Senators Elizabeth Warren (D-Mass) and Senator Roger Marshall (R-Kan) have introduced the “Digital Asset Anti-Money Laundering Act Of 2022,” a bill which would have sweeping impacts on the privacy of bitcoin users.
If enacted, the bill would require custodial and self-custodial wallet providers and miners to implement know-your-customer (KYC) systems. It would also prohibit financial institutions from interacting with privacy tools such as CoinJoin in an effort to limit the ability of users to maintain their privacy. While the bill focuses on such measures in order to curb money laundering, tools such as CoinJoin simply restore the users’ ability to use bitcoin in a way that more closely resembles physical cash. That is, the bank knows when a client withdraws cash at an ATM, but has limited knowledge of what any user does with it afterwards. This cash-like attribute is only realized in cryptocurrencies through tools such as CoinJoins. In addition to this, regulating bodies would be allowed to file reports and surveil users without need for a warrant or government request.
According to the bill, it also calls for a “rule classifying custodial and unhosted wallet providers, cryptocurrency miners, validators, or other nodes who may act to validate or secure third-party transactions, independent network participants, including MEV searchers, and other validators with control over network protocols as money service businesses,” which would imply that Bitcoin nodes would be classified as such as well.
The bill seeks for the Financial Crimes Enforcement Network (FinCEN) to implement the guidance which, according to blockchain advocacy group CoinCenter, “is the most direct attack on the personal freedom and privacy of cryptocurrency users and developers we’ve yet seen.”
Senator Elizabeth Warren has previously expressed her desire to regulate the cryptocurrency industry, most recently after the collapse of FTX. The bill would likely face extensive scrutiny as, amongst many other issues, it would force unhosted wallets providers to register before publishing their products, effectively placing limits on free speech, as code has been proven to be free speech.
The European Union indicated Thursday that it will make cryptocurrency companies report their European users’ holdings to tax authorities. The proposed eighth Directive on Administrative Cooperation was previously reported on by CoinDesk, and could have wide-reaching implications including forcing non-EU based companies to have to register with tax entities there.
In a statement, the EU Commissioner for tax, Paolo Gentiloni said, “Anonymity means that many crypto-asset users making significant profits fall under the radar of national tax authorities. This is not acceptable.”
The enforcement of the measures was not made entirely clear, as the cryptocurrency industry has various entities and actors residing in various jurisdictions, including some who claim no base of operations. Beyond that, there should be concern for the honeypot of user data that registering user holdings creates. Often, holdings on centralized exchanges (which are dangerous in their own right) are paired with sensitive identifying information which could potentially be used by criminals to attach people to their holdings.
There have been various cases of documenteddataleaks in and outside of the cryptocurrency industry: and these are simply the ones that surface. Forcing companies to provide European tax authorities — including companies based outside of the EU — once again forces firms to collect copious amounts of data exposing user holdings, and then transmit them to tax authorities in Europe whom they must trust to keep them safe.
Concerns have also been voiced that this could have ramifications for the EU’s Markets in Crypto Assets Regulation (MiCA) which is the “first all-encompassing effort to tackle cryptoassets and brings rules contained in Mifid, Market Abuse and the Prospectus Regulation to the cryptoasset industry,” according to the International Financial Law Review (IFLR).
The European Crypto Initiative made a statement indicating it was “concerned that it would apply to a far wider range of obliged entities and individuals” than MiCA.
The EU has said it believes the move could generate as much as $2.5 billion (2.4 billion euros) through the introduction of the directive.
COLORADO SPRINGS, Colo. — A judge unsealed a dropped bomb threat case Thursday against the Colorado gay bar shooting suspect who threatened to become the “next mass killer” over a year before allegedly killing five people and wounding seventeen others at the LGBTQ enclave Club Q.
Judge Robin Chittum said the public interest in the case outweighed the privacy rights of defendant Anderson Lee Aldrich.
“This interest is so significant I think I would even call it profound,” Chittum said. “To … see what occurred in a case is very foundational to our system of government to have that scrutiny. … And the only way for that scrutiny to occur is for this to be unsealed.”
The judge ruled despite objections from the suspect’s attorney and mother.
More than a year before police say Anderson Lee Aldrich killed five people and wounded 17 others at a gay night club in Colorado Springs, Aldrich was arrested on allegations of making a bomb threat that led to the evacuation of about 10 homes. The case was later dropped for reasons yet to be explained.
The judge’s order to release the records comes after news organizations, including The Associated Press, sought to unseal the documents from Aldrich’s 2021 arrest.
It was unknown when unsealed documents will be posted online.
This is an opinion editorial by Thibaud Maréchal, a contributor to privacy-focused Bitcoin wallet project Wasabi Wallet.
“Divide and conquer” is a battle-tested military strategy to fracture a group of people by making them disagree and fight each other instead of joining together against a common enemy. Wasabi and Samourai, two popular bitcoin wallets with different CoinJoin implementations have been fighting for many years. JoinMarket, a third CoinJoin implementation, has also been involved in colorful debates with other privacy developers.
Learning about bitcoin privacy and CoinJoins has become quite hard with ongoing drama. Who to trust? How can one verify for themselves? It’s all very unclear. What does it bring for precoiners, casual bitcoiners and purists alike? Confusion, fear, uncertainty and doubt (FUD). The state of bitcoin privacy is embarrassing with all this perpetual drama scaring away new users. Precious time is wasted by developers, educators and regular users who would probably be better off doing anything but trying to keep up with the drama.
It is obvious that no one agrees on “how to do CoinJoins right,” let alone, how CoinJoins should be implemented to optimize user privacy and block space efficiency on the Bitcoin network? What are the tradeoffs between different implementations? Are some implementations outright flawed? How do CoinJoins “cross the chasm” from early adopters to mainstream users when billions of people will turn to bitcoin in the coming years?
Let’s now take a look at CoinJoins by asking fundamental questions and raising some assumptions to build some sort of mental models, which will be useful in evaluating different implementations in future articles.
Not All CoinJoins Are Made Equal
Blockspace efficiency should be considered to make sure CoinJoin transactions scale as Bitcoin gets used by more people across the world. This is rarely discussed as a top priority. Any CoinJoin design that ignores blockspace scarcity is unnecessarily spamming the block chain while accumulating technical debt, which will be difficult to pay back as more users CoinJoin in the future. Having a minimal footprint on the block chain is one goal that seems very reasonable to aim for: a small number of transactions to get to an acceptable level of anonymity sounds ideal.
What is an acceptable level of anonymity?
What does anonymity even mean in the context of bitcoin privacy?
How are particular CoinJoin designs dealing with blockspace scarcity?
Reclaim Your Privacy
Anonymity in bitcoin would mean that there are no outstanding or unusual features that would make a given transaction remarkable from other transactions on the ledger. That, of course, is not by design on the Bitcoin network, which is a pseudonymous system where coins (UTXOs, which stands for Unspent Transaction Output in technical terms) are by default not fungible due to having unique transaction histories.
CoinJoins add a level of anonymity to the bitcoin network by breaking links between transaction inputs and outputs primarily making resulting UTXOs indistinguishable from each other. There are other heuristics that chain analysis companies use to watch the bitcoin network, such as common input ownership, self-spending, round amounts or timing analysis to name a few, which may or may not be obscured by CoinJoins.
CoinJoins help bitcoiners reclaim their privacy but are not the solution to everything. If privacy is understood as the choice to share information about oneself, great privacy can be achieved through CoinJoins but picking the right implementation is essential.
What is my privacy goal using CoinJoins?
Which heuristics does a CoinJoin implementation protect me against?
What are the risks that I want to avoid?
Number Of Participants
Existing CoinJoin implementations have very different ways of improving privacy. Irrespective of each CoinJoin implementation design, the anonymity set (one measure for the level of anonymity) seems to be the most traditional way to evaluate how much privacy one gets from a CoinJoin. There are other ways that will be discussed in other articles. The assumptions are that either a high anonymity set is achieved with a large CoinJoin transaction or that it is achieved over multiple smaller CoinJoin transactions. These two parameters are both important, but is there one that is more important than the other?
In terms of blockspace efficiency, the assumption would be that achieving a large anonymity set with a single very large transaction that has many participants is better than multiple very small transactions with a few participants.
Is one single large CoinJoin or multiple small CoinJoins better for privacy?
How can that be verified truthfully and rigorously? How small is too small for a CoinJoin?
What is the right metric to evaluate how much privacy you can get from a CoinJoin?
What is the most blockspace efficient when it comes to the size and number of CoinJoins to reclaim your privacy?
Is it realistic to expect coins to participate in multiple CoinJoins over time as more people start using CoinJoins? How many CoinJoin rounds is enough or too much?
In simple terms, CoinJoins allow bitcoiners to reclaim their privacy by giving them plausible deniability. Plausibility is a measure of probability. How likely is it that your bitcoins were spent or simply moved to another address you still control? How likely is it that one input is linked to a given output?
Obviously, the smaller the probabilities across many options, the better plausible deniability you get as a hodler. Plausible deniability is hard to preserve because errors are easy to make. Change outputs are often problematic for bitcoiners who care about privacy and are often a source of contentious discussions and criticism. Why is change output such a controversial topic in CoinJoins?
Change Output
It’s all about deterministic links. If bitcoin transactions had a spectrum of privacy, on one end would be a transaction with absolute plausible deniability, meaning 0% chance of knowing the link between inputs and outputs. This is also referred to as randomness or entropy in a CoinJoin. The assumption is that the more random or higher the entropy, the better. On the other end would be a transaction with 100% deterministic links between its only input and single output.
Unintuitively, a high entropy doesn’t necessarily mean that a transaction provides good privacy. A transaction with three inputs and three outputs of equal amounts technically has 100% entropy, meaning there is no way to distinguish each output from each other; and yet, there is a 33.33% chance that each input is linked to a particular output. High entropy does not necessarily mean good plausible deniability.
Change almost always has a very high deterministic link to its previous transaction. In other words, there is little doubt that a change output is not tied to the previous transaction that spent it. That can be a considerable privacy issue if a given change output were to be co-spent with other anonymous inputs following CoinJoins (though exceptions may apply in certain cases). This is usually referred to as UTXO consolidation and can be fatal to your privacy if done naïvely.
Change outputs can de-anonymize outputs that have gained some plausible deniability from CoinJoins if spent together. Errors are commonplace for bitcoiners and sometimes the realization comes too late, undoing years of diligent privacy enhancements in one single spend. How to get rid of this change output problem?
Existing CoinJoin implementations have three ways of dealing with change outputs: isolate the change into another wallet that is not CoinJoining, include the change output in the same wallet that is CoinJoining or get rid of the change output by not having change outputs at all. The latter seems to be the most advisable in terms of privacy and blockspace efficiency but further digging is required to validate or reject this assumption.
Is a high entropy score enough to qualify a CoinJoin as good for your privacy?
Is it better to isolate change outputs in another wallet or should it be removed entirely?
Is a change output always bad for your privacy?
Coin Denominations
Getting rid of change outputs in CoinJoins requires that coin denominations be variable in a CoinJoin. In other words, the inputs registered in a given CoinJoin cannot have a fixed size like 0.1 BTC, otherwise it becomes impossible (or at least very hard) to consume inputs without creating change outputs as most UTXOs don’t have round numbers (i.e. 0.19572394 BTC where 0.09572394 BTC would be the change in a 0.1 BTC fixed coin denomination CoinJoin).
Change outputs can be dangerous for your privacy, remember? Having multiple sizes for inputs and outputs in a CoinJoin seems to be a bad idea as it brings us closer to deterministic links between inputs and outputs, right? Well, yes and no. It depends. If a CoinJoin has a small number of participants (meaning few inputs and few outputs), then different denominations are a bad idea. But what if a large number of inputs and outputs are included in a given CoinJoin?
In a large CoinJoin, multiple denominations can bring a high level of plausible deniability to each resulting output without creating change outputs and requiring additional transactions, which is a highly efficient use of blockspace. It seems that many boxes could be ticked at this point.
Is it better to have fixed or variable coin denominations in a CoinJoin?
How big should a CoinJoin be for variable denominations to make sense?
Are variable coin denominations the best way to get rid of change output in CoinJoins?
It goes without saying that CoinJoin rounds interconnectivity should not be tolerable in any circumstances regardless of whether coin denominations are different or if the CoinJoin is a large or small transaction, right? Well, here again, there is an important nuance to understand.
Coinjoin Rounds Interconnectivity
It is claimed that registering inputs from past shared CoinJoins into new CoinJoins is ill-advised in all cases. Participants from mutually shared past CoinJoins do not seem to benefit from mixing together in other CoinJoins. It seems harmful to privacy, and is often criticized.
What if a CoinJoin is large and some registered inputs come from multiple other CoinJoins, each being also downstream from multiple other CoinJoins? In such a case, participants remixing together are still improving their privacy despite coming from a shared past CoinJoin. If each CoinJoin is large enough, the participants are not required to remix multiple times, though they can if they want to further increase their anonymity sets.
If many large intertwined CoinJoins are involved, the resulting anonymity set should provide plenty of plausible deniability, despite sharing past CoinJoins as origin of funds.
Is CoinJoin rounds interconnectivity, which is sharing mutual past CoinJoins, a bad thing on its own?
How large should a CoinJoin be for remixing with other past inputs to be considered safe?
Personal Full Node
Should you run your own bitcoin full node when participating in CoinJoins? On the surface, it seems like a great idea, and it usually is. Some CoinJoin implementations allow that, while others outright require it. Others won’t allow you to even use your own full node. Is that to condemn absolutely? If you’ve read until now, you should know that the answer is nuanced and opens up a deep rabbit hole to be explored later.
Running your own full node comes with usability tradeoffs, and may not add much privacy protection if not all users do it. Running your own node may even give you a false sense of security and privacy if few CoinJoin participants do it, which can be deeply harmful. If Tor is used as an anonymous way to CoinJoin (and we’ll leave it as that for now), then using a trusted full node to broadcast the CoinJoin transaction can be fine as the default. Lots of nuances, and of course, don’t trust, verify.
There are some essential questions to ask so as to not fall in the trap of privacy virtue signaling.
Does the CoinJoin implementation allow to run full nodes, require them by default or don’t allow them?
If personal full nodes are not mandatory, what are the privacy shields in place? i.e. Tor, block filters, etc…
If I run my own full node, but expect most users to use a default trusted node to CoinJoin, how does that affect my privacy? Can the coordinator de-anonymize me?
With privacy concerns, it is always important to understand what you’re trying to protect, and against whom. Running a full node and using it with your own wallet is the right way to use bitcoin as it allows you to verify your wallet balance and broadcast transactions to the network without trusting anyone. But when it comes to CoinJoins, there is usually a coordinator in charge. What does the coordinator do and how is it selected? Read on.
The Coordinator
The CoinJoin coordinator is in charge of having every participant register their inputs and outputs, and sign the collaborative transaction before broadcasting it. Most CoinJoin implementations default on a central coordinator, which is a single point of failure. Up until now, this has been an accepted tradeoff in most bitcoin communities. Can a central CoinJoin coordinator fail? Absolutely. Other implementations allow anyone to be a coordinator for each different CoinJoin, though there are other sets of trade offs here that will be discussed later.
Coinjoins being non-custodial, no loss of funds could occur if any coordinator would fail. The coordinator should never know more than what everyone knows publicly on the bitcoin network. Why? If a coordinator knows more than what is publicly available, a CoinJoin coordinator becomes a honeypot with highly sensitive data that can be exploited against bitcoiners trusting the service.
You should never trust a CoinJoin coordinator. If a CoinJoin coordinator cannot be evil, good. If it can be evil, it will be eventually, out of errors, omissions, coercion or outright dishonesty.
An example of sensitive user data would be XPUBs, which undeniably leak all the information about a wallet, its addresses, including past, current and future bitcoin transactions. Another example would be the ratio between users running their own full nodes and users trusting the coordinator’s full node to broadcast CoinJoins, as it could de-anonymize users running their own nodes, and therefore deterministically know the links between their inputs and outputs. This is yet another nuanced topic, which would require further investigation and discussion.
Does the coordinator know more than what is publicly available on the bitcoin network?
Do users leak sensitive data to the coordinator, such as their XPUB or whether or not they run their own full nodes?
Does the coordinator claim that users should trust them using legal defense mechanisms? (i.e. warrant canaries, regulatory arbitrage, etc…)
Fees
Bottom line, who pays for what in CoinJoins? These bitcoin transactions can be expensive and sometimes fee structures are unclear for bitcoiners. It’s hard to know how much good privacy will cost you or even if you are getting any privacy out of it. Some CoinJoin implementations allow a single input to buy its privacy from other inputs who only participate for free to increase their own anonymity set. Getting paid to CoinJoin? With patience, yes.
Some models rely on shared fees where only some UTXOs pay fees while others don’t. Other models rely on inviting an ever growing number of new clear inputs (not mixed yet) to fund the existing CoinJoins for remixing inputs that do not have high enough anonymity levels. Some models seem unsustainable over the long term while others are naïve, or way too expensive for most users.
And what fees are we talking about? Well usually, inputs participating in CoinJoins pay both a coordinator fee or taker fee, (the service fee to get some level of anonymity) and the bitcoin network fees. In particular CoinJoin models, these fees get waived in certain circumstances. The economics of CoinJoins is a deep rabbit hole which requires further investigation for a much deeper understanding.
Who pays for what in a CoinJoin? What are all the fees?
What are the incentives of the CoinJoin coordinator?
Are all CoinJoin rounds paid for or is there any free remix?
Having read thus far, the hope is that bitcoiners shopping around for CoinJoins would not necessarily have all of the answers, but the right questions to ask. A mental model or framework to evaluate different CoinJoin implementations can be quite helpful for anyone who is considering using CoinJoins to reclaim their privacy on bitcoin. Sorting through the noise of social media requires intellectual honesty and the right evaluation system rigorously applied.
This is a guest post by Thibaud Maréchal. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
LONDON — The United Kingdom wants to police the internet. Shame the European Union got there first.
Brexit was supposed to let Britain do things quicker. But less than a month after the 27-member bloc’s Digital Services Act (DSA) went into force, London is still struggling to cobble together its own version of the rulebook, known as the Online Safety Bill.
On Monday it tried again, with Britain’s Digital Secretary Michelle Donelan presenting a tweaked bill to parliament. It got the backing of MPs, but faces fresh committee scrutiny before heading to the House of Lords. And the path to a settled law still looks far from certain.
The bill, which seeks to make Britain “the safest place in the world to be online” has not only been a casualty of the country’s political instability — it has also proved a divisive issue for the country’s governing Conservative Party, where a vocal minority of backbenchers still view it as an unnecessary limit to free speech.
“Far from being world-leading, the government has been beaten to the punch in regulating online spaces by numerous jurisdictions, including Canada, Australia and the EU,” said Lucy Powell, the opposition Labour Party’s shadow digital secretary.
Powell said the latest version of the Online Safety Bill was also at risk of getting stuck due to “chaos in government and vested interests,” adding that it was imperative the bill pass through the legislature by April, when the current parliamentary session ends.
Much of the disagreement over the bill has centered on rules policing so-called legal-but-harmful content. That’s been largely dropped from the latest version of the planned law, after Prime Minister Rishi Sunak’s government bowed to pressure from right-wing MPs within his own party, who argued that the provisions threatened free speech.
In the previous iteration of the bill, Ofcom, the country’s telecommunications and media regulator, was on the hook for enforcing rules that required social media giants to take action against potentially harmful but technically legal material like the promotion of self-harm.
The government’s scrapping of legal-but-harmful content hasn’t been universally welcomed, however. Nadine Dorries, Donelan’s predecessor as digital secretary, proposed the provisions and has griped that they’d already passed parliamentary scrutiny before the bill was paused.
Long and winding road
Britain’s attempts to regulate the internet really got going under Theresa May, who became prime minister in the wake of Britain’s vote to leave the European Union, and as lawmakers were beginning to become more tech-skeptic.
The Tories’ May 2017 election manifesto promised that “online rules should reflect those that govern our lives offline,” but by the time Boris Johnson published his 2019 election offering, the Conservatives were also promising to protect the most vulnerable from accessing harmful content. Under Johnson’s close ally Dorries, a version of the legislation tackling legal-but-harmful content started to make its way through Parliament, before it was put on pause after he was ousted by Tory MPs.
Johnson, the former prime minister, often seemed caught between his own personal free speech philosophy and his populist instincts of attacking Big Tech.
The summer Tory leadership contest to replace Johnson reignited the debate, with contenders promising to look again at the law before the legal-but-harmful content provisions were ultimately watered down. Donelan replaced Dorries, becoming the seventh culture secretary since Brexit.
The EU’s path to its online rulebook has been quicker. In part that’s because questions over free speech haven’t yet become the political touchpaper that they now are in the Anglosphere. Nevertheless the EU mostly side-stepped the issue by keeping its own rulebook more squarely aimed at purely illegal content, and the European Commission has made it clear public it does not want to create a so-called “Ministry of Truth.”
That means the EU hasn’t had to contend with the deep divisions the Online Safety Bill has prompted in the U.K., especially among the governing Tories.
Instead, Brussels’ institutions have been mainly aligned on the key aspects of its framework, the DSA. The European Parliament and Council of the EU — representing the 27 European governments — largely supported the European Commission’s cautious approach to create rules to crack down on public-facing content illegal under EU or national laws like child sexual abuse material or terrorist propaganda.
When it comes to legal-but-harmful content, the EU’s approach requires very large online platforms — those with more than 45 million European users — to assess and limit the spread of content like disinformation and cyberbullying under the watch of regulators. Europe’s rules also have gone further than those on the other side of the channel by including mandated risk assessment and audits for tech giants like Meta and Alphabet so that they can be held accountable for potential wrongdoing. In the U.K., the main enforcement has been left to Ofcom via investigations.
Disagreements, when they came in Europe, have been on the edges, rather than at the core of the debate. Rows focused on limits to targeted ads and the level of obligations for online marketplaces like Amazon to carry out random checks on dangerous products on their platforms. In another example, some EU countries like France and Germany pushed and failed to force a 24-hour deadline for online platforms to take down illegal content.
Not just free speech
In the U.K., it’s not just free speech issues that have proved controversial. The EU set out separate rules aiming to clamp down on child sexual abuse material online, but the U.K. poured similar provisions into the Online Safety Bill.
That means high-stakes questions over how and whether the monitoring requirements undermine privacy — especially in encrypted messaging apps like WhatsApp — are being dealt with separately in the EU. But in the U.K. they’ve been thrown into the same mix as wide-ranging free speech debates.
Differences between the rulebooks also raise the prospect of costly regulatory misalignment. While the U.K. bill slaps general monitoring requirements on the tech companies themselves, that’s explicitly banned by the EU. Last month, the British regulator and its Australian counterpart created a new Western coalition of online content regulators, though failed to invite any EU counterparts to those discussions. Only Ireland’s watchdog joined as an observer.
“This is about setting up our international engagement in expectation of setting up our rules,” Melanie Dawes, Ofcom’s chief executive, told POLITICO when announcing that initiative. “The success of this is about bringing together international partners.”
Clothilde Goujard reported from Brussels.
Vincent Manancourt, Annabelle Dickson, Clothilde Goujard and Mark Scott
The detail and possible value of the monetary penalty will remain under wraps until then, but the triplet of fines could add up to over €2 billion, financial statements by Meta indicate — setting a new record for the highest fines under the European Union’s feared General Data Protection Regulation (GDPR) received by a single company in one go.
According to filings in Ireland, Meta has set aside €3 billion for EU privacy fines in 2022 and 2023. Its platform Instagram already got slapped with a €405 million fine in September for violating kids’ privacy, and Facebook so far has accumulated €282 million in penalties for data breaches as well as a €60 million hit from the French. That leaves well over €2 billion earmarked by the firm for regulatory action.
That’s a substantial hit for Meta, which announced last month it was laying off 11,000 employees globally amid lower sales and major costs linked to the firm’s pivot to the metaverse.
Beyond hitting Meta’s pocket, the three fines expected within weeks could also put a bomb under its broader business model. The decisions stem from complaints filed by Austrian activist Max Schrems accusing the company of failing to have proper legal grounds to process millions of Europeans’ data. If the final decisions invalidate Meta’s argument that it’s processing data as part of a contract with users, the company would have to seek another legal basis for its data-fuelled ad targeting model.
The cases have also revealed deep fissures between Europe’s data watchdogs.
Ireland’s data protection commission largely backed Meta’s argument that it could claim it needs data to fulfill a “contract” with its users to provide personalized ads, in its draft decision issued a year ago. But that reasoning has long put Ireland in the minority amongst its colleagues. The Norwegian data protection authority said the Irish interpretation would render European data protection law “pointless,” according to a document obtained by POLITICO last year. The Irish regulator was also alone in voting against EU guidelines that banned companies from using the contract legal basis to use data to target ads.
The three decisions are likely to lay into the Irish regulator’s initial position and, more worryingly for Meta, amp up the pressure for the company to go scrambling for new legal ways to gather and process data on Europeans.
This is an opinion editorial by Morgan Rockwell, founder of Bitcoin Kinetics.
I’m not concerned with Sam Bankman-Fried allegedly getting a loan from Alameda, which was actually FTX customer funds wired through Alameda to be credited on FTX. I’m not concerned with the moral compass of the celebrity investors who gave billions to a kid they didn’t really know or understand, yet endorsed with wealth and credibility. I’m not very concerned with the financial and market effects upon the many companies, exchanges and traders who for some reason depended on FTX in any form.
I’m most concerned with Sam Bankman-Fried getting the personal identification information of millions of customers, and using that data to do chain analysis on the Blockfolio app he purchased which was used by many Bitcoiners and cryptocurrency holders as a tracking tool of Bitcoin, Ethereum and other watch-only cryptocurrency wallets.
Source: Google Images
If you aren’t aware, Blockfolio was an app that was used by many Bitcoin holders and other cryptocurrency holders to keep track of the exchange rate or the prices of their coins held in cold storage or on wallets that they only wanted to be watching and not have actively on a hot wallet on their mobile device. Storing the wallet addresses actually were not even needed on the app. You could just put in a amount of a certain cryptocurrency that you wanted to watch and say that you had — but there was also a feature to connect to exchanges to keep track of all of your coins across all of the exchanges you had them on in one app. This was the beauty of Blockfolio as it didn’t necessarily ask for too much personal identification information other than an email to help keep track of your account so you can log in from multiple devices.
Most of us like myself became aware of Sam Bankman-Fried because of the purchase of Blockfolio by a newly formed entity called FTX. Over several weeks the Blockfolio app was rebranded as the FTX app which now had its own exchange. It also had a new set of Know Your Customer rules, Anti-Money Laundering policies, a new Terms of Service, as well as its own custodial wallet held by FTX, we assumed.
Here you can see the Terms of Service at Blockfolio from June 30, 2017:
Blockfolio avidly argued that they were not and would not ever sell user data. Blockfolio even attempted to de-identify users with a hashing mechanism for IDs to not even let themselves identify and connect user portfolios to email addresses; this apparently never happened after the purchase and transformation into FTX.
Here you can see the stark difference in the new FTX Privacy Policy:
Here is what little is mentioned about personal identifiable information within the FTX Terms of Service, which is a different document than the Privacy Policy.
For reference, if you have never read a Terms Of Service or Privacy Policy of a company before, I strongly recommend you grab a strong beer and enjoy this word soup!
This all has brought up questions around this merger and the acquisition that happened in the cryptocurrency industry only a few years ago. I am concerned because after the fallout of this exchange, FTX going bankrupt and all of its assets potentially being put up for auction, I would like to know the state of the personal identification information that FTX had been forced to gather because of KYC and AML laws. My concern is the vast amount of information gathered including passports, phone numbers, IP addresses, home addresses, cryptocurrency wallet addresses, email addresses, passwords and government IDs. All of these could be sold at auction as customer data or customer profiles to whoever finds them valuable.
Source: FTX Privacy Policy (disclosure in the event of merger, sale, or other asset transfers)
Now the assets held by FTX whether they were actually real cryptocurrency such as bitcoin or made up tokens built on another layer one network such as ethereum are not too important in this conversation in my opinion. What is important is the data, the privacy data, the data mining operation that could have or will be done on all of this data FTX had gathered on customers either it was done by them or it will be done by whomever buys this data at auction. Even more so, the jurisdiction of that data is open to anywhere on earth.
Source: FTX Privacy Policy (international data transfers)
As someone who has personally worked on coin analysis concepts and technology for the United States Military, as well as consulted on this for the Department of Defense as a so called “subject matter expert,” I can personally attest that it is very easy to correlate a person to their Bitcoin wallet address using nothing more than the amounts of bitcoin held on specific addresses, as well as the device data that is keeping track of those specific amounts on specific addresses — this is simple SIGINT, MASINT or HUMINT, all of which are different forms of intelligence gathering.
If you are keeping track of any bitcoin on any wallet over any Bitcoin explorer that is looked through a browser or app on any device, phone, laptop or tablet, there is now a record that will be connected to the IP address, the MAC number, the SIM phone number, the VOIP number, credit card number, home address and any other personal identifying information that is attached in any way to this device. I know this because Edward Snowden leaked documents showing that the NSA had a program called XKEYSCORE and applications were used like OAKSTAR and its subprogram MONKEYROCKET to specifically keep track of Bitcoin users at the NSA.
Now what I’m getting at is this data that FTX was forced under AML and KYC law to be gathered. This is potentially one of the largest gatherings of this type of data in the cryptocurrency industry ever done in history. This data, combined with coin analysis information related to bitcoin, ethereum and other cryptocurrency amounts being tracked by the previously titled Blockfolio app has created a situation where KYC data personal identifying information can be now superimposed over Blockfolio email addresses, UTXOs and watch addresses that plenty of people used on Blockfolio without any personal information being divulged to the app.
So this means that people that used Blockfolio to keep track of the amount of cryptocurrency they had, wanted to buy or were keeping track of for whatever reason will now be able to be correlated to very detailed personal identification information. The concern I have is not whether FTX and its hundreds of subsidiaries were keeping track of this information from Blockfolio or using it in any way, but that their vast new pool of customer information and data will be binded in the future to the Blockfolio data. I don’t assume FTX was intelligent enough to do this for any purpose such as advertising, or data sharing with a hedge fund like Robinhood was caught doing, but I do assume that they may have considered selling this data to law enforcement agencies, to advertisers or to actors in the intelligence community as SBF said there was an open door to regulators and law enforcement agencies at FTX.
What we need to think about now is when the assets of FTX go up for auction, which they will, that not only the digital currencies and tokens as well as the licenses will be sold to some new party, but it will be the customers themselves, personal identifying information and the massive data mining that could have been or will be done with that data.
I was never an FTX user, I never created an account with FTX or FTX.us and I never wired any money to Alameda. Unfortunately, because of my longevity in the Bitcoin space, I used Blockfolio like many Bitcoin users before me to keep track of the amounts of Bitcoin I had in multiple locations and their total value. Now that data that I thought was private will be connected to KYC data of anyone I know, interacted with over a wire and any device they used, especially if through multiple connections it leads back to FTX in any way.
What we need to do now is ask the serious questions and not focus on the financial obligations or mishandlings of SBF and FTX. But we must ask who has this data? What has been done with this data and who will be owning this data in the future? The reality is FTT dissolving into nothing isn’t a “Force Majeure Event,” so most of the users are screwed.
Source: FTX Terms Of Service 2022
If this at all concerns you or involves you, I would suggest we all find the proper channels to protect ourselves from the worst case scenario from this fallout of data. This is the biggest problem with KYC and AML laws,because after all of this financial chaos, there is now a criminal-run exchange that is in possession of millions of people’s personal information about their devices, their homes, their financials and more, all available to the highest bidder.
Notes:
The Blockfolio TOS & Privacy Policy go to dead links on the FTX.com website, but I found a 2017 version.
You must sign in through Zendesk to view the missing Blockfolio TOS/PP as well as the new FTX TOS/PP which means I had to give an email and PPI to even see the documents.
This is a guest post by Morgan Rockwell. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
After Elon Musk bought Twitter — and fired almost anyone whose job it was to deal with regulators — the social networking giant is now facing a flood of legal challenges across the European Union.
The question now is whether the EU’s watchdogs can live up to their ambitions to be the world’s digital policemen.
Ireland’s privacy regulator wants to know whether the company’s data protection standards are good enough. The European Commission doesn’t know who to ask about its upcoming online content rules. The bloc’s cybersecurity agencies raise concerns about an increase in online trolls and potential security risks.
Twitter’s unfolding turmoil is precisely the regulatory challenge that Brussels has said it wants to take on. The 27-country bloc has positioned itself — via a flurry of privacy, content and digital competition rules — as the de facto enforcer for the Western world, expanding its digital rulebook beyond the EU’s borders and urging other countries to follow its lead.
Now, the world’s richest man is putting those enforcement powers to the test.
Europe’s regulators have the largest collective rulebook to throw at companies suspected of potential breaches. But a lack of willingness to act quickly — combined with the internal confusion engulfing Twitter — has so far hamstrung the bloc’s enforcement role when it comes to holding Musk to Europe’s standards, according to eight EU and national government officials, speaking privately to POLITICO.
“This will be a major test for European regulators,” said Rebekah Tromble, director of the Institute for Data, Democracy & Politics at George Washington University. She is part of the advisory board of the European Digital Media Observatory, a group helping to shape the EU’s online content rulebook, known as the Digital Services Act (DSA).
“If Musk continues to act with intransigence, I think there’s an opportunity for European regulators to move much more quickly than normal,” she added. “These regulators will certainly be motivated to act.”
A representative for Twitter did not return requests for comment.
Regulatory firepower
The bloc certainly has the firepower to bring Twitter to heel.
Under the EU’s General Data Protection Regulation, companies can be fined up to 4 percent of their annual global revenue for failing to keep people’s personal information safe. The Irish regulator, which has responsibility for enforcing these rules against Twitter because the company’s EU headquarters are in Dublin, has already doled out a €450,000 penalty for the firm’s inability to keep data safe.
As part of the bloc’s upcoming content rules, which will start to be enforced next year, the Commission will have powers to levy separate fines of up to 6 percent of a company’s yearly revenue if it does not take down illegal content. Brussels also has the right to ban a platform from operating in the EU after repeated serious violations.
“In Europe, the bird will fly by our rules,” Thierry Breton, the French commissioner, told Musk — via Twitter | Kenzo Tribouillard/AFP via Getty images
Thierry Breton, the European internal market commissioner, reminded Musk of Twitter’s obligations under the bloc’s upcoming content rules in a call with the billionaire soon after his acquisition of the social network. Musk pledged to uphold those rules, even as he has pushed back at other content moderation practices that could hamper people’s freedom of expression on the platform.
“In Europe, the bird will fly by our rules,” Breton, the French commissioner, told Musk — via Twitter.
Yet over the last three weeks, European regulators and policymakers have struggled to navigate Twitter’s internal turmoil, according to four EU and national officials who spoke on the condition of anonymity to discuss internal deliberations.
The likes of Damien Kieran, Twitter’s chief privacy officer in charge of complying with Europe’s tough data protection standards, and Stephen Turner, the company’s chief lobbyist in Brussels, were among scores of senior officials who left since Musk took over.
Two of the EU officials, speaking about internal discussions on condition of anonymity, told POLITICO that multiple emails to Twitter executives bounced back after those individuals were laid off. One of those policymakers said he had taken to Twitter — scrolling through the scores of posts from the company’s employees announcing their departures — in search of information about who was still working there. A third official said the current confusion could prove problematic when the company had to reveal long-guarded information about the number of its EU users early next year.
Others have been fostering wider connections within the company, just in case. Arcom, France’s online platform regulator, for instance, has built ties with high-level executives outside of France and still had a contact in Dublin at the company to answer its pressing questions.
The policymaking blackholes — fueled by mass layoffs — have been felt beyond the EU.
Julie Inman Grant, Australia’s eSafety commissioner who previously ran Twitter’s public policy team in Asia, told POLITICO she had written to the company last week to remind them about its obligations to clamp down on child sexual exploitation on the platform. She had yet to hear back from Musk or other senior officials.
“We did have a meeting on the books with Twitter,” Melanie Dawes, chief executive of Ofcom, the U.K.’s communications regulator, told POLITICO ahead of her trip to Silicon Valley this week to meet many of the social media companies. “It was canceled.”
What about privacy?
Another open question is how Twitter with comply with Europe’s tough privacy rules.
Although the company’s chief privacy executive had been fired — and rumors swirled Twitter could pull out of Ireland in its cost-saving push — the Irish Data Protection Commission told POLITICO it had yet to open an investigation into the firm.
A spokesman for the agency said Twitter executives had assured Irish regulators on Monday that Renato Monteiro had been appointed as the company’s acting data protection officer — because it’s a legal requirement to have one — and no changes to how Twitter handled data had been made.
A data protection official said it was likely that Musk would move such decision-making powers to his inner circle in the United States | Justin Sullivan/Getty images
A key unanswered question is whether, in the wake of the mass layoffs, Twitter’s operations in Dublin are either shuttered or cut back to an extent that regulatory decisions are made in California and not Ireland.
Such a change would lead the company to fall foul of strict provisions within Europe’s privacy regime that require legal oversight of EU citizens’ data to be made in a firm’s headquarters within the 27-country bloc.
A data protection official, who asked to remain anonymous to speak candidly, said it was likely that Musk would move such decision-making powers to his inner circle in the United States. That potential pullback could allow any European regulator — and not just the Irish agency — to go after Twitter for potential privacy violations under the bloc’s data protection regime, the official added.
This story has been corrected to specify how multiple European privacy regulators may target Twitter for breaching the bloc’s rules if the company pulls out of Ireland.
Mark Scott, Vincent Manancourt, Laura Kayali, Clothilde Goujard and Louis Westendarp
This is an opinion editorial by Scott Worden, an engineer, an attorney and the founder of BTC Trusts.
“I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party.” — Satoshi Nakamoto
It’s one of those perfect fall days in Colorado, and I’m sitting outside of a pub in the late afternoon. I’m meeting with a fellow bitcoiner, a man I met in Austin at the end of this summer. As the sun fell behind the mountains, the sky turned orange, setting the perfect backdrop for lively bitcoin conversation.
As we ticked down the typical list of everything we agreed on — censorship is bad, red meat is good, etc., — I made an offhand comment about wishing more businesses would accept bitcoin as payment. “Well I don’t, why would you want to part with your sats?” was the reply he tossed back. The implication, of course, is that a true Bitcoiner values satoshis more than anything else in the world. Why would you trade them for groceries, t-shirts or beer? “Haven’t you heard of Laslo Hanyecz? That fool traded 10,000 bitcoin for a couple of pizzas. I’m not repeating that mistake. Talk to me when bitcoin hits $200k, then maybe it would make sense.”
My new friend isn’t alone with this line of thinking. It’s a sentiment that’s proffered by folks like Michael Saylor and others in the HODL community. They’ll espouse, “The scarcest asset in the world is Bitcoin. It’s digital gold,” “Buying bitcoin is like purchasing property in Manhattan 100 years ago”, and “Don’t sell your bitcoin!” Yet at the same time, there is an intuitive recognition that if bitcoin can’t ever be traded for a good or service, it in effect has no value, no matter what price is flashing on the BLOCKCLOCK in the office. I call this the HODLer’s dilemma.
But is this really a dilemma? Are these mantras, as prolific as they are, consistent with the spirit of Satoshi’s innovation? Does the proliferation of the Lightning Network and non-custodial mobile wallets that our parents (or children) can intuitively operate require us to evolve our understanding of Bitcoin’s value proposition? Personally, I believe the time is now to stop thinking of bitcoin as simply a store of value and begin to conceptualize it primarily as a medium of exchange … that also happens to store value better than any asset on earth. In case you weren’t already paying attention, here’s a few reasons why.
Privacy
“Bitcoin would be convenient for people who don’t have a credit card or don’t want to use the cards they have.” — Satoshi Nakamoto
The time to start exiting the system is right now. The signal has never been stronger. Today we live in a world where the fiat system can:
All of this is happening today, and it is likely just the tip of the iceberg. In a retail system where cash transactions are becoming increasingly scarce and inconvenient, the majority of big banks, credit agencies and payment systems have acquiesced to the demands of a government that appears to have an existential stake in controlling our behavior.
Of course, bitcoin isn’t a panacea to censorship — at least how it’s most commonly purchased and exchanged today. The Canadian Trucker Protest showed us that a government committed to suppressing the voice of their citizens will go to almost any length to do so, and in the process taught us that licensed exchanges and chain analysis techniques can be highly effective in blacklisting addresses and even identifying donors. These vulnerabilities will need to be overcome in order to provide a more censorship-free currency-of-exchange. But by transacting in bitcoin with peers and merchants for everyday goods and services as often as possible, we incentivize others to both accept and transact in bitcoin. Through numbers alone we can render the bitcoin economy more robust, decentralized and difficult to censor. A community that values privacy will naturally choose to adopt non-custodial wallets, engage in collaborative transactions and avoid KYC exchanges. Growing and educating this community has never been more important.
Convenience And Autonomy
“With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless.” — Satoshi Nakamoto
A common counter-argument to transacting in bitcoin is that it’s either too complicated or too slow compared with swiping a credit card. This is simply no longer true. Today, any beginner-level Bitcoiner can download Muun Wallet and within minutes send Lightning invoices to clients for payment via QR Code. Coinkite has an NFC device that allows users to sign for transactions with a tap of their card. There are more examples, and many more to come. The beauty of these solutions is that they are fully non-custodial, i.e., there is no central third party that controls your coins. The software is merely enabling transactions to be broadcast to the network. Lightning transactions clear instantaneously, with fees an order of magnitude lower than Visa or Mastercard’s traditional 2–3%. (For example, it recently cost me about $.60 in fees to send the equivalent of $700 USD to Wrich Ranches last week for beef. That same transaction would have cost the merchant around $20 had I used Visa.)
In addition, these transactions promote autonomy on both sides. Lightning transactions, like everything else backed by Bitcoin’s proof-of-work, occur without counterparty risk. Removed from the equation is the risk that a consumer won’t pay his bill, dispute a charge, not have enough money in his account or file for bankruptcy down the road. All of this risk manifests as transactional inefficiency, and its costs are directly or indirectly absorbed by merchants and consumers. A trustless system like bitcoin is thus more efficient, reducing risk for merchants, and ultimately rendering goods and services less expensive for responsible consumers.
“I’m sure that in 20 years there will either be very large transaction volume or no volume.” — Satoshi Nakamoto
We would do well to think of all of our transactions in terms of bitcoin. When money is truly a store of value, we take a measured approach to spending and account for the potential increase in value that money may have in the future. This is logical, and applies whether you’re spending sats or dollars. The website bitcoinorshit.com drives this point home quite bluntly.
There’s also the story of Laszlo Hanyecz, who in 2010, famously purchased two pizzas for 10,000 BTC. In effect, Laszlo paid a couple of billion U.S. dollars for pizza, if we take into consideration BTC’s market value over a decade later. It surprises me though, when Bitcoiners jump on Laszlo for being economically naive, and use this example to support their position that bitcoin should never be spent. The simple truth is that everyone who bought pizza in 2010 effectively spent thousands of bitcoin on it. The only way to avoid this would be to eat something less expensive or go hungry. The fact is, every fiat transaction we make is a direct trade off for potentially increasing our stack. Once we understand this, the public controversy over spending bitcoin on products or services is fundamentally dead.
The overwhelming majority of us need to trade monetary energy for goods and services to survive in today’s society. The only controversy that remains is which products or services take precedence over the opportunity to acquire more sats. It’s a decision that is personal and unique for each of us. The answer should be thought of independently and irrespective of whether that monetary energy is spent in sats, dollars or yen — it’s only the monetary energy saved — that which is left over — that is relevant when it comes to the HODLer’s dilemma.
We are all likely to save more BTC if we begin transacting more in BTC. For one thing, when we deal in a sound money that is a proven store-of-value, we’re more apt to be discerning in our purchases. Sure, we really want the new iPhone, but is it worth 5 million sats if you expect a sat to be worth a penny someday? We might decide to wait another year before we upgrade and retain those sats for the future. On the other hand we all need food, shelter and clothing. If I have a choice between buying my meat from Costco with my Visa card, or buying direct from a rancher who accepts bitcoin, why wouldn’t I choose the latter?
Today, the number of merchants that accept bitcoin is relatively small, though growing steadily. As bitcoiners begin to understand that their “spend dollars, save sats,” theory may be counterproductive, greater numbers will begin to seek goods from merchants that accept bitcoin for payment. This spike in demand will drive merchant adoption, potentially shifting the timeline for a bitcoin economy significantly to the left.
More Exchange Equals More Value
“As the number of users grows, the value per coin increases. It has the potential for a positive feedback loop; as users increase, the value goes up, which could attract more users to take advantage of the increasing value.” — Satoshi Nakamoto
This is where we sit today. There’s a growing number of speculators and bitcoin enthusiasts who have bought into the idea that Bitcoin is a bona fide store of value. This community further believes that the asset’s scarcity will inevitably lend to a supply squeeze that will cause the price to rocket upwards. Sure, it’s possible that this could happen through the mere act of HODLing, but as Satoshi Nakamoto points out, the value goes up when the numbers of users go up. Does buying and holding an asset qualify as use? If the brilliance behind bitcoin is enabling peer-to-peer transactions without a third-party middleman, are we really leveraging that capability by exclusively stacking and not spending?
I believe that bitcoin needs to become a true medium of exchange in order for it to fully realize its potential as a store of value. Since value is not derived from scarcity alone — demand is fundamental to bitcoin’s price. If bitcoin’s utility becomes the driving force for its demand, it is at this moment that its true potential as a store of value will be realized. Today’s economic and political backdrop might just be the motivation we all need. But until bitcoin becomes an essential part of our daily economic activity, it is apt to be valued alongside other speculative assets, and subject to the whims of the same fiat system it was meant to supplant.
This is a guest post by Scott Worden. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.
Policymakers from Germany, France and Canada were among those who had downloaded the app by November 8, according to two separate Western security officials briefed on discussions within these delegations at the U.N. climate summit.
Other Western governments have advised officials not to download the app, said another official from a European government. All of the officials spoke on the condition of anonymity to discuss international government deliberations.
The potential vulnerability from the Android app, which has been downloaded thousands of times and provides a gateway for participants at COP27, was confirmed separately by four cybersecurity experts who reviewed the digital application for POLITICO.
The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.
The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.
World leaders, including Egyptian President Abdel Fattah El-Sisi and United Nations Secretary-General António Guterres pose for a group photo during the Sharm El-Sheikh Climate Implementation Summit of the COP27 climate conference in Egypt | Sean Gallup/Getty Images
On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.
The app is nothing short of “a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27,” said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization.
“The application is a cyber weapon,” said one security expert after reviewing it, who spoke on the condition of anonymity to protect colleagues attending COP.
The Egyptian government did not respond to requests for comment. Google said it had reviewed the app and had not found any violations to its app policies.
The potential security risk comes as thousands of high-profile officials descend on Sharm El-Sheikh, the Egyptian resort town, where so-called QR codes, or quasi-bar codes that direct people to download the smartphone application, are dotted around the city.
Participants at COP27 include global leaders like French President Emmanuel Macron, British Prime Minister Rishi Sunak and U.S. Secretary of State Antony Blinken, though such high profile politicians are unlikely to download another government’s app.
The experts who spoke to POLITICO said that much of the data and access that the COP27 app gets is fairly standard. But, according to three of these specialists, the combination of the Egyptian government’s track record on human rights and the types of people who would downloaded the app represent a cause for concern.
Strange and extensive access
Three of the researchers said the app posed surveillance risks to those who download it due to its widespread permissions to review people’s devices, though the extent of the risk remains unclear.
Elias Koivula, a researcher at WithSecure, a cybersecurity firm, reviewed the Android app for POLITICO and said he had found no evidence people’s emails had been read. Many of the permissions granted to the climate change conference app also have benign purposes like keeping people up-to-date with the latest travel information around the summit, he added.
But Koivula said other permissions granted to the app appeared “strange” and could potentially be used to track people’s movements and communications. So far, he said he had no evidence that such activity had taken place.
Not all the experts agreed on the risks.
Paul Shunk, a security intelligence engineer at cybersecurity firm Lookout, said he had found no evidence the app had access to emails, describing the idea that it posed a surveillance risk as “strange.” He was confident the app was not built as typical spyware, pouring cold water on claims the app functioned as a listening device. Shunk said it could not record audio if it was running in the background, which makes it “almost completely unsuitable for spying on users.”
The COP27 app uses location tracking “extensively,” Shunk said, but seemingly for legitimate purposes like route planning for summit attendees. It lacked the ability to access location in the background, based on Android permissions, which would be what the app would need for continuous location tracking, he added.
The other two cybersecurity analysts who reviewed the app spoke on the condition of anonymity to safeguard their ongoing security work and to protect colleagues attending the climate change conference.
“Let me put it this way: I wouldn’t download this app onto my phone,” said one of those experts. Those two the researchers also warned that once the application had been downloaded onto a device, it would be difficult, if not impossible, to remove its ability to access people’s sensitive data — even after it had been deleted.
POLITICO checked the app’s potential security risks via two open cybersecurity tools, and both raised concerns about its ability to listen to people’s conversations, track their locations and alter how the app operates without asking for permission.
Both Google and Apple approved the app to appear in their separate app stores. All of the analysts only reviewed the Android version of the app, and not the separate app created for Apple’s devices. Apple declined to comment on the separate app created for its App Store.
Egypt’s track(ing) record
Adding to rights groups’ concerns is the track record of the Egyptian government to monitor its people. In the wake of the so-called Arab Spring, Cairo has clamped down on dissidents and used local emergency rules to track its citizens online and offline activity, according to a report by Privacy International, a nonprofit organization.
As part of the smartphone app’s privacy notice, the Egyptian government says it has the right to use information provided by those who have downloaded the app, including GPS locations, camera access, photos and Wi-Fi details.
“Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons,” the privacy statement said.
Yet the technical review, both by POLITICO and the outside experts of the COP27 smartphone application discovered further permissions that people had granted, unwittingly, to the Egyptian government that were not made public via its public statements.
These included the application having the right to track what attendees did on other apps on their phone; connecting users’ smartphones via Bluetooth to other hardware in ways that could lead to data being offloaded onto government-owned devices; and independently linking individuals’ phones to Wi-Fi networks, or making calls on their behalf without them knowing.
“The Egyptian government cannot be entrusted with managing people’s personal data given its dismal human rights record and blatant disregard for privacy,” said Fatafta, the digital rights campaigner.
This article is part of POLITICO Pro
The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology
This is an opinion editorial by Robert Hall, a content creator and small business owner.
What is the most likely path to hyperbitcoinization? This is a question that has come up in my mind time and time again. Will it be a top-down implementation like we saw in El Salvador last year? Regarding world leaders, Nayib Bukele is the rare exception to the rule. Most world leaders think within a predefined box of fiat options.
Bitcoin adoption in Nigeria has continued to grow despite their central bank banning legacy financial institutions in Nigeria from interacting with Bitcoin at all. Bitcoin P2P trading in Nigeria is up 27 percent despite the ban.
Bitcoin adoption in Nigeria and El Salvador are two examples of opposite sides of the adoption spectrum. Both are working despite legal hurdles and educating more people about Bitcoin.
What will widespread adoption look like in developed countries such as the United States, Europe and developed countries? The dynamics in the West differ significantly from that of developing countries. Western countries have the rule of law, regulated markets, a population that has access to bank accounts and a currency that doesn’t debase as rapidly as other currencies.
Bitcoin adoption in the West is going to take a fundamentally different path than the path other parts of the world are going to take. This should be acknowledged and inform how Bitcoiners talk about adoption in the western world.
If you live in the West, you live in an economic and political panopticon. Your government knows who you are, where you live and how much money you earn. They also can gather your phone records, transaction history and online activity with impunity via third-party providers.
If you have money in a bank account, Western governments can call your bank, tell them you are a terrorist, and seize your bank account. Don’t think it can happen to you? It happened in Canada to regular everyday citizens protesting against government policies they disagreed with and were agitating for change. The Canadian truckers were not violent thugs with weapons; they used well-established protest tactics to have their voices heard.
Think this is an isolated incident? Authorities in the Netherlands opened fire on a farmer protesting against government plans that would have them cut nitrogen oxide and ammonia emissions by 70 percent in seven years. The state could give two sh*ts about your life if it gets in the way of their plan, plain and simple. You know it, and I know it. There is no need to sugarcoat anything here.
The idea that we are free is folly. Bitcoin is our best hope to change our current circumstances, but it starts with people purchasing and owning Bitcoin.
Where Do People In The West Buy Bitcoin?
For a large majority of people new to Bitcoin, their first interaction with bitcoin will be through exchanges such as Coinbase, Kraken, Binance and OkCoin. Not ideal, but these are the facts.
When someone new to Bitcoin searches “how to buy bitcoin,” the first page results will show you where you can buy bitcoin from exchanges.
These entities comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations set forth by their jurisdictions.
The people new to Bitcoin will have no problem handing over their personal information to these companies because they see it as normal and is something they have done their whole lives. This is a fact of life that isn’t going away anytime soon.
This is an unpopular opinion, but I will say it anyway. Mass adoption of Bitcoin in the Western world will be with KYC’d Bitcoin. I wish it weren’t the case, but I don’t see how it won’t be. There is even an implicit realization of this fact on Bitcoin Twitter.
The new people coming into Bitcoin won’t be your anarcho-capitalist types that want nothing to do with the state. The next wave of people coming into the space will be the mom-and-pop shop owners down the street, your truck driver, mailman or a teacher looking to save their hard-earned money in money that the government can’t debase.
Many people see the government and the laws and regulations they promulgate as a form of safety. They might see KYC as a good thing. Currently, KYC is a fact of life, and this creates honeypots of information for hackers to target. We’ve dealt with this problem in the fiat world; we’ll also have to deal with it on a bitcoin standard. I didn’t make rules; I’m just looking at the facts as they are now. That doesn’t mean any of this can’t change.
Still, I believe advising newcomers about different privacy methods is the way to go. There are many great articles here on how to make your Bitcoin more private.
In addition to teaching newcomers about privacy methods, we should all work on creating a bitcoin-powered parallel economy where we don’t need fiat offramps. This is the ultimate goal.
El Zonte in El Salvador and other communities have shown us how we can follow in their footsteps.
The future of bitcoin is bright if we can get enough people on the bitcoin lifeboat. We shouldn’t quarrel about what path they took to get there, but educate them on the most private ways to do so.
Stay focused on the mission. Educate others. Stack sats.
This is a guest post by Robert Hall. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.
As commerce becomes increasingly global, the financial system grows and digital assets become more ingrained in our lives than ever before, governments and regulators are pushing back with even more restrictions to maintain control over the industry. Some would argue that they have gone too far, or are fighting the wrong battles. In light of the pace of innovation, especially in the cryptocurrency space, where privacy is often mandatory, these distractions are likely to keep them playing catch up and perhaps on the wrong side of history.
Key Background
In May 2021, the Treasury Department released the Biden administration’s revenue proposals for fiscal year 2022. They include a key requirement that would apply stringent reporting requirements to all business and personal accounts from financial institutions. Specifically the proposal covers, “bank, loan, and investment accounts, with the exception of accounts below a low de minimis gross flow threshold of $600 or fair market value of $600.” In other words, financial institutions will report any flows in and out of business and personal accounts of more than $600 regardless of whether they are based in fiat or cryptocurrency. Then in late October the Treasury offered an additional threshold of more than $10,000 in transfers in a given year.
All of this adds to a restrictive climate towards crypto, especially for ‘privacy coins’, a part of the industry that promotes privacy as its key value proposition. This sentiment has put them under the regulatory microscope and led several exchanges to de-list certain tokens to avoid regulatory ire.
Things are not stopping at US shores either. Internationally, in late October 2021 the global AML agency, the Financial Action Task Force (FATF) released its updated guidance for firms that handle cryptocurrency and virtual assets. The guidance increased transactional reporting requirements for virtual asset service providers (VASPs), which are defined to include a lot more companies than just centralized exchanges.
However, rather than lying down, as governments continue to encroach on financial privacy, the cryptocurrency community is pushing forward with privacy initiatives to safeguard this basic human right. The most recent example came last week when Findora, a privacy-centric blockchain developed by Discreet Labs announced a $100 million ecosystem fund to be used for research, development of new applications, infrastructure such as staking, and liquidity so these platforms and ‘privacy coins’ offer similar levels of utility to more prominent blockchains such as Bitcoin or Ethereum.
Investors are noticing. Many privacy coins have proven to be solid investments in 2021, as several have quietly outperformed bitcoin during this bull market, which bodes well for the industry moving forward.
Key Actors
Treasury Department & Internal Revenue Service (IRS)
Financial Action Task Force (FATF)
New York Department of Financial Services (NYDFS) – Jon Blattmachr (Deputy GC of INX, former Virtual Currency Chief of NYDFS)
Zcash – Zooko Wilco and Josh Swihart
Monero – Riccardo Spagni
Cake Wallet – Vik Sharma
Findora/Discreet Labs – Warren Paul Anderson
Secret Foundation – Tor Bair
Broader Context
Contrary to the popular narrative, bitcoin and other cryptocurrencies do not provide a high degree of anonymity or privacy. Bitcoin is pseudonymous, meaning transactions are linked to your wallet address rather than your name. Bitcoin’s transactional records are stored on the public blockchain in plain view; so as a result, Bitcoin is one of the more transparent ways to send money. While someone’s full name would likely not be connected directly to a Bitcoin transaction, the network can see everyone’s public address and it doesn’t take much to pair an identity to a public key. This means transaction amounts, frequency, and balances are all open for the entire public to see. Many cryptocurrency exchanges also require their users to go through their anti-money laundering/customer due diligence (AML/KYC) to define customers’ identities before using the platform. Additionally, the growing cottage industry of crypto forensic and analytic companies led by Chainalsyis, Elliptic, and CipherTrace have proven adept at attaching identities to illicit transactions. In this sense, legal tender today is much more private than bitcoin.
According to Warren Anderson, VP of Product at Discreet Labs, the team behind Findora, “[w]hen someone exchanges coins or banknotes for a good or service, that transaction is only known to the two parties involved. . .Further, if you hand a $10 bill to the woman at the local farmer’s market, she can’t look up how much you have left in your bank account.”
Privacy coins are specifically designed to add a much needed layer of privacy to the benefits and functionality of cryptocurrency. A privacy coin can keep information about its users hidden, including identity, size of cryptocurrency transactions, or the amount of cryptocurrency a person holds. Most projects have some sort of “view key” in which a user, exchange or regulator can pierce through the privacy layer and access the encrypted information.
Examples of Privacy Coins
There are a variety of privacy coins that function in different ways. A few are listed below:
Zcash — Zcash was launched in October 2016 as a fork of Bitcoin and uses zero-knowledge proofs to provide a means for nodes on the network to verify that a transaction is valid. It accomplishes this feat without giving them any information about the transaction, including sender, receiver, or transaction amount. One unique characteristic about Zcash is that it not only facilitates fully private transactions, but it also offers public transactions similar to Bitcoin or the ability to make certain aspects of a transaction public or private. Zcash’s transparent setting is its default, not shielded and exchanges can reveal information to law enforcement. This makes it arguably more friendly to regulators than other options.
Monero – Monero launched in 2014 as a Bytecoin fork, a privacy focused cryptocurrency based on CryptoNote technology and launched in July 2012. Monero relies on stealth addresses and ring signatures to hide everything from the addresses of the sender and recipient to the full transaction amount. Privacy coins that use stealth addresses create new addresses for every single cryptocurrency transaction while Ring signatures group many public keys together in a transaction so that outside observers cannot determine the exact participants. Monero also offers optionality for users to reveal their transaction but it cannot be forced by law enforcement or an exchange. Only the key holder can reveal their transactions.
Findora — Findora is a public blockchain with programmable privacy. Findora utilizes zero-knowledge proofs and multi-party computation to allow users transactional privacy with selective auditability. Whereas some privacy protocols, namely Zcash and Monero, offer simple reveal keys to allow transaction auditability, Findora takes it a step further with selective disclosure agreements by supporting a variety of other compliance proofs to allow for more enhanced auditability without compromising privacy. Findora began as a research project in 2017, but mainnet beta launched March 2021 after a fund raise in late December 2020.
Secret Network – Secret Network is said to be the first blockchain to integrate privacy by default for Ethereum smart contracts. Smart contracts are self-executing pieces of code that are managed on a blockchain like Ethereum. Secret Network improves upon traditional smart contracts by supporting encrypted information within the contract.
“Regulators inherently dislike privacy. But that’s only because when they hear privacy, they think secrecy. These concepts are not one in the same.” – Warren Anderson, VP of Product at Discreet Labs
Financial Privacy – A Historical Review
The desire and need for privacy is a generally accepted concept that started long before crypto. Most people are very familiar with the Fourth Amendment, which originally enforced the notion that “each man’s home is his castle” that is secure from unreasonable searches and seizures of property by the government. The Fourth Amendment protects against arbitrary arrests, and is the basis of the law regarding search warrants, stop-and-frisk, safety inspections, wiretaps, and other forms of surveillance.
The Fourth Amendment’s protections apply to financial privacy as well. The Right to Financial Privacy Act of 1978 protects the confidentiality of personal financial records by creating a statutory Fourth Amendment protection for bank records. Generally, the Act requires that federal government agencies provide individuals with a notice and an opportunity to object before a bank or other specified institution can disclose personal financial information to a federal government agency, often for law enforcement purposes. The Act was in response to the U.S. Supreme Court’s 1976 ruling in United States v. Miller, where the Court found that bank customers had no legal right to privacy in their financial information held by financial institutions.
The United States also understands the importance of privacy and encryption of transactions and payments on the internet. Once commerce became a large use-case for the internet, thieves made efforts to steal credit card numbers printed in clear text in the unencrypted HTTP traffic. According to Zooko Wilcox, founder of Zcash, the solution turned out to be encryption, though this was initially controversial. In the early days of the Internet, the National Security Agency (NSA) and others were concerned about the potential use of cryptography by terrorists and criminals. Today, HTTPS is a requirement for transmitting data on the internet and is mandatory for all US government agencies, including those which were initially against public access to encryption.
Privacy is fundamental to security and usability, and users deserve and expect strong privacy protections no matter where they’re active online.” – Tor Bair, Founder of Secret Foundation
Regulatory Mistrust of the Desire for Privacy
Like the days of the internet and the introduction of HTTPS, regulators are still uncomfortable with the concept of financial privacy and privacy coins. The Right to Financial Privacy Act of 1978 offers clear classes of exceptions in which certain financial records are not protected by the Act, for example as it relates to tax reporting, pursuant to other federal statutes or rules, administrative or judicial proceedings, and legitimate functions of supervisory agencies or if the subject of a suspicious activity report (see 12 U.S.C. §3403(c)). In these situations, disclosure by a financial institution is permitted, and no subpoena or warrant is required. In many ways, regulators seem to equate the desire for privacy with someone who has something to hide. This can be especially true when it comes to cryptocurrency, and was a key point of contention when the IRS submitted a John Doe summons to Coinbase in 2016 in hopes of identifying crypto tax evaders.
A primary concern of regulators is preventing money laundering and terrorist financing. Bank Secrecy Act (/BSA) Requirements require companies to implement KYC and transaction monitoring. Further, BSA rule 31 CFR 103.33(g) — often called the ”Travel Rule” — requires all financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution.
Under the Travel Rule, all transmittor’s financial institutions must include and send the following in the transmittal order to the recipient financial institution:
The name of the transmitter,
The account number of the transmitter, if used,
The address of the transmitter,
The identity of the transmitter’s financial institution, The amount of the transmittal order,
The execution date of the transmittal order, and
The identity of the recipient’s financial institution;
and, if received:
The name of the recipient,
The address of the recipient,
The account number of the recipient, and Any other specific identifier of the recipient.
FATF recently released its updated guidance to include firms that handle cryptocurrency and virtual assets. Since 2018, FATF has issued a series of draft papers that sought to define VASPs and virtual assets, and also recommend how countries implement the Travel Rule for cryptocurrency transfers.
Comparison of requirements under BSA and Travel Rule
CipherTrace
More recently, FATF has tried to account for transactions to and from “unhosted wallets,” decentralized finance (DeFi), non-fungible tokens (NFTs) and decentralized autonomous organizations (DAOs).
The above requirements appear to stand in conflict with the goal of privacy coins which can shield potentially identifying information about transferors, transferees, and holders. Regulators are worried that these features can enable money laundering and terrorist financing by preventing their ability to track the movement of the coins.
Privacy coin laws vary by country, as with any other cryptocurrency. Some ban them outright, while others leave them in a legal gray area. South Korea and Japan, for example, have decided to make the use and possession of privacy coins illegal.
Josh Swihart of Zcash noted to me, “The categorization of some coins as ‘privacy coins’ is going to lead to brittle regulations with regulators trying to play privacy whack-a-mole. Policy makers should be pushing for privacy rather than fighting against it in order to protect civil liberties as well as national security.”
New York Department of Finance Services As a Microcosm Of Privacy Coin Scrutiny
Perhaps the competing priorities of privacy and regulation are no better exemplified than what is happening in New York. Privacy coins are especially limited for New York residents as a result of the New York Bitlicense. Section 200.10 states that any Bitlicensee “must obtain the superintendent’s prior written approval for any plan or proposal to introduce or offer a materially new product, service, or activity, or to make a material change to an existing product, service, or activity, involving New York or New York residents.” In New York, for many years this meant that exchanges like Coinbase and Gemini who have the Bitlicense still needed to obtain approval from New York on a coin-by-coin basis.
“At NYDFS, we had presentations that helped folks understand that there are many existing methods by which most cryptocurrencies, even BTC and ETH, can have their transactions masked. This masking can lead to transactions that make them as private as the privacy coins we’re discussing. This engagement didn’t lead to DFS’s backing down from its position on privacy coins, but the more regulators know, the more they can make rational, informed decisions about policy.” – Jon Blattmachr
As Bair told me, “Regulators are often nervous about centralized exchanges listing privacy coins because it breaks the link between fiat onramps and Web3 activity. Control and oversight of onramps and offramps is critical to extending the control and surveillance regulators already exert over the traditional financial system.”
In 2019, NYDFS responded to years of complaints that the Bitlicense slowed adoption of new products and services in New York by proposing a token approval procedure. The new procedure allows exchanges to bring their token listing policy to New York and, once approved, there is an automatic approval of tokens that the exchange puts through their process. This removed NYDFS involvement in approving coin by coin basis.
NYDFS Coin-Listing Process
NYDFS
There is just one problem. NYDFS explicitly stated, “Consistent with the intent and purpose of 23 NYCRR 200.15(g), a VC Entity cannot self-certify any coin that may facilitate the obfuscation or concealment of the identity of a customer or counterparty. Thus, for example, no privacy coin can be self-certified. A VC Entity also cannot self-certify any coin that is designed or substantially used to circumvent laws and regulations (for example, gambling coins).” (emphasis added).
NYDFS also offers a green list of tokens for New York but no privacy coins are included.
No privacy coins appear on the NYDFS pre-approval list
NYDFS
As Vik Sharma, founder of Cake Wallet, a noncustodial wallet for Monero, told me, “As NYDFS slightly opened the door for Bitlicense holders to more quickly list additional assets, they kept the door closed for ‘privacy coins.’ The issues with this decision remain: 1) ‘privacy coin’ is ill-defined, meaning it is applied based on optics instead of actual money laundering and terrorist financing risks, and 2) the vast majority of money laundering and terrorist financing risks remain on the Bitcoin network.”
“If a regulator were to allow the coins to be listed on its regulated exchanges, the regulator is endorsing the use of these coins and opening them up to many more users. Ironically, of course, if people are using privacy coins on an exchange, they’re far more traceable than between unhosted wallets.” – Jon Blattmachr, Deputy General Counsel of INX and former Virtual Currency Chief of NYDFS
Privacy Coins Outperform As Investments
While over the last two years the outlook for privacy coins appeared bleak from a regulatory perspective, and some such as Monero and Zcash were delisted from certain exchanges such as Bittrex and ShapeShift, privacy coins have still turned out to largely be strong investments. Especially so when compared to bitcoin.
Privacy coins are holding their own against bitcoin
TradingView
There are a couple of reasons for this. First, like most cryptocurrencies, privacy coins tend to move in the same direction as bitcoin. Second, many of these platforms have loyal followings that see these assets as more than just a transactional opportunity, but as a higher calling for a basic human right.
That said, because of their thinner trading volumes, and smaller usage rates, privacy coins may be more volatile than the base asset. Privacy coins are arguably an important tool of asset diversification in any portfolio provided that the regulatory climate does not tighten due to increased concerns about ransomware or other factors.
Outlook
What does the future of privacy coins look like in the US and internationally? Many would argue it will be similar to HTTPS and how the government eventually agreed with the need for privacy and encryption.
Industry groups and companies must continue to engage with regulators to discuss privacy coins, eliminate misconceptions, and responsibly articulate the value of financial privacy. These issues are unlikely to be solved anytime soon.
In Jon Blattmachr’s words, “Engagement with the regulators is paramount. Regulators are always going to be behind the curve when it comes to new technologies and iterations using those technologies. Regulators are understaffed and are not focused on what’s next, but what’s in front of them right now.”
That’s why industry engagement with regulators is so important. It allows the industry to show regulators that privacy coins are not as detrimental to AML efforts as perceived and alo explain how regulators can oversee in the space while still allowing for innovation.
The US Patent and Trademark Office (USPTO) issued a patent on Tuesday, July 20th (patent #11,068,732) to the CEO of Ideal Innovations, Inc. (I-3), called International Biometric Identification System (IBIS).
Press Release –
updated: Aug 17, 2021
ARLINGTON, Va., August 17, 2021 (Newswire.com)
– The US Patent and Trademark Office (USPTO) issued a patent on Tuesday, July 20 (patent #11,068,732) to the CEO of Ideal Innovations, Inc. (I-3), called International Biometric Identification System (IBIS). This patent may have a significant impact on the way in which international entities biometrically verify individuals from foreign countries without violating privacy in the process.
“IBIS is a significant step forward with regard to the use of biometrics internationally, in that it provides for identification verification of subjects from different countries without sharing of biometric information between those countries,” noted Bob Kocher, CEO of I-3. “Privacy and Personally Identifiable Information (PII) disclosure are top-of-mind issues these days with respect to biometric use, and we specifically wanted to find a way to address that concern with IBIS.”
IBIS encompasses a system and method for international biometric identity verification between two countries, without transferring biometric information between the two countries. It will replace the traditional approach of identification via uniforms and identification cards, which are easily compromised, into a secure approach of leveraging biometric information through a person’s identity. This approach is consistent with the policy of not sharing any biometric information relating to verification of identification of individuals with other countries.
“We imagine applications where partner nations, working in international assistance, humanitarian, and even military operations domains, can rapidly and securely vet individuals from other countries biometrically, without compromising that individual’s personal information,” stated Kocher.
Ideal Innovations is an inventions company that develops innovative ways to solve difficult problems. It has additional experimental efforts underway, including developing methods for identifying potential elite future performers, rapid secure access systems, and early detection of viruses.
‘Privacy for the People,’ a grassroots effort for demanding individuals’ privacy, is releasing a public blockchain for securing state records and enabling an open marketplace
Press Release –
updated: Nov 7, 2019
COLORADO SPRINGS, Colo., November 7, 2019 (Newswire.com)
– The BlockChain Development Community (BCDC) (www.bc-dc.org) and partners from New Cyber Frontier (https://www.logiccentralonline.com/new-cyber-frontier) and BlockFrame Inc. (http://www.blockframetech.com/) announce a new crowdfunding campaign that went live on Oct. 22, 2019, on www.indiegogo.comto support the future development and expansion of new blockchain platforms to increase individual privacy.
Colorado Senate Bill SB18-086 was signed into law in May 2018, with broad bipartisan support, to apply blockchain technologies for better security for state records. Since then, more than 220 volunteers and 30+ software developers have been building a blockchain distributed ledger to meet Colorado requirements, to resolve many limiting design issues with current public blockchains and to support a secure and indefinitely scalable global information marketplace. The platform developed from that effort is now ready for initial public release.
BCDC members have volunteered thousands of hours of development time, often with their own facilities, computers and money, to produce an open platform without direct government or large corporate sponsorship. To maintain the momentum for a secure service for individual digital privacy rights – which today is often at risk from cyber-attacks from billions of dollars invested by criminals, hackers, large international corporations, and nation-states – BCDC is seeking $500,000 from crowd-sourced funding to support the completion of its next development phase: Funding from people, and responsible to people, to support the digital privacy rights of the people.
Over the next 60 days, our partner New Cyber Frontier, the internet cyber-security show with the largest listenership in the world, will support the BCDC crowd-sourced funding campaign.
Help Support the Effort by Clicking the Link Below
The BlockChain Development Community is a group of over 220 volunteers and 30+ software developers that have been backing legislation passed in Colorado for supporting blockchain distributed ledger technologies for securing state records. This public blockchain is ready for initial public release, and with your help, we can speed up this delivery process.
CHICAGO, June 2, 2019 (Newswire.com)
– LegalRideshare, the only law firm in the US to focus exclusively on rideshare, is often tapped with the question of the dash cam dilemma: “can a driver record me if I don’t know about it or agree to it?”
First, it’s important to consider: “is an Uber or Lyft a private situation?” LegalRideshare will often lean on the side of “no, it’s not.” It’s comparable to taking public transportation like a bus in a major city. If passengers wouldn’t go outside and scream something absurd, they shouldn’t say it in an Uber.
Understandably, passengers are still looking for their rights to be protected, even if legally a driver can record you in the car without your consent.
So how can drivers protect themselves and make passengers feel safe?
We always recommend drivers get a sticker for the back window of your car, acknowledging there’s a dash cam (LegalRideshare have these stickers and gives them away for free). In states like Illinois, which is two-party consent, this really covers any issue that may arise. It’s also important that drivers let riders know this is for their benefit as well, in case of an accident or assault.
When does it go too far?
A few months ago a driver was livestreaming his passengers on Twitch. This is not only a breach of trust, but a guaranteed deactivation. Recording passengers in case of an accident is one thing. Using them for a reality TV show is another.
Check out LegalRideshare’s interview with ABC newswhere they go into more details about recording passengers.
ORLANDO, Fla., February 20, 2019 (Newswire.com)
– Past and present Digital Rights Management systems have repeatedly failed consumers, content creators, and distributors. In the face of these struggles, the need for such systems has never been more necessary. Emerging technologies, such as Spatial Computing, rely on the creation of high-value digital assets in order to support the booming demand in Augmented Reality. Unfortunately, modern technology had not presented the tools required to protect and facilitate the transfer of such content…until now.
NeoWare Inc. is creating a decentralized and democratized platform for digital content management and distribution via public blockchain networks. The blockchain will be optimized specifically for the secure ownership and access management of any digital asset using a non-fungible based token, giving users and content creators methods to securely initiate, store, and manage access permissions to their content and IP.
“With Web 3.0 on the horizon, blockchain technology has the ability to cure the symptoms that have plagued the current iteration of the Internet: the absence of security and rapidly disappearing privacy. Data is quickly becoming the most abundant resource on the planet and our DCM tools will empower every user to protect and control their digital assets.”
-Caesar Medel, CEO
Components of the NeoWare DCM System include major advances and improvements on present-day technology. The ZIP file standard was conceived in 1991 to provide a standard method of packaging files and directories into a single file primarily for distribution over the Internet. NeoPak will build upon this functionality by introducing blockchain supported secure Public Key Encryption, Identity Management, Digital Rights Management, and Zero Knowledge Proof support. These capabilities are important for support of a decentralized web (Web 3.0) where user information and proprietary data is directly controlled by the user.
NeoWare Inc. specializes in the creation of Spatial Computing software and Digital Content Management systems. White labeled applications utilizing augmented reality facilitate the creation of 3D-digital assets that serve as the initial use case for all blockchain-based content management systems. These Custom AR-Applications drive engagement, build brand loyalty, and boost consumer education through immersive augmented reality interactions.
PureVPN is standing up for the victims of cyberstalking by inviting audiences to learn, inspire and trust themselves to do more. Learn more about cyberstalking victims and how they got past the danger.
Press Release –
updated: Jun 20, 2017
Hong Kong, HK, June 20, 2017 (Newswire.com)
– The internet gives people the freedom to connect, but this freedom has an ugly side too — cyberstalking. The numbers are worrying. A staggering 94 percent of victims of cyberstalking are females, irrespective of their age or background. Furthermore, a recent study revealed that 62% of cyberstalking victims are young women, aged between 18 and 24. Victims range from celebrities to person next door.
While 20,000+ cases of cyberstalking are reported annually, worst still, the issue is mostly overlooked in many countries. Seeing the worsening situation, PureVPN is now reaching out to and working with cyberstalking victims. Our aim is to listen, understand and if possible, help. Giving them a platform to voice their concerns, seek support or share knowledge is the just the beginning. PureVPN aims to raise awareness and inspire other internet users to stay strong and continue the fight against cyberstalking.
“We want cyberstalking victims to know that we are with them and they now have a platform to share their stories. We will help them get their voice out and inspire other users to keep fighting.”
Uzair Gadit, CEO & Founder
PureVPN’s CEO and Founder, Uzair Gadit, said: “We want cyberstalking victims to know that we are with them and they now have a platform to share their stories. We will help them get their voice out and inspire other users to keep fighting.”
Learn more about cyberstalking and take corrective measures to put an end to this menace.
