More-so than that, I see a conflation and confusion on the different stakeholders and components of Tornado Cash, on both sides of the ML/privacy split you describe.
Note that the TC smart contracts are completely autonomous now (no entity with privileged permission or receiving a fee). They are truly non-custodial and necessary functionality is either executing on-chain or locally on the client.
So a user can make full use of tornado cash suite (smart contracts + UI) without ever having to interact with or pay a fee to anyone involved in the project.
Now, if a user withdraws manually, they will still need to submit a withdraw transaction and pay some ETH for gas (transaction cost), which will link that ETH with the withdrawn funds. So there is a chicken-and-egg problem here. To solve this, the UI integrates with a network of relayers who will facilitate the withdrawal transaction and cover the gas for a percentage fee. Relayers aren't hardcoded in the UI or smart contract and users can choose their own third-party relayer. The relayer network is permissionless and autonomous as well - anyone who sets up the software and commits enough funds will be one. In newer versions of the TC UI, only relayer nodes which have staked a minimal amount of TORN tokens are showed for selection, and there is a ranking and preference of relayers who have higher amounts staked.
This relaying, on the other hand, can absolutely be seen as a service. There could be a case for ML to have against that network of relayers. And potentially (though this is new territory for courts I think) TORN token holders and/or governance participants. This clear separation between the components and stakeholders and the removal of the need of privileged actors is precisely what makes TornadoCash different from legacy mixers.
I think it's very unfortunate that even people in the space characterize this TC as such as a "service", as I think it's best viewed as "not a service" - to this point, there are no service providers apart from the serving of the self-hostable client web UI. Which is optional. It's hard to tell in which cases this is a conscious oversimplification and in which cases people aren't aware of the nuance.
If I'm allowed to make a rough comparison from the best of my understanding to Bittorrent for those who remember the TPB saga:
Ethereum nodes: Bittorrent DHT
Tornado Cash UI: Bittorrent client in a web UI
Tornado Cash smart contracts: software executing in the "DHT" (by every node)
Relayer server-side API (old UI): Bittorrent tracker
TORN DAO smart contract (new UI): Bittorrent tracker, except there's no server anymore and it all executes in the DHT
Having the DHT stand in for blockchain is not fully accurate of course but should hopefully get the major point across. Makes sense?
> Person that has worked on the defensive side of Money Laundering here.
Would love to have a follow-up from you with thoughts on the above.
I think mainly that I do not envy the lawyer that has to make the service argument.
We could get lost in the technical details of why it is or isn't a service but ultimately they only need to prove that x person of the project knew about the issues, could have done something about it (like shut it down), and didn't do enough.
It was just the one contract wasn't it? i.e. someone was responsible for deploying the contract that inputs and outputs the blending between addresses. In this scenario, the other permission less stuff is theatre.
My understanding is that a good chunk of the TORN tokens issued by "DAO" are earmarked for developers of TC, and these token could be sold for money, etc.
Plus the initial developers could run relay nodes to make money, and can even do it in a way that is basically impossible to prove, by using TC itself when withdrawing the profits made by their relay nodes. Back before sanctions, even at a centralized exchange, nobody would think anything is odd about TC developers exchanging out coins previously transferred through the TC system. After all they care about privacy and don't want people to be able to trace back to all their previous transactions.
They profited from issuance of the TORN token but they did not take fees out of every deposit. Relayers are the ones who receive fees for withdrawals (about 0.1 ETH) and depending on your point of view could be unlicensed money transmitters (and if they are still operating after Tornado was designated then sanctions violators).
Note that the TC smart contracts are completely autonomous now (no entity with privileged permission or receiving a fee). They are truly non-custodial and necessary functionality is either executing on-chain or locally on the client.
So a user can make full use of tornado cash suite (smart contracts + UI) without ever having to interact with or pay a fee to anyone involved in the project.
Now, if a user withdraws manually, they will still need to submit a withdraw transaction and pay some ETH for gas (transaction cost), which will link that ETH with the withdrawn funds. So there is a chicken-and-egg problem here. To solve this, the UI integrates with a network of relayers who will facilitate the withdrawal transaction and cover the gas for a percentage fee. Relayers aren't hardcoded in the UI or smart contract and users can choose their own third-party relayer. The relayer network is permissionless and autonomous as well - anyone who sets up the software and commits enough funds will be one. In newer versions of the TC UI, only relayer nodes which have staked a minimal amount of TORN tokens are showed for selection, and there is a ranking and preference of relayers who have higher amounts staked.
This relaying, on the other hand, can absolutely be seen as a service. There could be a case for ML to have against that network of relayers. And potentially (though this is new territory for courts I think) TORN token holders and/or governance participants. This clear separation between the components and stakeholders and the removal of the need of privileged actors is precisely what makes TornadoCash different from legacy mixers.
I think it's very unfortunate that even people in the space characterize this TC as such as a "service", as I think it's best viewed as "not a service" - to this point, there are no service providers apart from the serving of the self-hostable client web UI. Which is optional. It's hard to tell in which cases this is a conscious oversimplification and in which cases people aren't aware of the nuance.
If I'm allowed to make a rough comparison from the best of my understanding to Bittorrent for those who remember the TPB saga:
Having the DHT stand in for blockchain is not fully accurate of course but should hopefully get the major point across. Makes sense?> Person that has worked on the defensive side of Money Laundering here.
Would love to have a follow-up from you with thoughts on the above.