to spend resources towards fixing them?
I can't think of that many inconsistencies that caused web applications to be unusable across different platforms altogether, apart from IE not supporting certain JavaScript functionality back in the day and non-transpiled (to say, ES5) codebases breaking altogether. But look and feel related things have hardly been as important.
