EFF and Matthew Green Fight Back
The EFF Has Matthew Green’s Back
Well known cryptography and security expert, Matthew Green, has republished the Tornado Cash repository, after Tornado Cash was sanctioned by OFAC and subsequently removed from Github. Tornado Cash is an open-source, decentralized cryptocurrency mixer that allows users to deposit and withdraw cryptocurrency in a way that provides a greater degree of privacy for crypto transactions.
We dived into the constitutionality of OFAC’s decision in a previous newsletter, and how Coin Center is currently pursuing a legal case against the Treasury Department.
Green’s argument for republishing the since removed codebase is because “the loss or decreased availability of this source code will be harmful to the scientific and technical communities.”
The new Tornado repositories page says:
“Github is a private company, and of course it can suspend users for any perceived violation of its Terms of Service. At the same time, it is hard to believe that Github's decision was unrelated to the government's action. In my opinion it is much more likely that Github censored the Tornado Cash code repositories as part of a risk-mitigation procedure they engaged in as a direct result of the OFAC order. More critically: I believe that this removal of protected speech was a predictable consequence of OFAC's action.
…
[T]he Tornado Cash example raises the prospect that the US government may use sanctions to ban source code distribution and scientific speech. Because sanctions rules are broad and carry extreme penalties, these speech bans do not need to be accomplished through explicit orders: they can be obtained simply by exposing US companies and citizens to the perception of sanctions risk. The result is a "chilling effect" on speech, one that allows the US government to determine which citizens and organizations do or do not enjoy the right to publish their source code and scientific artifacts.
…
The purpose of this repository is to make it clear to the US Treasury Department and Github that this code has value, and its removal has consequences that affect scientific researchers and students in the United States. Moreover, it exists to test the proposition that code removal should ever been an appropriate future response to a sanctions order, no matter how justified the order itself may be. I have discussed my concerns with the Electronic Frontier Foundationand they have agreed to represent me as a client.”
“In keeping with our longstanding defense of the right to publish code, we are representing Professor Matthew Green. ... The First Amendment protects both GitHub’s right to host that code, and Professor Green’s right to publish it on GitHub so he and others can use it for teaching, for further study, and for development of the technology.”
A hat tip to Green and EFF for protecting code as speech, and to Coin Center for pushing back against Treasury overreach.
THORChain At A Cross Roads
by NBTV contributor, Joël Valenzuela, Digital Cash Network
The sanctioning of Tornado Cash has created ripple effects all the way to Asgard. THORChain, the premier, cross-chain, decentralized exchange and automated market maker, temporarily backed away from integrating privacy-centric cryptocurrencies into its platform due to fear of government crackdowns on privacy.
Following the arrest of one of Tornado Cash’s developers, many in the THORChain community reacted by moving to pause integrations of “privacy coins” onto the platform. Previously, Haven, Monero, Dash, and Zcash were all in the pipeline for integration. THORChain has long been a proponent of privacy, and a tweet from their official Twitter in 2021, in response to Bittrex removing privacy coins, says unequivocally:
“Privacy is not illegal.
Privacy is a fundamental right.
THORChain will support privacy coins.”
However, responding to concern for the network’s ability to withstand sanctions at the nation-state level, the account stated:
“THORChain is too valuable to risk. Create a second THORChain fork for privacy assets and experimental THORFi features?”
This situation is a further demonstration of the chilling effect that these government crackdowns can have on privacy. Privacy-enhanced assets are not currently under sanction and are freely tradable on regulated platforms such as Kraken. The THORChain community taking a step back from privacy in the absence of a direct order shows the real impact on privacy rights when anonymity tech is even selectively targeted.
Not everyone in the THORChain community was in agreement with pausing support of privacy coins. Rune core developer, Chad Barraford, pushed back, saying:
“If govt blacklisted uniswap for not KYCing, what would @THORChain do? Add KYC? How quickly could govt turn defi-->cefi?
You cant say "we are getting rid of centralized control!" only to bend the knee to centralization a moment later
Stand with #defi, stand with #privacy”
THORChain has since appeared to have softened its stance, polling the network’s nodes and officially announcing that Haven and Dash are two of the next three assets to be added to the platform.
During the public debate, a privacy-focused fork of THORChain was also proposed and enthusiastically endorsed by the community, ensuring that an option would always be available for trading privacy-centric assets.
Watch Joël’s recent deep-dive into the THORChain privacy debate
Privacy Corner:
Don’t Take Cables From Strangers
There are many hacking tools that look like ordinary things lying around your house, but are actually malicious tools designed to hack your computer.
Harmless-looking charging cables, thumb-drives, ethernet dongles: if you’re plugging ANYTHING into your computer, you’ll want to make sure you know where it came from.
This year at DefCon, NBTV chatted to Darren from Hak5, about a bunch of products disguised as everyday equipment that will wreak havoc on your computer. Here are 3:
1. The USB Rubber Ducky
This tool looks like a normal thumb drive, but to a computer it looks like a keyboard. Computers inherently trust keyboards, so you can preprogram this tool to execute certain keystrokes, and delivery a payload of your choosing. If you find a thumb-drive in the street and it says something spicy like “Company Financials”, don’t go plugging it into your computer.
2. The OMG Charging Cable
The OMG cable has a lightning connection on one end that you plug into an iPhone, and a USB connection on the other. It looks and feels just like one you might have at home, but it’s malicious and actually has a computer inside of it. The cable also contains a wifi access point that you can control from anywhere in the world, and this will allow you to do malicious things to the computer it’s attached to. I wouldn’t be too worried about borrowing one of these charging cables from a friend, but if you see one sitting at a charging station, I’d think twice about plugging your devices into it.
3. The Wifi Pineapple
Everyone loves free wifi - but nobody loves an impostor!
Phones and computers are constantly searching for wifi networks that they have connected to in the past and remembered, and these devices send out “WiFi probe requests” which often broadcast these network names, so that they can auto-connect to them.
Wifi Pineapples are sophisticated internet routers that scan nearby phones and computers, collect the network names that are currently being searched for by nearby devices, and then spoof those networks. This tricks phones and computers into connecting with the pineapple instead of their desired network. These digital doppelgängers can then inspect data, manipulate traffic, see unencrypted network traffic, kick people off networks, and a bunch of other stuff.
In order to protect yourself, turn your wifi off when you’re not using it, forget all wifi networks after you disconnect from them, and don’t allow your phone to automatically connect to any wifi network. It will be annoying, because you’ll have to click a button when you return home instead of having your device automatically connect, but it’s an important step to take to help safeguard your digital devices.
Safely navigating the digital world is an ever-evolving lifestyle, but staying up to date and being careful is well worth the time invested. For more information on malicious hardware, check out our video on NBTV!
By Will Sandoval, NBTV Associate Producer, and Naomi Brockwell.