Recent events involving Tornado Cash have prompted us to write down a series of thoughts on paper in an organic way.
For years we have been talking about “privacy” in an abstract way, declaiming the importance of protecting it or hypothesizing what could happen if public or private entities violate the few formal barriers.
And for years we have seen in “decentralization” - combined with “privacy by design” - the light at the end of the tunnel, the one that can illuminate such an important aspect of our life.
In recent days we found out that light at the end of the tunnel is artificial, and can be spent by a switch we have no control.
Tornado Cash was considered a useful tool for illegal activities, and the addresses connected to it were reported by OFAC.
Several services, centralized or not, have banned TC by inhibiting access to its website or the use of its Github profile.
Infura, the leading RPC service on which the vast majority of blockchain businesses are based, has disconnected from TC.
Circle has frozen the USDC in the wallets of some users who had interacted with the reported addresses, creating a cascade of problems on other connected dapps (MakerDao, DYDX, etc.).
An alleged developer of Tornado Cash has been arrested in the Netherlands (link)
All this is due to two fundamental facts: (1) The majority of blockchain activities are based on centralized services, (2) These services are located in the United States, where OFAC can take arbitrary decisions that heavily impact world businesses.
We are aware both ZF and ECC go above & beyond to maintain regulatory clarity, but an event triggering a ban could suddenly happen (or it is already on its way link) .
Infura and Circle have little chance of not applying “sanctions”, otherwise it would have had very serious consequences in the country where they should. But all this must make us reflect on the future of our blockchain, and in our opinion the lines to be explored with absolute urgency are:
A) Create a parallel operational structure, with the same powers as the main one (a society which is a real “mirror” but without the employees) in a country outside the United States and which is not subject to the execution of its decisions, where in case of need operations could migrate in few days. Dubai could be a good location.
B) Create decentralized - or even proprietary - technical structures for both RPC services and related servers, to avoid being crushed by any Infura, AWS or Github bans. This action needs time to be deployed and should be started as soon as possible.
This would not exclude the effort of Zcash in being compliant with international rules against illegal activities, but it would create a “safe zone” in the case of hasty and erroneous decisions of the regulatory bodies to which we are currently subjected.
The funds to create these structures can be taken from the Dev Fund by restructuring the allocations and establishing a share in favor of this initiative.