S1:E10 Espresso’s Jill Gunter–Privacy in Web3 and the Fallacy of Choice
Katherine
Hello everyone, and welcome to episode ten of Cross-Chain Examination. I'm your host, Katherine Wu. Believe it or not, this is the last episode of the season. I can't believe we're already ten episodes in. Massive. Thank you to everyone for making this possible. Shout out to the sponsors, to all of our listeners. I can't wait to get started on season two soon. I'll probably launch sometime in the fall, so stay tuned for that. In the meantime, please tell your friends about Cross-Chain Examination. Catch up on any missing episodes. And as always, reach out with feedback and comments to either the podcast Twitter handle @crosschainpod or to our show email crosschainexamination@gmail.com. Thank you also to my producer, Amy Chen, who has worked nights and weekends to make this happen. Now, without further ado, let's jump into this week's episode.
So today we're taking a different approach. We're talking about something that's a little bit more current, top of mind, more related to news events. And so obviously we're talking all things crypto and privacy, but particularly as it ties into a huge news event from last week, which is the Tornado Cash ban in the US. For anyone who hasn't caught up, on Monday, August 8th, 2022, news came out that OFAC, which is an agency within the U.S. Treasury charged with preventing sanctions violations, released a statement that says as follows - “Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cyber crimes.” The statement further went on to say, “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”
Since the release of the Treasury's statement on sanctioning Tornado Cash, the crypto industry has responded, unsurprisingly, very loudly. Some calling this an attack of Defi. Some even calling this the end of privacy. And some more nuanced opinions that an entire class of software has now been banned with no recourse. Now, where there are polarizing opinions, there is, of course, room for nuance. And today, to talk about this topic and pass through all the nuance with me, is Joe Gunter, chief strategy officer at Espresso. Welcome to the show, Jill.
Jill
It is so great to be reconnected, Katherine, and I am so excited to have this conversation with you and particularly grateful for your legal background as well as we embark on all of the nuance to be covered here. There's definitely a lot to talk about.
Katherine
I mean, my goal with every podcast I host is just to have you on as a guest. And I know this is like a topic where you feel very strongly about and have a lot of thoughts on. So I think that's perfect.
Jill
Absolutely. Well, we're two for two, so we'll have to keep the streak up.
Katherine
Yes. So as always, context is everything. So before we parse through all the implications, I want to just start with a quick TLDR on what Tornado Cash is and why people would want to use this tool.
Jill
Yeah, absolutely. So Tornado Cash is a class of smart contract that lives on the Ethereum blockchain. A smart contract, probably most of your listeners are familiar with, is a bit of code that can programmatically make things happen. That means that it can execute exchanges. It can make exchanges or trades happen under certain circumstances. It can do more complex things than that as well. That's kind of the most basic example. In this case, what the smart contract was making happen was a mixing, if you will, of people's assets in a kind of obfuscated behind the scenes way such that I could tie up some funds in Tornado Cash, they could get all mixed, jumbled together, and again, no one would be able to have insight to be able to track the ways that they're getting mixed and jumbled together, and I could then withdraw them on the other side to perhaps a fresh wallet, something that was completely unconnected with any of my other on-chain activity. And I could therefore hide where those funds had been and where they'd come from and then be able to start afresh with where they were going next. And so it's a privacy service, fundamentally, right? That's what we've just described.
I think that we can get into all of the different reasons why people might want to use such a privacy service. We can get into kind of the hypotheticals. We can get into the actuals as well of what services like Chainalysis and TRM, these kind of blockchain analysis tools, seem to be suggesting was the actual usage of Tornado Cash specifically and of other mixtures. I think that these are all going to be important things to cover as we go. But just the high level to start with, Tornado Cash, bit of code, a smart contract running on the Ethereum blockchain and providing this mixing privacy service to people.
Katherine
It's probably important to bring up that using a mixing service is not inherently bad. Just like there's no software that's inherently bad, it's really depending on the actor. So when I was thinking about the common misconceptions, why would you want to use a privacy tool? Because you have something to hide? And I don't think that's necessarily the case. There are many, many legitimate reasons for why people might want to use a mixing service. As we know, transactions on the blockchain are super transparent. And so if I make one transaction under my ENS name, then I think it could be really easy to just figure out everything I'm doing, everything I'm buying, and even potentially what other wallets I might have.
Jill
That's exactly right. And I think that that's actually an important place to start, because there is this misconception amongst people who aren't eat sleeping and breathing crypto and blockchains as you and I are, for better or for worse, that blockchains and cryptocurrencies, you know, people almost think like, Oh, it's right there in the name - crypto. That means it's all private. People know that Bitcoin was used on things like the Silk Road, you know, these darknet markets, people wanting to cover their tracks. But the reality is, on the vast majority of blockchain platforms, including Bitcoin, including Etherium, pretty much everything is trivial to figure out who is doing what with their assets, under what circumstances. You know, all of the gory, granular details. The way that I like to talk about it is that, you know, on Venmo, I think a lot of your audience probably have used or or seen Venmo, and they used to have, by default, a public feed of every transaction that you did. I think they've since made that not be the default because oh, it turns out not everyone wants to have all of their transactions be fully public to people all the time. Etherium is basically that public Venmo feed, right? And the other example I always like to speak to is, I had a friend in college who busted her boyfriend cheating on her through his Venmo feed. Like she went on Venmo and found all of these transactions, like some other person, like, you know, paying back for drinks and like all of this activity. And it was with that evidence that she confronted him. Like, Hey, dude, what is going on here?
And so that I mean, good for her though firstly, but like that is like a much more mundane example than, you know, darknet market stuff like the people, the things that people often think about for why you might want privacy. But it's a great point. I'm glad that you bring it up as context, though, Katherine, that pretty much everything you're doing on blockchains is fully transparent to people, and that has a ton of problems that come with it. I mean, I posted about this the other day, but like you can trivially figure out at least one of my Ethereum addresses, right, that has my ENS name associated with it. You know, that's kind of intentional on my part. I'm kind of like, all right, people will be able to figure this out. But from there you can figure out when and how much I donated to Ukraine in their fight against Russia. Now, if I'm Jill, you know, living in California, that's probably fine. But if I'm living in Russia and I'm donating, or if I have family in Russia and I'm donating, that might not be something that I want publicly broadcast.
You can also go much more light hearted and trivial than that. You know, you can see every bad trade that I've ever made on defi platforms. If you go into my Ethereum accounts just going on etherscan, you know, you can do this in 5 minutes. You can link addresses together and figure out when I first bought Ethereum, you know, you can see things about my net worth that's weird, that's uncomfortable. You know, I don't necessarily want that. And beyond being uncomfortable, I've known people for whom that's then actually posed a threat to their own personal security because I mean, I'm I don't think quite at this level, but, you know, you have friends, I'm sure, who bought Ethereum early, have enormous net worth results from that, and then are getting targeted for scams for hacks even, you know, again, like personal physical threats. And so there are all of these different reasons why people might want privacy.
That said, there are also people who want on-chain privacy because they are explicitly doing illicit activities. And I want to address first the fact that sometimes things that are illicit in one jurisdiction might be things that, you know, we as a society, you know, whether we're in California or the United States or the Western world or other areas of the world are actually onboard and okay with. And so, you know, one example that I've heard talked about a lot recently is women who might want to pay for abortions in places where abortions have recently become illegal. Financial privacy becomes a really important thing to think about in that context. And again, that's an example of illicit activity in a jurisdiction that, you know, not to get political here, but just to show for a second, I at least I'm okay with.
With that said, I think the big elephant in the room that I've been talking around for the last few minutes is, you also have illicit activity in the form of money laundering, sanctions, evasion. You know, specifically here, the big issue at odds and Tornado Cash, I think you've given this context already, is North Korea as an actor using Tornado Cash to obfuscate their funds, to hide and mix the funds that they've gotten from various hacks that they've undertaken on various blockchains, and to be able to hide somewhere in the ballpark of $500million of activity. And I think that's a big problem for national security for the world. That's also a big problem, certainly. And I can kind of understand this on some level. Like if you're sitting in D.C., that's a big political problem. That's a big risk that's being posed to, you know, the people that you're supposed to be protecting. And so it gets very fraught very quickly when you start talking about privacy tools, because as you said at the top, Katherine, these are neutral, and yet the ways that they get used range from the really mundane to the actually quite deeply problematic.
Katherine
Yeah. I mean, there's two things I want to kind of go down. So one is I wanted to just at least give you a shout out. You wrote a blog post earlier this week titled Financial Privacy Without the Risk of a Mixer. And so I think that's where you kind of laid out the binary choice of privacy and crypto really, really well. And I really liked one of the things you said, which is that, you know, web3 really should offer more than just like us today. Web3 privacy is so much worse than literally any other. Like it's what I mean.
Jill
And just talk about web3 is fixing the problems of web2, and we often talk about data privacy being one of those because God knows it's awful. In web2, you know, you only have to look at the Cambridge Analytica scandal and Facebook. And web3 privacy by default is so much worse than anything that we had there.
Katherine
Yeah. And so I think the like when you think around, I mean, I want to touch on this later, which is like, well, how can we square away transacting with privacy on the blockchain and still be able to interact with the blockchain and smart contracts? So I want to touch on this later, but something I was thinking of when you were talking, one of the biggest problems with this ban- so what really happened is obviously because everything is transparent, you can trace things easier. And so right now, I think the problem with the ban is any address that has ever interacted with Tornado or may have contained assets there are now banned. And so now this actually extends to retail, to people who actually need to connect to decentralized exchanges. And that kind of implicates much more than just the bad actors you want to catch in which like this is such an umbrella thing. And so one example I thought of is like, if you're a criminal, what's the best way to actually transact? It's cash, like cold hard cash because that's really hard to trace. I think we all know that. But let's say the cash somehow made its way from like one of these whatever drug briefcase things went to a local bodega because this person was thirsty and wanted to give the cash to, you know, the cashier. And then you went to the bodega and now whatever the change comes back to you and now all of a sudden you're like banned from using cash because like, you own this “dirty” money in your wallet. It's kind of as illogical as that.
Jill
Yeah. No. And I think that it's important also to acknowledge, you know, we will get caught up, I think, quickly in the North Korea thing and all of that's going to be really important to cover. But Chainalysis put out this great report and based on their data, the cryptocurrency received by the Tornado Cash smart contract, about 10% of that is from stolen funds. About 18% of it, again, per their data, is from sanctions or sanctioned addresses. And so, you know, that's sort of 25, 30% right there, but then the rest is from defi users, centralized exchanges, which are all going to be people who've gone through some kind of KYC/AML process on that front, and then other sources. And so, you know, per the data, it looks like the majority I'm not going to say the vast majority we're talking sort of 70% ish, but the majority of users are sort of retail users, maybe even institutional funds. You know, that's a side of this that we didn't even touch on yet, is that institutions use mixers at times so that people can't trace their addresses and be able to steal their alpha, you know, front run their trading strategy.
Katherine
Threaten their business model. Yeah.
Jill
Threaten their business model. You know, it's a proprietary trading trading strategy. And so you have this cohort who I’ll again, for these purposes, call innocent users or who we might think are kind of innocent users. And as you say, they are also feeling the damage of this because it's not a person. It's not developers associated with the Tornado Cash Project. It's not, you know, a company associated with Tornado Cash or even a DAO associated that's been sanctioned. It's the smart contract itself. And so actually, anyone who has touched this is subject to this now. And you're seeing this play out in all kinds of wild ways where, you know, USDC is one of the most major stablecoins out there. And there was something on the order of 75,000 in USDC that was within the Tornado Cash contract or had recently touched it or what have you. And of course, Circle and Center and Coinbase and the backers behind USDC, have now had to use their freezing functionality to put a halt to movement of that which they have to do on a legal basis. You know, Jeremy Allaire, the CEO of Circle, I think, made a really good point when he tweeted out the other day, I'm facing 30 years of jail time if I don't do this. This is not a choice. But I think it took a lot of people in the industry by surprise that Circle even has the power to freeze USDC. And there's this tension there of we’re in this industry that talks about censorship resistance. And we don't actually get into the details of what that means under different circumstances, what products are censorship resistant in a really genuine kind of way, what products aren't? And I would argue just because USDC is not censorship resistant in this kind of perfect cypherpunk way doesn't mean that it's not valuable. I think it's one of the most valuable products out there in terms of the actual utility that it provides to people. But as everyone's learned, it's not censorship resistant in the way that maybe they thought it was. And so I think that you get into these huge issues of, okay, well, who is kind of the collateral damage around this? First and foremost, if you have all of these innocent users of USDC who are now worried about Tornado Cash itself as a privacy service, not as kind of a, you know, darknet mixer or, you know, way of evading sanctions. And then you also have this much bigger question that we now all have to grapple with around what decentralization means about user education and user consent around these things. It's gotten really messy, really fast. But I will kind of finalize that sentence with, I think a silver lining, which is at least for moving away from the theoretical on all of this and into the realm of the practical and really having to get down to brass tacks about what we as an industry are and are not okay with, how we talk about these things, how we go about user education, all of it. And I think that that is a very real upside that will come of this over the longer term.
Katherine
Yes. For an industry that puts so much premium on decentralization, every once in a while, it's good to get that challenge and really understand what is truly decentralized and what's not. Now, it is an interesting point that you mentioned about censorship resistance, and just because the government cannot necessarily shut down an open source software, it doesn't necessarily mean that anons cannot take responsibility, right? And so of it's kind of a funny meme that's happened. Or like a funny story, which is like, you know, Tornado Cash, like still lives on. Right? Again, open source software…
Jill
Over two million in dollar equivalent went through it the day after it was sanctioned. Yeah.
Katherine
Yes. So there is a difference between having something in which government cannot take away from you as a tool, but also a difference between that and like you can't just because they can't take it away doesn't mean that you can continue to not take responsibility if you were indeed violating sanctions and, you know, using it for nefarious purposes.
Jill
Yeah. No. And I think that there are a couple of interesting things playing out with that. Right. You know, the first is that the government has put addresses so, you know, Bitcoin addresses, other crypto addresses on their sanctions list previously as aliases for individuals. Right. The assumption being, you know, there are individuals who are on the list or should be who are behind or in control of those wallets. And so it's exactly right that, you know, just because you're anon doesn't mean that enforcement can't come after you. And I think that it's kind of interesting here that, you know, the argument being made by a lot of people around Tornado Cash is that Tornado Cash is fully decentralized and every pull request in the code that gets added to the code base has to be it has to be passed or ratified by the DAO associated with it. And a lot of the DAO members are anonymous and so on and so forth. And that may all well be the case, but I still find it kind of surprising here. I'm not a lawyer. You know, you're the lawyer. But I do find it kind of surprising that it was the actual smart contract code itself, to your point earlier, the tool that found itself on the sanctions list and not those associated with the project, with the DAO, you know, there was someone somewhere maintaining the website, maintaining the front end. There were people, some of whom weren't even anonymous, founders of the project who, you know, had written the majority of the code associated with it. And so, yeah, it is really interesting that we've seen the smart contract itself be sanctioned and not those individuals.
Katherine
But in a way, I almost think that's almost why people are so unhappy about it. It's one thing to sanction people, but once you put like a smart contract on you're forcing all of it's like I don't know if service provider is a right term, but like anyone who was connected to it or like could maybe serve users, just whatever. Usually when you sanction individuals, it's like five people. Now it's like implicating hundreds. I don't even know how big the implications are because we haven't even seen that fully played out.
Jill
And of course, you see now anons sending Tornado Cash dust to like Jimmy Fallon and other celebrities. Right. Just presumably kind of trolling being like, well, what, you know, are they violating sanctions now like Jimmy Fallon probably doesn't even know to access his Ethereum account. I hope he hears this and proves me wrong but you know, it's gotten so messy here so quickly of all of the fallout of what it means to actually sanction the smart contract itself. I mean, I've experimented with Tornado Cash. I played around with it. I've so that that Ethereum address that I mentioned is going to be trivial for anyone to look up if they want to about me they'll see Tornado Cash transactions on there. What does that mean for my ability, as you say, to use other service providers from that address? You know, you can just start to see how by the very fact that a bright line has not been drawn in sanctioning individuals, but instead sanctioning the smart contract, you can start to see how this could creep into all of these other areas.
Katherine
And here's a thing, right? It's like, well, isn't everything decentralized anyway? Why don't you just, you know, if you're opting out of it, then this shouldn't affect you. And I just think that's a really lazy take. Like at the end of the day, crypto right now is a mixture of decentralized and centralized products. And anyone who's living in the real world, the fact that your mortgage or rent is still in USD, like whatever it is, like you can't fully get away from it. And so the way we exist today and the implications of this is very, very broad because of that.
Jill
But I think that that actually nicely ties in to the point that I've talked about a lot and the point that you touched upon earlier about the binary nature of privacy within crypto. Because crypto products as a whole and crypto as an industry, you're right, is a really interesting mix of decentralized and centralized products. You have things that exist all along that spectrum where you might have a custodial exchange interacting with a decentralized exchange that is fully self-custodied. A big part of the power of all of this is that it empowers users, whether those are individuals or institutions - the institutional side of crypto is growing up - to take into their own hands and make choices about where along the spectrum of decentralization they want to be. It's empowered users and individuals to really kind of take the financial system as a whole into their own hands and be able to reshape it and recast it in really interesting ways that might work better for them. It's been chaotic at times. It's been messy at times. Real damage has been done along the way for sure. But ultimately, I think that there's something really powerful there in creating more optionality through these systems and then through the developers who build them out.
And it's therefore ironic to me that we have been living in this pretty binary world within web3 and crypto when it comes to privacy. There have really only been two choices. You can either use a fully anonymous mixer, and I include in that kind of the fully anonymous cryptocurrencies and coins out there, all of these types of products, not just the Tornado Cashes of the world, there are many. So you can use a fully anonymous product, but then open yourself up to all kinds of risks when it comes to, you know, governmental oversight, regulatory action as we're seeing, even services becoming uncomfortable with you and censoring you and so forth. Certainly, if you're an institution, you know, if you're fiduciary for other people's assets, you have to be very cautious and very cognizant of those risks if you're using a fully anonymous product. Or of course, the other side of the binary is that you use a fully transparent, fully public chain and fully transparent, fully public products like Ethereum and like the vast majority of Defi out there.
And where I think that - and you know, this is what I'm working on so I'm biased building this full time - but I think that where it gets really interesting, though, is when we start to open up that privacy spectrum and say, okay, you know, maybe fully anonymous mixers should exist, maybe not. I don't really want to get into that as a debate. I think I've revealed enough along the way of this conversation already that you can probably guess where I come out there. But regardless of that, there should be more options and more choices for users along that privacy spectrum to be able to determine, you know, maybe I'm cool actually with Coinbase having KYC’d me and Circle, maybe, you know, as an example, maybe being able to see everything that I'm doing with USDC, maybe I'm also totally cool with them being able to freeze other people if they don't like what they're doing. But that's a risk that I'm willing to take. Maybe that's a risk I'm more willing to take than the risk of using a fully private, fully anonymous mixer. But maybe I don't want the whole general public to be able to see that full Venmo feed of every dumb trade I've done, every donation I've made, you know, everyone who's ever paying back for a drink, right. And you can get into even more, I think, kind of interesting worlds of this, right? Where you can actually end up with even better privacy guarantees than exist in the world today where, you know, maybe then other third parties would be able to see, okay, this address has been KYC’d by Coinbase, but I don't need to then take custody of all of that data and information. You get into really interesting possibilities.
But I think if we want to protect privacy, if we want privacy to remain a viable option for users of blockchain products, we have to be developing those intermediate solutions and opening up the options on the privacy spectrum so that it's not all or nothing.
Katherine
Yes. No, that's such a good point, because at the end of the day, none of us want to support or be part of a tool or be associated with something that could potentially fund hackers or bad actors.
Jill
Yeah. Like there is something uncomfortable. It gives me the heebee jeebees to think about my funds being mixed up with, you know, child abusers and North Korean militants, right?
Katherine
Like, obviously, in that sense, like sanctions are super important in that sense. Like morally, I don't want to be associated with that. I think that in that sense makes sense. But like you said, it is important for the industry, our industry, to bear some responsibility in the sense of like we should come up with tech that both preserves privacy and also can support compliance and it should be a choice. And so like, you know, I know in recent days discussions around zero knowledge proofs have come up again because it's one of these things that I think the industry is working on to achieve both of those goals. But like I said, the binary choice shouldn't be taken as a standard and certainly shouldn't be the standard going forward.
Jill
Absolutely. Yeah. And I just want to unpack for a second, because you mentioned zero knowledge proofs. So zero knowledge proofs are a cryptographic technique and have been turned into a technology that lets you prove things about something, about a piece of data, about the state of something without revealing the underlying information. And so the kind of naive example that often gets used is, you know, if you walk up to a bar and you still look like you're in high school, which I do as of now, it's not cool. That's not a humblebrag. I kind of hate it. But, you know, you get carded and you have to hand over your ID to the bouncer outside of the bar. And they look at it and they see, okay, she's well over 21. Okay, she can go in. But in so doing, they get to see all of this information about me. They get to see my date of birth. You know, that might be something that I'm not comfortable with. And so the zero knowledge way of doing this, if there was one, would be for me to be able to prove to the bouncer that I am, in fact, over 21. So I’m proving something to him about the state of me without having to reveal the underlying facts that make that the case.
Now, the way that this has been applied to crypto is really cool. Firstly, it all kind of started with Zcash and the Zcash project where the folks around that project said, okay, we have this problem with blockchains where everything is transparent to everyone all the time. We kind of need that to be the case because we need to be broadcasting these transactions to the whole network of nodes validating the transactions that are going through. But what if we could use zero knowledge proofs so that all of those validators can still validate that indeed these transactions are okay and meet the requirements of the protocol without having to see all of the underlying data? And Tornado Cash relied on zk tech, zk meaning zero knowledge, and again, there have been a lot of really, really cool applications of this technology. There's been a ton of breakthroughs and a ton of resources poured into making those breakthroughs over the last five or six years. It's all really exciting, and the way I think that's most exciting about exploring the applications of it is when you start to get into the notion again of more programmable privacy, more configurable privacy, and opening up kind of the spectrum of possibility again between the two binaries. But that's about as deep as I'll go for nowI think on zero knowledge proofs, I'll pull in one of the members of my engineering team if you want to get into the actual technical details of how it all works.
Katherine
No, I think that should be a topic for another episode. Which 100% we should do. But the reason why I bring it up is just to show that there are industry folks and developers and really smart people working on giving us more than just a binary choice when it comes to privacy and when it comes to crypto. So on that note, just the last question. What is the one thing that you would want everyone to know post this whole Tornado Cash sanction news. It could be best practices. It could be how they think about their privacy. Like, what is the one thing you want people to know?
Jill
I mean, it's such sort of a trite crypto-ism to say, but DYOR, do your own research, understand who can see what about what you're doing on chain. You know, I think a lot of people who have flooded into the space amidst all of the excitement over the last couple of years, might not even fully understand just how much can be seen about what they're doing on chain, even if you're spinning up new addresses and thinking that you're being really smart on your opsec and linking things, people can still see what's going on. That would be one thing.
Do your own research on just how censorship resistant the tools that you're using are and make your own decisions about what kinds of risks you want to take. Because there are going to be risks any which way, whether those are the risks of using a fully anonymous mixer or the risks of some centralized third party holding the asset that you're using. You know, whatever it is, there are going to be risks. But do that research, again, understand these things, scrutinize them. Don't just take the marketing jargon at face value. And the last thing I would just say is don't mess with OFAC. We've talked about some of the some of the kind of, you know, kind of funny, but also like when you think about the implications really like not that funny things that people are doing in the wake of this Tornado Cash sanctioning, don't do those things. Now, my last, final takeaway. Just don't mess with it. Don't touch it. Don't go near it. Not with a ten foot pole.
Katherine
All right. Great final words. Well, thank you so much all for coming on to talk all things crypto privacy, Tornado Cash, sanctions and the like.
Jill
Like any time. Always happy with you, Katherine. Thank you.
Katherine
Thanks for tuning in to another episode of Crossing Examination. This is the last of season one. We'll see you for season two sometime in the fall. In the meantime, subscribe, rate this, share with your friends and I'll see you guys in the fall.