Financial Privacy is a Human Right: Navigating past Sanctions and Censorship through Decentralization

Danai Raza
5 min readSep 5, 2022

--

A First for Web3: Sanctioning Open-Source Technology

On August 8th 2022, the open-source privacy protocol on Ethereum, Tornado Cash was sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). OFAC identified Tornado Cash as a “crypto mixer used to obfuscate the proceeds from illicit cyber activity and other crimes. While most virtual currency activity is licit, it can be used for illicit activity, including sanctions evasion through mixers, peer-to-peer exchangers, darknet markets, and exchanges.”

The Tornado Cash sanction marked a watershed moment for the Web3 movement, confirming that even open-source decentralized technologies could be subject to sanctions and censorship.

Within a week of the announcement, dozens of companies complying with OFAC regulations severed ties with Tornado Cash, including Microsoft-owned GitHub deleting Tornado Cash’s entire source code and banning its developer accounts. Circle, the project behind popular stablecoin $USDC, froze Tornado Cash wallet funds, blacklisting all addresses that appeared on the sanctions list.

Web3 infrastructure development platforms, Alchemy and Infura prevented its users from accessing Tornado Cash by blocking remote procedure call (RPC) requests to Tornado Cash. Several Ethereum DeFi blue-chips including Aave, Uniswap & Balancer blocked wallet addresses that had interacted with Tornado Cash addresses on the sanction list.

Ramifications of the Tornado Cash Sanction

Indeed, the Tornado Cash sanction raised many questions from the blockchain community, from free speech advocates and privacy maximalists; its aftermath raised several more. Are blockchain projects truly decentralized and censorship-resistant? Can users get into legal trouble for trying to safeguard their financial privacy? Can open-source code be subject to censorship and can writing such code lead to legal repercussions for developers?

The answers to these questions vary significantly depending on who you ask and what you read. However, the facts remain clear:

  1. Privacy-preserving technology built using publicly available open-source code was sanctioned.
  2. “Decentralized projects” complied with the sanction, making changes to their “decentralized protocols”, blocking RPCs, and blacklisting addresses, without any form of governance proposals or community decision-making.
  3. Tornado Cash, a permissionless decentralized technology, and its users were censored on the “decentralized” blockchain Ethereum, barred from using many DeFi and infrastructure DApps, by projects that claim to be “decentralized”.

Web applications and DApps require several key back-end and front-end technologies, such as cloud computing, storage, web domains and servers. These components may be centralized or decentralized, e.g. an application can be stored on cloud storage solutions hosted by the centralized Amazon Web Services (AWS) or the decentralized peer-to-peer (P2P) storage solutions such as InterPlanetary File System (IPFS).

A key lesson learnt from the sanctioning of Tornado Cash: When key components of a project are built using centralized infrastructure, it almost always equals forced compliance to sanctions and opportunities for censorship.

Beam: Private-by-default, Censorship-Resistant & Fully Decentralized

Let’s try to imagine what would happen if a confidential DApp on Beam blockchain was suddenly sanctioned. What effects would it have on the BeamX DeFi ecosystem and what would the ramifications of such an event be? The answer: It would probably not be possible, apart from generating a few news stories and some PR.

The Tornado Cash sanction document as outlined by OFAC bans the Tornado Cash entity, its website domain, and their $ETH and $USDC wallet addresses, some of which were used to host smart contracts. Entities complying with the sanction can simply blacklist Tornado Cash wallet addresses and any user wallets that interacted with them, this is possible because Ethereum publicly records all transaction data on-chain, accessible to adversaries and blockchain monitoring tools.

There are no wallet addresses on the Beam blockchain, so theoretically there is nothing that can be sanctioned. DApps are stored on the decentralized P2P IPFS storage and DApp developers can retain complete anonymity.

Compliance is definitely not an afterthought. Beam Wallet features an opt-in auditability allowing businesses or private individuals to report their financial history to their auditors or any other party of their choosing in a secure and provable way.

Each Beam Wallet is a node that connects automatically, directly to the blockchain, leaving no room for censors; a stark contrast to the web DApps relying on front-ends, potentially hosted using centralized components. Many of the most popular DApps we know today such as Uniswap, Aave, Pancakeswap and Curve use centralized cloud storage to host their front-end.

History has demonstrated such projects have no real choice but to always comply with sanctions. It does become difficult to call such projects “decentralized”.

Beam uses a proof-of-work (PoW) consensus mechanism to process and record transactions on the blockchain. The miners validating these transactions are private-by-default; such a choice does not exist on Ethereum, which completes its shift to proof-of-stake (PoS) in the coming weeks.

Users are required to stake a minimum of 32 ETH to become an Ethereum validator. The public ledger nature of Ethereum allows entities to collect data on all Ethereum validators and their wallet addresses, who might be pushed to comply with sanctions, meaning transaction validation is another potential element that can be used to push censorship.

The Way Forward for Beam

The battle for censorship resistance is an ongoing one. So long as there are centralized elements that are used to build or deploy decentralized technology, it is not possible to achieve censor-free unstoppable networks.

I reached out to the Beam Team for their comments regarding their path to decentralization, “Beam is in the process of decentralizing all of its remaining centralized components. Currently, we use the centralized Web2 software development platform GitHub for storing our software libraries and repositories. We’re eagerly awaiting the launch of its decentralized Web3 counterpart SOURC3 before migrating all of Beam software development.” said the Beam team.

“The last component left to decentralize are the bootstrap nodes, which are the default nodes Beam Wallet connects to. Plenty of decentralised nodes exist that users can connect to; including using Beam Wallet as a node. Once all centralized bootstrap nodes are disabled, Beam becomes truly unstoppable!” explained the team.

“Our core ideologies are strongly reflected in our against-the-grain decision to host DApps locally, rather than on the centralized Web, and advocating for the Human Right to Privacy in the blockchain industry.”

Beam Community Links:

Beam Wallet: Desktop, iOS, Android, Web

YouTube: https://www.youtube.com/channel/UCddqBnfSPWibf4f8OnEJm_w

Telegram: t.me/BeamPrivacy

Reddit: reddit.com/r/beamprivacy/

Twitter: twitter.com/beamprivacy

QQ 中国官方社区: https://jq.qq.com/?_wv=1027&k=5Mbs8N4

--

--

Danai Raza
Danai Raza

Written by Danai Raza

Finance Graduate from Mahidol University International College 2020. DeFi Degenerate. Writing about blockchain, crypto, DeFi and privacy coins.