lmao I was surprised by the passage as well. For the uninitiated, Within makes Supernatural, the VR fitness app and doesn't seem to have much to do with AI
Just deleted my account - everything was fine. One thing to note, there's nowhere in the UI or account settings tab to delete my account. I had to go directly to the link.
> Just deleted my account - everything was fine. One thing to note, there's nowhere in the UI or account settings tab to delete my account. I had to go directly to the link.
That's the point OP is making - the button to do it from within the UI has been hidden with CSS attribute
display: none
it's there, but the fact that it was hidden with CSS suggests it was done deliberately to stem attrition.
After migrating to another password manager, do you also need to rotate all your passwords? Or at least the most sensitive ones? Or is the LastPass hack so far unlikely to compromise the passwords? (since I understand only encrypted data is in hacker's hands)
If I had to make a guess on what is going on, Binance US is using Binance cloud, which allows for other platforms to tap into Binance’s orderbook liquidity and infra. Mandala(an exchange) uses it, and their token mdxt doesn’t trade on Binance but still uses their infra and wallets for instance.
There could be a similar arrangement where US pairs don’t appear on the intentional exchange and vice versa, even if they use the same infra
Funny how shkreli fits into the story – he's led the criticized cost plus drugs for being a more expensive version of goodRx with inflated discounts [0]/
No, that article shows it's a cheaper version of goodRx. His complaint is they are sometimes the same price as the cheapest competitor, and that they overstate the discount by not comparing their price to the actual price you'd pay a competitor.
But his first example, for example, is that they claim a 90% discount but are actually 60% of the goodRx price.
Bigger discounts are better, of course. I think many people, including myself, have been paying through the nose with "prescription coverage" which costs more than goodRx or Cost Plus Drugs.
The goodRx site is weird - it looks like a coupon site, where you go to other pharmacies and give them a coupon. I know this is exactly how goodRx works, but it doesn't exactly inspire confidence when you're buying something as serious as prescriptions. The Cost Plus Drugs site is extremely spartan, but it doesn't give off the same weird vibes as goodRx - there are less steps involved. You just order from Cost Plus Drugs and it shows up in the mail, no in-between third party involved.
Behind the scenes, to the extent significant, the third party risk when it comes to drug quality is identical and low.
Pharma charges goodRx less because it's market segmentation - they're assuming many goodRx users would otherwise just suffer without and thus generate no profit.
Some people speculate goodRx subsidizes prices by selling data. I don't find their analysis convincing as they don't explain how goodRx has data meaningfully more valuable than the data pharma already buys from other sources like pharmacies.
Surprised at the rigor they had for your process. Just looking at a lot of crypto companies that have joined their batch, I was questioning whether they even looked at the ideas or not.
Maybe they are just better with b2b SaaS and other verticals, with crypto being exceptionally bad.
> all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
I understand that GitHub is just taking immediate actions in a way they perceive as being compliant with the law. The question is more existential: since source source code is speech, can the government even sanction it? And should GH fight this if they want to remain a reliable platform for publishing code? What even is GH required to do in response to this sanction, or are they just being overly cautious since we’re in uncharted waters?
I am not talking about what GH is at liberty to do; clearly they can do whatever they want. I’m asking about what they’re legally bound to do as a result of these sanctions. I find the precedent here more fascinating and troublesome (as an open source author myself) than the instance of the code in question.
As we've seen with Alex Jones even free speech is not absolute (for the record I agree with the rulings against Jones). If the code is designed to facilitate illegal activity I can see how that could be shut down by the government.
Alex Jones got sued. It’s very different. The government did not pass a law saying he can’t share conspiracy theories directly or that certain theories are off-limits. He just conducted himself in such a way as to cause enough other problems and thus give people grounds to sue him (and win).
Code is a form of speech. It’s the way the code was used that frightened the authorities. Just the way certain forms of cryptographic code were reframed as a ‘munition’ in the first crypto war.
Code is just documents or written speech, and should be regulated as such. So code vs written documents shouldn't be legally different.
So I guess a good question is: should it be illegal to tell people how to launder money? I would say no because I think laws should regulate behavior not speech.
I think for example that people should be able to make arguments why punching a Nazi should not be illegal, say, and maybe the best way to do it. But punching is clearly illegal, and threatening a Nazi directly should also be illegal.
However with abortion, some states that have made abortion illegal are trying to make it illegal to talk about where to get abortions, or how an abortion is performed. So if that is deemed legal by SCOTUS, then expect all kinds of laws to restrict speech in that manner.
Encryption beyond a particular strength has long been an ITAR restricted export.
Now everybody gets to learn that the United States regulatory policy machine will lean very hard on anything that'll threaten it's ability to flex soft power against its opponents.
>What even is GH required to do in response to this sanction, or are they just being overly cautious since we’re in uncharted waters?
Letter of the law is don't do financial transactions with those addresses.
The quiet part is: this technology is now associated with being a channel for money laundering, and will open up any parties hosting or making it available a potential subject of accessory to wire fraud/money laundering charges. As a publically funded company, I assure you, the legal, risk, and compliance departments are now erecting 100 foot poles between the company and this project.
You see, big business and government have a bit of an incestuous relationship. The bigger the market actor, the easier it is for the government to apply sufficient pressure where the easy way out is for said large actor to just "stop associating with that thing".
This is why OFAC is aptly named. You end up on it, and you basically fall out of the economy. The last sound you hear is the subject in question going O, FAC-<signal lost>.
Oh, actually, no, slight exaggeration, the truth is far more chilling.
You see, financial institutions will still process deposits. They just stop allowing withdrawals, turning the business relationship into a one-way trap for funds.
In theory, it may be possible to get off the OFAC list if you end up on it, however, financial institutions are instructed not to inform customers that they are sanctioned if asked. You're only told that a technical error precludes them from completing the transaction. If you mistakenly show up on OFAC, (like by sharing a name with someone who is on it), there are ways to get off of it by providing proof you are not the individual in question. In fact, most times, if you reach out, the service personnel you get are trained to get as much personal info as possible to try to determine whether or not you are actually the individual targeted by OFAC.
Companies will generally dig into it, and resolve it while playing coy. In this case though, it looks like businesses are taking the message to heart and just noping out of supporting it.
> Encryption beyond a particular strength has long been an ITAR restricted export.
I'm not sure what you mean by "restricted," but publishing open source encryption software on the internet only requires that the BIS be notified. No review or approval is required.
Technically, you're supposed to have to ask, and BIS can say no. That's restricted. There is the possibility of extra friction. I've never administered or experienced the compliance process myself, mind. I just know it's a thing.
Can you link the section where it says you’re supposed to ask? In my experience you don’t get assigned anything, you tell them what you are classified as and of course they can disagree but there’s no “tell me my export classification” part unless you fall under a restriction and can’t claim any exemption. Only then do you submit anything. And from my reading of those hellish documents, encryption software for which the source code is publicly available is exempt.
And courts often put a stop to it. Regarding source code, federal courts told the government it couldn't restrict the publishing of strong cryptography, which it considered a munition.
> Regarding source code, federal courts told the government it couldn't restrict the publishing of strong cryptography, which it considered a munition.
?
you mean after Phil Zimmerman spent years in court, and then published a physical book of the source code?
and the US government then sucessfully restricted export of actual software with above 56-bit keys for years[1]? to the extent that Debian and OpenBSD did all their opensource crypto work outside the US to avoid trouble?
and they still explicitly ban export to "rogue states" and "terrorist organisations" in 2022[2]?
things have improved since the 90s but it's still not unencumbered by the US government and the changes mostly happened to make US tech companies more competitive, not due to a desire to free anyone's speech.
From your link: "the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required."
Yes, that's the same link as above. Some restrictions:
> Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license.
However:
> the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required.
So you're free to publish open source cryptographic software on the internet, you just have to let them know you're doing it. Bernstein vs US is the reason for that.
Another interesting note is that encryption software used for the purpose of authentication and credential management is also exempt even if it's not open source. Otherwise most every app on the market would have to go through this process because of login flows.
Is GitHub sanctioning just the accounts that they consider to be directly associated with the sanctioned organization, or, are they also sanctioning the upload of that open source code by unassociated third parties?
This is the first time open source tool/software (not even a business) has been put on the SDN list. Previous entries have all been either people or businesses. I don't live in the US, but if I were, I'd reconsider publishing OSS right now. I don't know all the users of my software, and I wouldn't want to risk being put on any lists like the SDN.
> Be realistic here, are you distributing oss that exists for the sole purpose of money laundering?
I am not, and neither are the authors of Tornado Cash. There is legitimate purposes to use privacy-preserving services. As long as I file my taxes correctly, I should be able to use them as I wish.
> but it's obvious that it violates US law
Since they got added to the SDN list, it's obvious yes. But before that, why it is obvious? Again, as long as I file my taxes correctly with the IRS, there shouldn't be a problem with using services like this.
Unfortunately a large percent of the population believes the false narrative of "nothing to hide, nothing to fear" so they believe only criminals have the desire for privacy
these are the same people that will be SHOCKED when something they use, love, or do is ruled illegal or "obvious" violation of US Law,
This is a poor comparison, BitTorrent has lots of obvious legal uses even if it is popular with pirates. It actually gets used extensively for those legal purposes. Products like LimeWire or Napster explicitly marketed for piracy reasons are another matter. It is possible to use BT without breaking the law.
Maybe a decade ago when I worked at a game studio our IT department got mad at me for being connected to a torrent tracker. What was the tracker for? Patches for one of our games, because the updater used BT.
So what Percentage of BitTorrent Traffic would need to be "illegal" for it to fall under the classification of "obvious violation of US law" or "primarily used for illegal purposes" thus justifying targeting the technology instead of the individuals using the technology?
I have a feeling in this instance your bias is in favor of allowing bittorrent to exist because you have a personal use for that technology that is not illegal, and you do not have a personal use for the Tornado Cash technology, thus you have no ability to see legal uses for that tech.
I have found it to be an exceedingly rare trait for people to be able to externalize, and understand other people's worldviews. If they personally do not need, desire, or have a use for X, then they have no problems with the government clamping down, regulating or banning it. Never coming to the wider understanding that the government may (and likely will) turn it gaze to them.
Sounds like a apt comparison to Tornado Cash then, as exactly the same applies with it. It's used for obviously legal use cases too. Just because some groups use it for less legal things, doesn't mean the thing itself should be illegal.
>Similarly if you distribute OSS viruses don't act shocked if people want to harass you over it - distributing viruses is illegal in some places
Plenty of legitimate software can be used for nefarious things (and sometimes the legitimate code is indistinguishable from malicious code, e.g. remote viewers).
We should probably focus on the people and the actions those people take, rather than code itself, or we might end up in a bit of a pickle. Ban encryption because it's used in ransomware. Ban tech-support software like TeamViewer or QuickAssist because it is used in scams.
Tornado Cash exists for money laundering. That's the thing it does. You can believe money laundering should be legal, or that there are legitimate uses for the software, but the fact is that the software appears to be against US law, so nobody should be surprised that the authors got sanctioned.
The vast majority of OSS software does not have this hazard and it does everyone a disservice to pretend that the situation is identical. There are a bunch of other things OSS maintainers should be worrying about before US sanctions.
Maybe you don't know exactly what "money laundering" is. That you want to hide whatever you are doing doesn't mean that what you're doing is illegal, which is a prerequisite for something to be "money laundering". Just like E2E doesn't exists solely for hiding criminals doing criminal things.
>You can believe money laundering should be legal, or that there are legitimate uses for the software, but the fact is that the software appears to be against US law, so nobody should be surprised that the authors got sanctioned.
I'm not sure if you understood my comment. I don't care about the authors and whether or not they were sanctioned. My point was about the code itself. If we started to force GH and the like to remove any code that has been used in an illegal activity, there's going to be very little code left on GH.
Right, and also note that plenty of "nefarious" software can be used for legitimate things.
Just think of malware analysis or feeding malware to the machine-learning monster.
In the end, it's just information and can be interpreted in a myriad of ways and for all kinds of purposes, including the good ol' simple satisfaction of intellectual curiosity. But many people in this thread seem to have a zero bit mind. By that I mean that they have a single bit dichotomy good(allow)/bad(ban) world that invariably has the value "bad(ban)".
Yes, the government considered strong cryptography to be a munition and said it was illegal to put the source code of PGP on the internet. Courts ruled against the government in Bernstein vs. United States, saying source code was speech protected by the First Amendment. That's why we can all use strong cryptography today.
Patrick is overindexing on the investments portion of the report – which is a little under 5% of backing. There are investment deals and crypto, but it's unknown if this represents the entirety of the amount fwiw.
If we take a step back and look at the key takeaway from the audit report is that amount of commercial paper was reduced and amount of T-bills (essentially cash) was increased by 5 bil. Good news if you think solvency is an issue, but of course they're all scoundrels eh?/s
Tether might have done shady things in the past as the article, but the scale to which Tether operates now (10s of bllns), in addition to scrutiny from SDNY, external audit, etc mean that Tether from before is much different from the Tether now, and it has pulled off the made it portion of "fake it till you make it".
Did they migrate away to a more server heavy model?