Cashu: This will allow integrating Ecash into existing KYC/AML infrastructure \ stacker news ~bitcoin

Cashu: This will allow integrating Ecash into existing KYC/AML infrastructure twitter.com/CashuBTC/status/1791001643019809146

2665 sats \ 27 comments \ @Scoresby 16 May bitcoin

What are your feelings about cashu mints that kyc? I'm assuming that this would be used in an exchange context or some situation where the mint has exits to traditional banking?

Full tweet thread:

Reminder that Cashu mints have built-in safety measures to ensure that your mint can't be abused. Nutshell limits the maximum balance, size of peg-ins and peg-outs, and request rate limits.

And there is a lot more to come! You should have full control for your specific use case.

Check out the Nutshell configuration for safety limits: Link to nutshell

We will be adding optional authentication to the protocol that allow services providers to precisely limit access to their mint. This is one of the most-requested features from regulated entitites.

This will allow integrating Ecash into existing KYC and AML infrastructure.

view all related items

628 sats \ 0 replies \ @anon 18 May

Reading the comments here, it feels like there is a lot of FUD around this topic.

first of, the core protocol of cashu does not change. So a mint can chose to continue working without authentication.

it is an additional feature that mints can opt in if they need to.

the reason this gets added as a protocol extension is the following:

some usecases require auth.
a lot of people/orgs want to run an ecash mint, but not one that is open to everyone.
sometimes it makes sense to restrict certain actions (for example if you want to limit minting to certain parties)

Auth is needed to achieve this. Normal ecash mints that don't need these features don't need auth.

Making auth a protocol extension limits protocol fragmentation (because otherwise wallets and mints would just implement their own auth schemes) and allows wallets and mints to continue being compatible across the board

44 sats \ 0 replies \ @OT 17 May

I thought it wasn't possible to even see who was joining and exiting the mint.

138 sats \ 0 replies \ @harrr 16 May

Privacy seemed to be the main selling point of ecash..

30 sats \ 0 replies \ @notgeld 17 May

I realized that "friends and family" solutions are irrelevant for something what wants to be money at the end of the day.

Also what's the point in "private" tokens if anonymity set is small.

218 sats \ 0 replies \ @clr 16 May

So the cashu tokens are not real bitcoin, you have to KYC, and you have to safekeep the private keys. All the disadvantages of a CEX/bank with the disadvantages of self-custody combined in one package. Why would anyone want this?

70 sats \ 1 reply \ @rblb 16 May

They seem a bit too eager to integrate with KYC, this is becoming suspicious.

6 sats \ 0 replies \ @justin_shocknet 16 May

ECash has always been EDollar astroturf funded by NGOs

145 sats \ 2 replies \ @Natalia 16 May

What are your feelings about cashu mints that kyc?

Feeling strange, and why on earth do people want to join the KYC mint - isn't Bitcoin meant for leaving the cage, why going back now?

https://primal.net/e/note1glnwwkfh6qg3kml4f05hhhpsrf56stmpprryushxeshyvy76yp9s89ex3e

217 sats \ 1 reply \ @Scoresby OP 16 May

Yes, in general I feel like "kyc is the illicit activity" and giving any ground on this front seems bad.

On the other hand, I didn't build cashu. The people who did have every right to build it however they like. And they probably have more insight into what their customers want than I do.

It struck me particularly strong me in light of the Tornado Cash ruling where it said the developers didn't build AML/KYC into the contract when they could have and so were culpable.

158 sats \ 0 replies \ @Natalia 16 May

For me, as a customer is more like - why do you need to know so much info? Is it even necessary?

And from what I've learned and playing around, this ecash was supposed to be more private and more accessible for new users, not sure it would be a nice start if ppl come and then required all sorts of information to start.

On the other hand, I didn't build cashu. The people who did have every right to build it however they like. And they probably have more insight into what their customers want than I do.

indeed, just trying to understand the whys.

27 sats \ 0 replies \ @anon 16 May

I'll NEVER use a kyc mint. Some non-kyc mints will exist and charge fees. I'll pay the fees.

38 sats \ 0 replies \ @Design_r 16 May

not sure it make any sense... wasn't ecash a way to be private/anonymous?

127 sats \ 0 replies \ @fixthemoneyfixtheworld 16 May

This seems like a bad idea.

127 sats \ 3 replies \ @k00b 16 May

I'm not sure an ecash mint can comply with the law even if they wanted to. Custodians require KYC because they are obligated to report someone when their activity is suspicious and must attempt to prevent further suspicious activity. I guess you could detect suspicious activity on inramps and outramps to the mint? I'm not sure that's full regulatory cover, but for appearance's sake this could do wonders.

I suspect this is mostly to provide protection to cashu's developers. If a cashu mint gets indicted, the cashu developers can claim they gave them the best compliance tools possible with ecash.

117 sats \ 0 replies \ @clr 16 May

I suppose the mints could require authentication every time you make a transfer outside the mint via Lightning. I am not sure how ecash works, but maybe they could also require authentication every time you transfer ecash to someone else.

But maybe it's just a way for the developers to protect themselves after the Tornado Cash issue. It's also a great reminder that the mint can rugpull or shotgun KYC anytime. Every day I am liking less and less this whole ecash thing. Please change my mind if I am wrong.

100 sats \ 1 reply \ @Scoresby OP 16 May

Yeah, @Natalia linked in her comment to this explanation by calle on nostr.

On privacy: this hurts privacy for peg-ins and peg-outs for example. Even if there was full KYC, ecash is still a lot more private than a normal custodian. The provider doesn't have a view into your wallet, can't take your ecash, and can't stop you from transacting with others.

So it sounds like you are correct.

237 sats \ 0 replies \ @emmanuelrosa 16 May

I keep noticing these half-truths, such as: "...and can't stop you from transacting with others."

A mint can't stop you from transacting with others WITHIN THE SAME MINT.

cashu tokens are only valid on the mint they are minted on. If I take a cashu token from mint A and try to use it on mint B, such as sending it to another user, that token will not work. Some kind of on/off ramp, such as Lightning, is required to transact across mints. Those ramps are the chokepoint.

This can work out in a different way too. User A invites use B to a KYC mint in order to pay for goods/services. User B accepts the invitation to add the mint (to get paid) only to discover that a KYC process is required. User B is from a sanctioned country, so... that's not gonna happen. User B goes home empty-handed.

127 sats \ 4 replies \ @RedRadish688 16 May freebie

Pretty disappointing considering this guy has been appearing everywhere the last months with a mask, hiding his identity and pretending to be a privacy advocate. But yes, might be a strategic move, considering the recent attacks on privacy enhancing services. Will see how it plays out.

27 sats \ 3 replies \ @tolot 18 May

This is not the point, sorry. Ecash is a technology to improve tremendously custodianships, thus KYC is only a matter of time. Also fiat shitcoins have some ecash projects out there, that are LESS privacy oriented. Therefore the adoption of Cashu in a fiat shitcoin environment is still better than the current system and the goal of Cashu has always been to improve privacy with custodians. I cannot see an issue with this protocol extension...this will not be enforced by default, it's simply a feature for mints that want to use it because of regulatory needs.

0 sats \ 2 replies \ @RedRadish688 19 May

So what is not entirely clear to me, what does this protocol change involve?

Just support for a general authentication mechanism, like e.g. we have basic auth in the http protocol? Or
more general functionality to perform kyc / aml procedures at the protocl level?

Case 1. sounds ok to me, there can always be a reason for a mint to want to restrict access only to certain users. Case 2 would go little bit too far for me, even if exchanges demand it, it still doesn't mean that a privacy activist should comply proactively and add support for this at the protocol level, even if its optional.

0 sats \ 1 reply \ @tolot 19 May

Case 1 is the thing here. Just support for authentication mechanisms.

0 sats \ 0 replies \ @RedRadish688 19 May

ok, that sounds fine. Thank you for the clarification.

17 sats \ 0 replies \ @erict875 16 May

If you have been following the recent events, then this move should not be a surprise. Anyway, what counts is that Cashu is a protocol, and you can decide to implement/configure your mint application with or without KYC/AML requirements...

17 sats \ 0 replies \ @BitcoinAbhi 16 May

I can just say I cat get alongwith this. KYC is propoganda by state. I believe true decentralisation.

17 sats \ 0 replies \ @oomahq 16 May

I don't get why so many people are surprised. Ecash is custodian technology, therefore it was always a matter of time until it grew KYC prongs.

Regardless of how many mints will want to use them, but seems obvious there'll be demand.

17 sats \ 0 replies \ @MartinTheWanderer 16 May

"One by one, the free Lands of Middle-Coin fell to the power of the KYC. But there were some who resisted. A last alliance of unKYCked and anons marched against the armies of the fiat orcs..."

The nutters are obviously not one of those. RIP

17 sats \ 0 replies \ @TNStacker 16 May

Sheep want to be herded