[important] foreign asset control compliance \ stacker news ~meta

[important] foreign asset control compliance

18.2k sats \ 50k boost \ 116 comments \ @k00b 15 Dec 2023 meta

Operating in the US requires us to not provide financial-like services certain regions, even if those financial-like services amount to pennies of value on average like they do on SN. We are waiting on an exact list of countries from lawyers, but presumably any stackers located in the counties on this website could be affected.

Soon, if the IP address of your browser session indicates you are located in a sanctioned region, we will prevent you from transacting with our wallet.

It's unlikely there are many stackers in these regions, but as we continue working on understanding the laws we are obligated to follow, we will provide you with as many services as we are legally allowed. In the coming weeks, we will begin introducing noncustodial wallet options among other things.

Zero privacy implications

We remain committed to never storing a stacker's IP address without permission. For these changes (when they go live), we simply check an IP against a database of IP ranges thought to belong to these regions and then discard the IP and the result of the query regardless of whether the IP is in one of these regions or not. Further, the IP range database is self-hosted so that your IP can't be stored by anyone else either.

All of this compliance stuff is free and open source like everything else so you can be reasonably certain we are only doing what we say we are.

view all related items

484 sats \ 20 replies \ @nemo 15 Dec 2023

deleted by author

44 sats \ 18 replies \ @Natalia 15 Dec 2023

I know what meme @DarthCoin will comment with, but I can't find it, can someone help

110 sats \ 16 replies \ @WeAreAllSatoshi 15 Dec 2023

something about k00b and ekzyis spying on stackers not using a VPN?

676 sats \ 14 replies \ @nemo 15 Dec 2023

deleted by author

10 sats \ 1 reply \ @Natalia 15 Dec 2023

@DarthCoin is currently not here and somehow he's everywhere:)!

20 sats \ 0 replies \ @nemo 15 Dec 2023

deleted by author

0 sats \ 11 replies \ @nemo 15 Dec 2023

deleted by author

77 sats \ 10 replies \ @Natalia 15 Dec 2023

cowboy credit circulation! not being like those freebies!:))

123 sats \ 2 replies \ @nemo 15 Dec 2023

deleted by author

21 sats \ 1 reply \ @Natalia 15 Dec 2023

year end is approaching, maybe we should work harder!

view replies

69 sats \ 6 replies \ @ek 16 Dec 2023 freebie

Damn freebies, they destroyed the freebie section!

0 sats \ 5 replies \ @Natalia 16 Dec 2023

deleted by author

view replies

0 sats \ 0 replies \ @Natalia 15 Dec 2023

YES!

93 sats \ 0 replies \ @nemo 15 Dec 2023

deleted by author

2 sats \ 0 replies \ @ek 16 Dec 2023 freebie

This freebie is also very happy for these kinds of updates :)

226 sats \ 0 replies \ @kepford 15 Dec 2023

Good ole OFAC! Appreciate the update.

272 sats \ 0 replies \ @SimpleStacker 15 Dec 2023

Curses! I was a foreign agent using SN to launder money by posting and zapping based content, and now my evil plans are ruined!

439 sats \ 12 replies \ @davidw 15 Dec 2023

Could not be any more responsible or transparent given the circumstances. I’m sure you hate that this is a thing.

Does this mean that each time someone zaps from one of those countries, they will create an invoice to pay via their own wallet? i.e. they can still go about using the site and without any other disruption? Do they also though lose access to rewards?

398 sats \ 4 replies \ @k00b OP 15 Dec 2023

Does this mean that each time someone zaps from one of those countries, they will create an invoice to pay via their own wallet?

We aren't sure what the limitations are yet, but we're hoping they might be able to still use the site non-custodially at least.

Do they also though lose access to rewards?

Also not sure. In general, it seems like we'll need a polyglot solution for compliance even for US customers (eg new york makes it nearly impossible to get a money transmitter license). Non-custodial peer matchmaking services are presumably compliant in the US, but that's a big UX pill to swallow for 10-100 sats. So we need to solve for a very unmotivated bitcoin curious nocoiner trying the site for the first time too.

We've been going over this repeatedly for a few weeks now. I'll write up our plans next week which aims to be such a polyglot approach.

407 sats \ 1 reply \ @davidw 15 Dec 2023

Makes sense. Not what you want when you're in a growth phase. And particularly not for those folks without a Lightning wallet or without Bitcoin knowledge.

If there's any silver lining, I imagine it focuses minds to a more non-custodial future & roadmap. Assuming there's anything ever to come from crappy legislation.

22 sats \ 0 replies \ @k00b OP 15 Dec 2023

I imagine it focuses minds to a more non-custodial future & roadmap

Yes, we're very excited about that!

43 sats \ 1 reply \ @Zepasta 15 Dec 2023

deleted by author

101 sats \ 0 replies \ @k00b OP 15 Dec 2023

Yep

276 sats \ 6 replies \ @WeAreAllSatoshi 15 Dec 2023

What about zapping content posted from those countries? Where do the sats go?

330 sats \ 5 replies \ @k00b OP 15 Dec 2023

They go to their account because we don't maintain any state about where a user is located we only check if/when they are transacting in a sanctioned region.

0 sats \ 4 replies \ @WeAreAllSatoshi 15 Dec 2023

Does that mean they can’t withdraw when they’re transacting from a sanctioned region, but if they changed to a non-sanctioned region, then they could withdraw?

54 sats \ 3 replies \ @k00b OP 15 Dec 2023

The way our code currently works, yes, but I'm not sure if that's compliant or not.

0 sats \ 1 reply \ @elysia 15 Dec 2023

What if someone is from a non-sanctioned country, and their VPN randomly selects a sanctioned country during an SN visit, would that permanently lock their account from withdrawing, even if they log in from a non-sanctioned country again?

0 sats \ 0 replies \ @k00b OP 15 Dec 2023

The thread you're commenting on describes that it doesn't work that way.

There is no locking. As described it prevents transacting.

0 sats \ 0 replies \ @WeAreAllSatoshi 15 Dec 2023

Makes sense 👍I’ll be interested to see how this evolves over time!

239 sats \ 0 replies \ @kr 15 Dec 2023

important to address, thanks for taking quick action here without compromising stacker privacy.

106 sats \ 0 replies \ @franzap 16 Dec 2023

Looking forward to the non-custodial options!

It sucks to have to comply with these retarded laws

100 sats \ 1 reply \ @duvel 16 Dec 2023

It seems the attacks on Bitcoin and Lightning are getting bigger with ever increasing insane bills and sanctions that only benefit the ones who wrote them and disadvantage those in the sanctioned countries. If the EU and other countries will follow then countries like Sudan and Zimbabwe on the list will have a hard time using Lightning for small payments.

I feel custodial Lightning solutions are not a good solution anymore. Great that SN is moving towards non-custodial wallets.

0 sats \ 0 replies \ @k00b OP 16 Dec 2023

100% regulators have been and will continue crushing custodial bitcoin

53 sats \ 7 replies \ @Zepasta 15 Dec 2023

deleted by author

53 sats \ 5 replies \ @WeAreAllSatoshi 15 Dec 2023

Sounds like it just limits wallet usage, not site usage

0 sats \ 4 replies \ @Zepasta 15 Dec 2023

deleted by author

21 sats \ 2 replies \ @k00b OP 15 Dec 2023

We have free posts and comments, but the answer to most of these questions are that I don't know.

100 sats \ 0 replies \ @WeAreAllSatoshi 15 Dec 2023

As always, we appreciate your transparency!

0 sats \ 0 replies \ @ek 16 Dec 2023 freebie

Listen to this non freebie @Onions

You're being an onion again

This freebie hasn't seen many onions doing PoW in his lifetime yet

0 sats \ 0 replies \ @ek 16 Dec 2023 freebie

now they will be forced to use noncustodial wallets,

Maybe that's a good thing in the long run?

This freebie wonders

0 sats \ 0 replies \ @ek 16 Dec 2023 freebie

But the real question is: do freebies know how to use VPNs?

47 sats \ 0 replies \ @go 15 Dec 2023

*countries

5 sats \ 0 replies \ @037447d9ca 16 Dec 2023

LOL imagine if Satoshi was obligated to follow the law. The problem is that SN is centralized. It cannot succeed long term this way.

121 sats \ 0 replies \ @petertodd 16 Dec 2023

Is is absurd that the US cares about some Russians potentially getting a few pennies from Stacker News, when Russia is still allowed to buy literally billions of dollars worth of western machine tools and supplies that go directly to weapons production.

121 sats \ 1 reply \ @pillar 16 Dec 2023

It's a sad day to be Cuban.

0 sats \ 0 replies \ @nemo 16 Dec 2023

deleted by author

21 sats \ 0 replies \ @notgeld 16 Dec 2023

I think I should ask for a discount for ~ru territory @k00b.

8 sats \ 3 replies \ @sudonaka 15 Dec 2023

WHO the fuck… VOTED FOR THESE LAWS??? Fellow Americans, we don’t live in a democracy.

It’s supposed to be a republic… IS IT STILL???

100 sats \ 0 replies \ @nullcount 16 Dec 2023

vOtE hArDeR

0 sats \ 0 replies \ @Undisciplined 16 Dec 2023

It's a Democracy, which means ruled by Democrats. The rest is just window dressing.

0 sats \ 0 replies \ @02dc6a50c1 15 Dec 2023

deleted by author

22 sats \ 1 reply \ @antic 15 Dec 2023

“If the IP…” act accordingly.

0 sats \ 0 replies \ @Zepasta 15 Dec 2023

deleted by author

0 sats \ 0 replies \ @ZenulAbidin 18 Dec 2023

So if there's a conflict in some region of a country, then everyone inside said country is going to be affected, despite only a handful of entities actually getting sanctioned...

This can easily wipe a lot of african countries off the lightning map.

0 sats \ 6 replies \ @sancristrader 16 Dec 2023

@k00b I'm not sure if you can talk about this freely, but did you suddenly do this because the government contacted you and forced you to do this, or because you wanted to become compliant, anticipating problems?

9 sats \ 5 replies \ @k00b OP 16 Dec 2023

No one contacted us, we just want to be compliant before we could get contacted.

10 sats \ 0 replies \ @jgbtc 17 Dec 2023

When it comes to bitcoin, no amount of compliance will be enough for them in the long run.

0 sats \ 3 replies \ @sancristrader 16 Dec 2023

From my experience running a bootstrapped company with 37 million users, such proactive policing is a waste of scarce resources.

12 sats \ 2 replies \ @k00b OP 16 Dec 2023

I agree it expends scarce resources.

Regulators seem very stirred up about bitcoin is our concern and OFAC related fines (not to mention legal) would kill us in our crib.

334 sats \ 1 reply \ @sancristrader 16 Dec 2023

I found this list but unsure if SN is big enough: I think there's somewhat practical and won't go after tiny volumes, unless something specifically pisses them off.

21 sats \ 0 replies \ @k00b OP 16 Dec 2023

Thanks for the link! That's sobering. It does seem like it's relatively uncommon to be prosecuted.

0 sats \ 2 replies \ @PlebeiusG 16 Dec 2023

Can you be open about exactly who is being sanctioned/censored on this platform? Can you at least do that?

201 sats \ 1 reply \ @k00b OP 16 Dec 2023

I'll give you all of the information I have when I have it and all of the relevant code will be open source.

334 sats \ 0 replies \ @PlebeiusG 16 Dec 2023

0 sats \ 0 replies \ @SovranSystems 16 Dec 2023

Thanks for the update!

Also, it is important to know if you register a "business" with the government (501(c)(3), Sole proprietorship, LLC, S-Corp, etc.) you will get RUGGED!!

You are signing your resources over to them and they now OWN YOU and they can do whatever they want to you as you are in their jurisdiction. You LOSE your rights.

Then when you use a lawyer, you are furthering your ownership by the government as lawyers always work for the state and the BAR. They do NOT work for you or do they care if you win or lose.

Please, we have to learn this lesson and STOP participating with governments.

Form your own private memberships, which keep you out of their jurisdictions and STARVE those FUCKERS out of existence.

Governments and their henchmen and women (Lawyers, judges, etc) are a cancer to humanity and if we don't learn our lesson, it will harm us tremendously.

You can call me dramatic , buy may I point you to history. History is a very good teacher.

0 sats \ 3 replies \ @JesseJames 16 Dec 2023

Who did you get the letter from?

10 sats \ 2 replies \ @k00b OP 16 Dec 2023

This is self-inflicted.

0 sats \ 1 reply \ @JesseJames 16 Dec 2023

why? something got you worried. C'mon, spill it...

10 sats \ 0 replies \ @Signal312 17 Dec 2023

Maybe the recent news from Wallet of Satoshi and Alby contributed to the worry.

0 sats \ 1 reply \ @Bitcoiner1 16 Dec 2023

That's a shame for the Venezuelan users.

0 sats \ 0 replies \ @k00b OP 16 Dec 2023

We're not sure if they're affected yet, but they could be

0 sats \ 0 replies \ @elysia 16 Dec 2023

Doesn’t money just make everything so complicated? We are just sharing ideas amongst friends.

0 sats \ 0 replies \ @random_ 16 Dec 2023

There is no escape.

0 sats \ 3 replies \ @orthzar 16 Dec 2023

Will the region be checked at the moment when someone tries to interact with SN's wallet? Or will each region the account ever signed-in from be stored?

This matters, because if the account signs in from Belarus just once, then the government could argue that the account is a Belarussian account.

0 sats \ 2 replies \ @k00b OP 16 Dec 2023

No, it is not stored.

We remain committed to never storing a stacker's IP address without permission. For these changes (when they go live), we simply check an IP against a database of IP ranges thought to belong to these regions and then discard the IP and the result of the query regardless of whether the IP is in one of these regions or not.

100 sats \ 1 reply \ @orthzar 16 Dec 2023

Just to make sure we are on the same page, my question is about regions not IP addresses. The part you quoted discusses comparing an IP address to a list of IP ranges. But that is not the same as comparing a region to a list of regions.

The government may be okay with SN not storing IP addresses. But they could demand that SN permanently mark an account as sanctioned if it ever signed in from any sanctioned region.

171 sats \ 0 replies \ @k00b OP 16 Dec 2023

Sorry, I did miss the nuance in your question.

We do not store the region either.

discard the IP and the result of the query [(aka region)] regardless of whether the IP is in one of these regions or not.

The government may be okay with SN not storing IP addresses. But they could demand that SN permanently mark an account as sanctioned if it ever signed in from any sanctioned region.

If we were doing that, I would say so. The government hasn't demanded anything to be clear. This is self-inflicted compliance in which we are trying to interpret the law to the best of our ability.

0 sats \ 22 replies \ @om 15 Dec 2023

Nostr is in the same boat. IMHO cashu (and later fedi) nutzaps are the way to go.

0 sats \ 13 replies \ @k00b OP 15 Dec 2023

Do you know if cashu supports offline receives?

100 sats \ 9 replies \ @om 15 Dec 2023

Not immediately, no, because there's no user auth in cashu by design (original Chaum's constuction involved accounts). But both lnurl-auth and nostr auth should give SN a pubkey that the zapper can encrypt with and the only thing that SN ever sees is an encrypted DM.

Unfortunately, users who log in via Google or Facebook will miss all the nutzaps.

0 sats \ 8 replies \ @ek 16 Dec 2023

But both lnurl-auth and nostr auth should give SN a pubkey that the zapper can encrypt with

That's not how encryption or secure encryption schemes work. You can't just use any pubkey and think, you can now encrypt anything with it and still pretend like it's secure. You just rolled your own crypto.

Unfortunately, users who log in via Google or Facebook will miss all the nutzaps.

Do we support Google or Facebook SSO? Since you sound like you think we do.

Please stop shilling cashu, I like cashu but you make it look bad, lol

0 sats \ 7 replies \ @om 16 Dec 2023

OK I will stop shilling cashu (and switch to shilling near-zero-fee Liquid clones) if you explain this to me:

That's not how encryption or secure encryption schemes work. You can't just use any pubkey and think, you can now encrypt anything with it and still pretend like it's secure. You just rolled your own crypto.

I suspect you're thinking of signatures: indeed, signing random shit with your private key just like that isn't a good idea. But suppose you publish a Nostr pubkey and I encrypt a DM with it (no signatures). How is this unsecure? Aren't gpg users always doing gpg --encrypt --recipient anyway?

100 sats \ 1 reply \ @tomlaies 16 Dec 2023

But suppose you publish a Nostr pubkey and I encrypt a DM with it (no signatures). How is this unsecure?

I'm not familiar with what cryptography nostr uses here.

But in general it's not a good idea to encrypt data with just any pubkey. It could (doesn't have to) be insecure in a sense of your DM might be decipherable for 3rd parties. It can't be insecure in a sense of threatening the secret key of the recipient, of course.

I'm not familiar with what cryptography Nostr uses here. But like @ekzyis mentioned: there are famous examples with RSA where weaknesses emerge when using the same key for encryptions and signatures.

0 sats \ 0 replies \ @ek 16 Dec 2023

I'm not familiar with what cryptography Nostr uses here

We're currently trying to move away from NIP04 which uses symmetric encryption with AES-256-CBC (absolute trash compared to industry standard) to NIP44. NIP44 just got audited.

But like @ekzyis mentioned: there are famous examples with RSA where weaknesses emerge when using the same key for encryptions and signatures.

Thanks :)

0 sats \ 4 replies \ @ek 16 Dec 2023

if you explain this to me:

That's not how encryption or secure encryption schemes work. You can't just use any pubkey and think, you can now encrypt anything with it and still pretend like it's secure. You just rolled your own crypto.

Have you asked yourself how encryption schemes are defined?

Since according to my understanding, encryption schemes always include a definition how the keys MUST be generated - even only idealistic ones that are only useful for theory, since they just say that they key must be random.

I mean: Do you really think I can use a RSA key in bitcoin which uses ECC?

How is this unsecure? Aren't gpg users always doing gpg --encrypt --recipient anyway?

I recommend looking up how PGP actually works.

I suspect you're thinking of signatures: indeed, signing random shit with your private key just like that isn't a good idea.

Nice assumption, lol, but I agree that this wouldn't be a good idea.

So please do some research before you try to shill anything and stop wasting our time.

It's also not too late to delete your comments and change your nym from @om to something else since I will remember your nym, lol

0 sats \ 0 replies \ @om 16 Dec 2023

I mean: Do you really think I can use a RSA key in bitcoin which uses ECC?

Who said anything about RSA?

I recommend looking up how PGP actually works.

This document is so old is doesn't have ECC. But gpg does in fact support ECC.

It's also not too late to delete your comments and change your nym from @om to something else since I will remember your nym, lol

Apparently in your fantasies you have won some cake but I'm still in the dark as to what the attacker is supposed to attack, exactly.

0 sats \ 2 replies \ @om 16 Dec 2023

The whole hierarchical deterministic wallet thing, as well as lnurl-auth, are based on the idea that PBKDF is random enough. The only thing that is actually random is the seed.

You have claimed insecurity but I still don't get who's the attacker and what information the attacker learns that he shouldn't have.

0 sats \ 1 reply \ @ek 16 Dec 2023

random != random

view replies

0 sats \ 2 replies \ @TonyGiorgio 16 Dec 2023

Yes, it's possible. And I'll be working on the fedimint version of this in a week or two.

Btw I've been testing all the fedinint v0.2 release candidates and it just dropped a few days ago. Offer still open if you want to play with it more.

0 sats \ 1 reply \ @k00b OP 16 Dec 2023

I'm open to it. I just don't know enough to say yes to the dress.

Has anyone wrote about these UX-related things in depth somewhere?

0 sats \ 0 replies \ @TonyGiorgio 16 Dec 2023

Would be happy to sit down with you next week or two to go through setting up a federation and interacting with it.

0 sats \ 7 replies \ @ek 16 Dec 2023 freebie

This freebie thinks that currently, Cashu is the opposite of what we want right now since it's custodial and private.

But what does this freebie know, I am just a freebie, we don't do much PoW...

0 sats \ 5 replies \ @02dc6a50c1 15 Dec 2023

deleted by author

21 sats \ 4 replies \ @k00b OP 15 Dec 2023

This is not live yet so your error is unrelated.

If you'd like help: Which withdrawal method are you using? QR? Which wallet?

If you'd like private help, message me on telegram, email me k00b@stacker.news, dm me on twitter/nostr, or message ekzyis on simplex.

0 sats \ 3 replies \ @02dc6a50c1 15 Dec 2023

deleted by author

1 sat \ 2 replies \ @k00b OP 15 Dec 2023

Okay I think I can recreate it. I'll let you know when I've pushed a fix.

33 sats \ 1 reply \ @02dc6a50c1 15 Dec 2023

deleted by author

99 sats \ 0 replies \ @k00b OP 16 Dec 2023

Fixed. Raincheck on the cock suckin.

0 sats \ 1 reply \ @DEADBEEF 15 Dec 2023

Called it last night. Apps and platforms that allow Bitcoin transactions are going to fall under severe government regulations :(

#353098

11 sats \ 0 replies \ @k00b OP 15 Dec 2023

0 sats \ 0 replies \ @elysia 15 Dec 2023

It's happening!