 How to check if the Bitcoin address is blacklisted through government sanctions or stolen Bitcoin? This is the question that comes from Mikal. In 2017, I read that official government sanctions blacklist includes Bitcoin addresses. There have been several big exchange hacks as well with stolen Bitcoin. Another exchange claims that they won't allow to trade the stolen Bitcoin. Some people got their exchange account closed abruptly after depositing tainted Bitcoin. How can one protect themselves against these kinds of risks when using Bitcoin? First of all, let's talk about sanctions lists. The US Treasury, the Department of the Treasury, which manages these things, maintains a sanctions list under the OFAC designation, the Office of Foreign Accounts. OFAC, O-F-A-C, keeps a list of designated persons or entities, that means companies or individuals, that the US citizens are not allowed to send or receive money. If I make a payment to someone, I always have to check their name against the OFAC list. That's a requirement for any individual in the US. Now, if you do a bank wire transfer, your bank does that for you very conveniently. They don't actually tell you, they just don't do the wire, and then you spend weeks trying to figure out why not. Otherwise, you have to do it yourself. If you're using something that's outside of the banking system, like a cryptocurrency, you have to do these checks yourself by law. I don't have a way of checking Bitcoin addresses, because interestingly enough, while OFAC has blacklisted some addresses, they don't list the specific Bitcoin addresses in the public database that's available, so I check for people that I'm sending to not the addresses. That's the best you can do. Now, there may be other blacklists that various exchanges use. One of the big dangers of blacklists is that they don't work. From a practical perspective, they simply don't work, and they don't work for two reasons. One is that the cost of propagating and maintaining a blacklist is very, very large, where the cost of generating a new address is zero. An individual can write a script that generates a billion addresses an hour, and the blacklist can't keep up with that rate of address generation. There's no way to predict what the next address in a hierarchical wallet might be, so you don't even need to generate a new wallet, you can just keep generating addresses. If some of the blacklists an address, that doesn't mean they've stopped a person from receiving crypto at all. It simply means they've blacklisted one address. This is a legalistic technique. It has nothing to do with technology. As technology, it's not effective. It's only effective as a legal threat. It's mostly symbolic. It's also not workable, because in order to maintain a blacklist, you have to constantly update it. Mistakes can happen, and it's very easy to create a situation where people's addresses are accidentally blacklisted, and then you have a blacklist that doesn't work. Exchanges do use blacklists, and they use them by subscribing to feeds from surveillance companies, and then feeding back data to the surveillance companies. Surveillance companies that operate in our industry, in my opinion, are the lowest scum of the earth. They're commercially profiting from violating the privacy of millions of people without you-process, without probable cause, outside of the legal systems of any country, and in a way that erodes democracy and privacy for everyone, but enriches them. Scum, as I said before. I've made that opinion very publicly. There's no way to really protect yourself against tainting addresses by watching these blacklist and figuring out if you received or didn't receive from a specific individual. What you can do, however, to avoid getting caught up in some ridiculous blacklisting scheme, is simply to use a different wallet when sending money to an exchange. An exchange has to have a certain look-back, meaning that when they receive money, they can look at the address that's sent to them, and then the address that's sent to that address, and the address that's sent to that address, so they can track backwards the sources of funds. But they can't do that very effectively more than a few hops. First of all, because the number of addresses becomes very, very high if you go back several hops, because every output can have multiple inputs coming into it, so all of those need to be checked. Then each one of those can have multiple inputs. This creates a very rapidly exploding exponential tree of addresses. The other thing, of course, is if they do four look-ups back, and you move your coins to a different wallet of yours, five different address times, then you've passed the look-out, and your coins can't be tainted anymore. If they use five look-ups, you use six. If they use six, you use seven. If they use seven, you use eight. For every number of look-ups, their number of addresses they have to check increases at a nonlinear rate, and your cost increases zero. So this is why blacklists in the big sense do not work. They're a legalistic scheme. They're a way for exchanges to cover their ass. They're not a way of achieving law enforcement or stopping criminals, or anything like that. On the side of the regulators, it's about symbolically flexing power in the most impotent way, when confronted with a technology that is gloriously complicated for their minds, and does not fit into any of the preconceived legal constructs, and for exchanges to cover their ass so they don't get in trouble with the clueless regulators. For everybody else, it's a small hassle that you can work around, so work around it. If you don't use exchanges, this becomes much less of a problem. Remember, the number one rule is, earn it, don't buy it. Also, of course, not your keys, not your coins, but you already know that. Amber asks about regulation and building unstoppable code. What does it mean to build unstoppable coal? Sorry, let me start again. What does it mean to build unstoppable code? In a world where the FATF has recommended AML, KYC, for dealers in virtual assets, and G20 countries have committed to doing so within a year, is there a fundamental difference between writing code and creating a business? What a great question! Yeah, there's a massive difference between building a business and writing code. First of all, code is a purely expressive activity, and there are a number of legal precedents, especially in the US, but in most countries, where the production of software is a form of speech, meaning that writing code is covered under freedom of expression by the First Amendment of the US Constitution, at least. That's not something you can simply legislate away. They can't just write a law and say, oh, by the way, crypto-code doesn't count as free expression. That causes all kinds of problems across the computer industry, and there will be a lot of resistance. Also, it's unlikely to pass constitutional scrutiny. Creating liability for programmers for the code that they've written has been a topic of discussion now for 20-25 years, especially with the rise of the internet, and it's gone nowhere. The reason it's gone nowhere is because it's almost impossible to enforce and purely symbolic in nature, even if somebody decided to try to legislate in that direction. It wouldn't work in the US, not without some serious revision of the Constitution. As a result, writing code, writing unstoppable code, well, that's not really regulated by the FATF. The people writing the code are not the people doing financial transactions. The FATF applies to organizations that are exchanging fiat for crypto or crypto for crypto, and transmitting with custodial control to other exchanges. They want everybody to collect AML, KYC information, which means know-your-customer information, on every transaction in crypto. How do I put this delicately? Stupid. It's stupid. The reason it's stupid is because what you're asking these organizations to do is, as a small, underfunded startup, that most of these exchanges are, you're asking them to control and collect privately identifiable information on every customer. What's going to happen? That information is going to leak. It's not going to stop any crimes. It's not going to produce any real money laundering protection. But it is going to cause a lot of identity theft and identity leaks and violate the privacy of millions. Once again, that is the case. What do these regulations achieve? Not much. They don't apply to writing unstoppable code. What they do is they mean that centralized businesses in crypto are at a huge disadvantage, because they will come under enormous pressure to apply traditional bank regulations to an amorphous, quickly-moving, very, very flexible technology that operates on a global basis, which is a losing game. It's simply going to mean that it's going to be impossible for the exchanges to comply, or they have to limit their business model. What they're hoping is that they can paypalize the cryptocurrency systems. They want to turn cryptocurrencies into PayPal. This worked with PayPal. PayPal started out very open and very radical, and then gradually got turned into a bank by applying more and more regulation. They're hoping they can do that to crypto, too, and they started the edges. The problem is they can't touch the center. There is no center. So this won't work. Try again.