Is anyone keeping track, using on-chain analytics, of how many people are doing this idiotic EU "satoshi test"? E.g, Kraken describes the procedure here, presumably other exchanges use variants, which makes for great fingerprinting.
https://support.kraken.com/hc/nl/articles/what-is-a-satoshi-test
cc nostr:npub1m0n0nautpnk0jntmg89kgjucfwygrsppcpf963um5eqkjehqwess7rd0un
JFC 🤦♂️
I guess they don't use signing messages because most wallets don't offer it.
Yeah, my guess is that they picked the Satoshi Test because it's the only one they can automate without human interaction. Otherwise they need to hire a lot more support staff.
Signing messages also has that property though, technically. I guess you mean that, in practice, it needs human intervention, for the reason i mentioned above.
Until wallets broadly support it, asking for signed messages will be a a support nightmare. Especially because this verification process is triggered _after_ a deposit takes place, at which point it's late to tell the user they should used a legacy base58 address.
Ironically, as easily as lazy corporations can automate this compliance procedure, it's just as simple for an adversary to automate the act of complying with it.
The most insane part IMHO is they demand the satoshi test even when you send BTC to an exchange. As if by being able to move the UTXO to the exchange I didn't already prove to be the owner JFC
None of the methods listed by EMA prove anything (as I told them in my email). They're completely pointless rituals. But this method is actively harmful.
None of the methods listed by EBA prove anything (as I told them in my email). They're completely pointless rituals. But this method is actively harmful.
Using ETH as an example to the Satoshi test just typifies how far we've strayed from God's light.
Plus, they're literally intending to tax you for signing a message you from 2 wallets one must have constructed with separate entropies.
The travel rule is a joke and definitely implemented by people who lack understanding of math.
So, if this is required, you can't send to, say, your custodial account at Coinbase?
For sending between custodians (VASP) there's a separate process. How exactly they know which destination or origin address is which other VASP is a can of worm I don't even want to look inside of.
Also, if you're a cat and need to eject a hairball, google "eu travel rule compliance software".
Okay, so pay-join or coinjoin in and out of a decoy address?
Think that'll fly?
EU law requires them to block* deposits from coinjoins**.
* = whatever that looks like, presumably just close the account and tell the user to provide a refund address
** = if detected
Wasn't sure that applied to withdrawals, thought if was just for deposits to the exchange.
Which law is that?
Not sure which exact one, either MiCAR or something passed around the same time: https://www.investopedia.com/news/what-does-increased-government-regulation-mean-privacyfocused-coins/#:~:text=In%20the%20European%20Union%20in,or%20purchased%20via%20their%20services.
The MiCa rules,... The ones I've been covering for 3 years on my podcast and such.. and where no one had any opinions about in the EU until they have to take this moronic test. :)
I find it also funny they don't address the chicken-and-egg problem I am seeing of having to verify a new withdrawal address, which, of course, doesn't have any balance to do the test with in the first place. I'm assuming 'sometimes' (because they say 'might be') the satoshi test won't be needed? Just describe that situation and don't let us assume anything, but that's probably too logical...
From what I've seen on Reddit, they solve the chicken-egg problem by having you buy some crypto (with fiat, below the threshhold amount), withdrawing it and then sending it back.
I can imagine that if you contact support they'll eventually offer another solution, but they could make you wait for weeks while your funds are stuck.
By solve I mean "solve",
Which means you've now gone from one deposit that doesn't stand out much on chain, to a very obvious pattern of receiving sats from the exchange and sending them back, all using the same address. Plus your bank sees a small transaction going to an exchange and a large one coming back, which might trigger their alarm and they hold you fiat ransom too.
And of course this fiat transaction pattern tells your bank that you're a self-custodial person.
For entirely new customers this is of course, are they assumed to get some balance from somewhere else, for the test?
European degeneracy
