Chrome is today’s Internet Explorer both in terms of market share, and use of non standard features to push a companies dominance.
Safari is today’s Internet explorer in terms of being bundled with systems as a requirement.
Ultimately, these analogies trivialize the actual state of the browser ecosystem in the 90s and early 2000s, because the computing landscape was so different.
The claim there was never about the OS being spyware though so that link feels like a stretch even then.
It’s always been about server and infrastructure access. But beyond that, the Prism leaks mostly applied to telecoms.
A lot of conspiracy minded folks failed to see the forest for the trees because they failed to grok the entire infrastructure between the device in their homes and the greater world.
It’s much easier to think the device in your hand is betraying oneself than to think about the immense number of other components like telecoms, servers, MitM etc that comprise modern communication.
But those are parlor tricks. Yes, the United States forces Apple and Microsoft to turn over data on a regular basis; everyone from India to Brazil demands the same thing. It's non-unique. The United States and it's FIVE-EYES partners clearly have more capabilities on the table; they literally control these businesses, up to a certain point. If you're unwilling to acquit telecoms and server providers for installing backdoors, then it's a no-brainer to implicate Microsoft, Google and Apple for knowledgeably shipping compromised client software too.
That's somewhat true, but the only other relevant browser is treating the internet like it owns it.
I'm sure it's wrong to "hold the web back", but I'm also afraid of when Google finally takes over the internet. Because those "don't be evil"-days are in the past.
Safari today has very good support for ratified web standards though. Looking through caniuse, the browsers are roughly equivalent with variances between them.
Most if not all the web feature that are not supported in Safari are things I resolutely do NOT want in a browser though.
Stuffing things in a browser is not good for anybody…
> Stuffing things in a browser is not good for anybody…
Food for thought:
Have you ever considered that the demand for this functionality in the browser only exists because it is forbidden natively? I've got no use for cross-platform 3D APIs, game streaming functionality or even WebRTC in my browser when it comes down to it; but it makes plain sense that people want to push this functionality to the browser because Apple resists it natively. That's just supply/demand at work.
I doubt that’s actually true (though maybe it is, I don’t know). Anyway 3D APIs are implemented in Webkit, as well as WebRTC and co and many other APIs.
I’m talking specifically about having access to the bluetooth stack, having access to the device’s vibrations, etc.
Apple making a conscious choice to be cautious about including privacy/security harming features is not holding the web back. It's putting users first.
Chrome's reckless and indifferent approach of including every API under the sun is being used by advertisers today to track users through comprehensive browser fingerprinting.
One can also say it’s a duopoly of two suboptimal browsers (factoring all Chromium based browsers together).
Even though other options exist “technically”, users on the two (3?) popular mobile and desktop OS experience a great deal of platform friction when opting to make their own choice (if at all possible like on iOS).
Not that I disagree on the duopoly part, but truthfully there’s only one third browser engine in play and that’s Gecko/Firefox.
Which, imho isn’t any more optimal than WebKit or Blink.
Granted, perhaps if the duopoly didn’t exist, it could get more resources. After all they did once dethrone IE6, but I think that was as much Microsoft’s blunder as it was Mozilla’s success. I’m not sure Apple or Google are making the same blunders today.
It is possible that I'm missing a bigger picture where Mozilla is pushing the envelope with Firefox.
We've crystalized around a specific role for each browser (e.g. Chromium brings in whatever webstandards it needs to pretend to be an OS, Safari tries to keep up while also sneaking Apple ecosystem facilities, Firefox... keeping up?) and there is no real innovation. Of course, we have better ways to not-block-ads, scrape user telemetry, or ai-whatever-that's-good-for... but nothing substantial towards improvements for the people using browsers.
What platform friction to users experience installing a different browser on Android? I'm aware few users actually choose to do it, but I don't recall any resistance from the OS to installing Firefox, making it the default, and keeping it that way.
Not just that, but forbidding any other browser engine on iOS and forcing Safari as the only browser allowed on the platform is completely abusive and anti-competitive. It's one of many reasons Apple is getting sued by the DOJ.
Only in the EU. Highlighting that that the only reason they’ve changed their mind is because of regulatory pressure. Android allowed alternative engines on day one, iOS allows it, what, 17 years after launch? It’s still fair to criticise Apple for the time it took and the extra lengths they’ve gone to in order to only allow it where they’ve been forced.
No other iOS browser engines have been approved, or even exist at this point. Probably won't see any real alternative browsers in the EU until they finish the rumored WebBrowserKit or whatever, to help contain JIT services.
So now we'll find out whether this platform is choosing to deplatform this particular speech, now that it's more clear that they're under no legal obligation to do so.
I don't really blame them if they are. The risk:reward for offering essentially a free service to take legal heat on something this "hot" seems like a bad tradeoff for github. Seems like the kind of thing better hosted on some financially fire-walled shell company's website where any losses from a protracted legal battle can fall off into oblivion.
Wishes aren’t statute and GitHub isn’t a public good or commons. There are more valuable efforts for GitHub than fighting sanctions on money laundering code. One can always host the tarball on their website, or the code on their own Gitlab instance. Very common in the edu space.
Freedom of Speech is a principle, a concept, a philosophy. Not a Law
In the US, the 1st amendment prohibits the US government from infringing on a persons natural right to free speech.
"Freedom of speech" is not a law, or provision. Pointing out that a platform "has the right" to violate peoples freedom of speech (and yes it is an infringement of the principle) is both obvious and pointless. People that actually support the principle also have the right to express their deep disappointment that GH would abuse their position of power, abuse the privilege bestowed upon them by the community of open source developers by cowering to the US government and refusing to stand up for the principle of Free speech
First Amendment is the application of the principal of free speech to law
However freedom of speech is also a larger principal then just the first amendment. People seem to only want to focus on the first amendment and government censorship as if that is the only type of censorship
It may sound a little odd, but you do not think existing AML regime is already working in overdrive mode punishing regular people ( all while actual big fish manage to get away undetected or, worse, protected )?
It is a much larger percentage of North Korea’s total economy, however, and I think that’s going to turn out to be the primary motivation here: not that OFAC woke up one morning and said that Tornado Cash is public enemy #1 but that the people watching North Korea saw that ransomware proceeds were being laundered using this specific system and wanted to stop it.
And AML wastes tens of billions of good dollars in GDP and revenue per year through added monitoring costs, insurance, enforcement expenses, etc. If AML were 90% effective, it’d be supported; but it’s more like 0.1% effective.
I take issue with the claim that tornado can “effectively launder money for criminals.” All it can do is leave you with an asset with a less-than-clear on chain history. If you want to cash out, you still have to explain how you wound up with 100 ETH or whatever.
Kinda. Money laundering consists of placement, layering, and integration. There is a (very weak, imo) argument that TC can be a part of the “layering” process, but it certainly does not do all three.
If that's true, then it can't launder money very well can it?
Definitely feels like a false narrative has been created by the fact they're able to point it out.
Like pointing at someone and accusing them of hiding, but the very fact you can point them out means it's either not actually happening or not happening very effectively.
Anyone can see what amount of money one address has put into Tornado Cash, so it’s no surprise that we can estimate how much money North Korea has put in. The whole reason they do put that money in, though, is so that they can have a different account take that money out, and have it not be clear where the money came from. For a sanctioned country, that output seems much more spendable.
It was very effective. The money went in, and no-one knows where it came out. BUt you can bet it went into thousands of clean, untainted wallets which were then used to cash out.
Yes, Tornado allows you to obtain ETH that is divorced from the original (potentially criminal) source. But exchanges and anyone with a block explorer can still see that your clean wallet received 100 ETH from the Tornado withdrawal address. Exchanges in America at least are supposed to consider accounts receiving funds from mixers as "high risk" and apply extra scrutiny/shut down accounts. There are exchanges in Hong Kong and most of the former Soviet Union that ignore these kind of rules but Tornado still doesn't really "clean" the money in the sense of giving you readily spendable money in a bank account. I guess it may be useful in the process of doing so.
> Exchanges in America at least are supposed to consider accounts receiving funds from mixers as "high risk" and apply extra scrutiny/shut down accounts.
I believe there's a level (I think $3000) for the "travel rule"[1] to apply.
It's obviously easy to bounce the money through some "NFT sales" too if you want.
Money laundering is comprised of three parts: placement, layering, and integration. The government here is attacking the “layering” part of the process that tornado _may_ contribute to (the norks still have to explain how they ended up with a billion of ETH). But to truly be “money laundering” you have to have all three elements. The equivalent here would be banning casino chips or something.
> equivalent here would be banning casino chips or something
If someone pays for a house with casino chips, and you don’t do your diligence on why they chose that mode of settlement, you’re rightfully exposed to legal risk if they were in fact laundering money.
> I take issue with the claim that tornado can “effectively launder money for criminals.” All it can do is leave you with an asset with a less-than-clear on chain history. If you want to cash out, you still have to explain how you wound up with 100 ETH or whatever.
ehhhhhhhh. you can play with asset prices and valuations to fix this.
you have a little clean money savings from your job right?
okay, great, with a little bit of dirty/flaggable money in a different address, launch an erc20 token and liquidity pool, add 100% of the erc20 to the liquidity pool.
now with your clean money, be an early buyer.
now with MORE of your dirty/flaggable money (other tornado cash notes withdrawn to different virgin addresses via the relayer), buy into the liquidity pool. this pumps the price of the token.
now with your clean money, sell. cash out, pay capital gains tax, move on. indistinguishable from any other crypto trader. bots and many others would have bought into the liquidity pool too as they have alerts.
everyone else can play amongst themselves in perpetuity, and it can't go below the initial price that you set when you launched the pool (in Uniswap V2 style liquidity pools, and just if you want to feel better about it). hey, maybe if it keeps running then your tornado cash funded addresses might be able to sell back into the liquidity pool again.
you don't need, there is still benefit in unlinking the transaction history and normalizing that behavior.
virgin addresses funded by a third party relayer does that.
you don't want your $30,000,000 bridge heist funds to be buying a newly launched token. you want a bunch of unknown sources to be buying the newly launched token, various identities.
edit: actually I could see the crypto community finding it hilarious and "aping in" knowing that a large buyer is supporting. easier to blend in.
Even if it does, who gives a shit? The interstate road crew happily builds the interstate, knowing money launderers use it without taking the slightest precaution to stop them. They cash their paycheck, knowing some of the money thrown in the 'mixer' of the treasury was the money of the money launderers paying their taxes that build the interstate.
The road crew is like the workers at an internet provider or maybe an isp, and the vast majority of the traffic is legal. That original analogy makes it seem like the verdict on tornado was already made, now we just need to grasp at arguments to support the pre-made conclusion. It backfires. Don’t shoot the messenger.
Had to look that up. TVL = Total Value Locked. E.g. the code itself doesn't and can't make an effective mixer, a high volume of the money flowing through a specific mixer service is necessary.
A piece of code on GitHub has zero TVL. It's just a bunch of files. (I would assume the treasury department only gets involved when there is actual money involved. Sending money to a contract on the blockchain is finance. Just posting the code somewhere is speech.)
Is it? Given that the original code still exists on mainnet and cannot be taken down. I suppose the main use case of a high TVL fork would be for Americans who wanted to legally regain their privacy without risking a sanctioned contract interaction. Anyone who doesn't care can still use the original.
Maybe, but you might be misunderstanding how that works as well as assumptions about crypto user stories.
there is a sanction on US persons from merely interacting with the deployed Tornado Cash contract, so there is a potential fine and prison sentence for just doing that. The license removes that liability.
the assets you receive out of Tornado Cash can be used the same as before. Exchanges may flag those funds arbitrarily, but other smart contracts and merchants do not. Many people stay directly on chain and pay for goods and services, and invest, without issue. Many people can derive real world benefits from things they purchase with their crypto, whether that thing is digital or physical. Its not about "cashing out", but if so, those people can still just deposit into some onchain lending service and cash out the borrowed funds, as exchanges themselves don't dig that deep and if that individual has the OFAC license it doesn't matter.
for those that choose to go to the treasury to get a license, they can always prove provenance of their tornado cash assets and prove they're clean, which is a key feature of tornado cash. so its not a good assumption that the treasury would target that person to make a deal, because there wouldn't be any liability at all, only the novelty of making the application for the license.
As you evidently know, that's the defining characteristic of a license: it removes criminal or civil liability for an otherwise illicit act. For example a Barber's license permits a person to hold a knife to someone's throat without it being assault, modulo some additional conditions. So much for generalities.
To the specifics, you look to be quite well informed on this particular matter. Are you saying that someone that has assets in Tornado that they cannot otherwise cash out without violating sanctions can lawfully sell them to a licensee, but nobody else? Because if so that sounds like a wonderful buying opportunity for the licensee. Or is getting a license trivially easy, such that anyone with assets legally tied up can just go through a TSA pre level process to establish that they're not an international terrorist drug dealing child trafficker, or whatever activity these sanctions are meant to discourage?
a) the person already having assets in Tornado Cash also being the licensee to withdraw assets from Tornado Cash. the assets they withdraw are as liquid as any other non-TC assets and do not have to go to a fellow licensee.
b) a person that wishes to continue depositing assets into Tornado Cash is also the person that is the licensee.
the only reason for the license is for interacting with the Tornado Cash smart contract - as by default that is currently a sanctions violation for US persons - it has nothing to do with whether another recipient is comfortable accepting those assets, and that isn't a limitation of liquidity at all.
Hope that makes sense. The license is just a bureaucratic nuance for people that dont want to gamble with liability. They can totally try to hide it and risk a sanctions violation charge.
I wonder if it is possible to have a variation of Tornado where the TVL automatically moves to a new deployment at a new random address every N blocks, so that it's not as simple to have specific addresses sanctioned. I don't know Tornado very well and don't know if this would be possible.
You could cascade the sanctions so any addresses touched by sanctioned addresses becomes sanctioned too; that leads you open to trolling and abuse where a sanctioned address sends money to celebrities to impact them. This could probably be dealt with by saying anyone who uses an obvious Tornado-style contract that's been sent money from XYZ address is illegal, so you don't end up with the trolling, but I don't know for sure how that'd work.
