How The FTX Collapse Could Leave Blockfolio Users Exposed

This is an opinion editorial by Morgan Rockwell, creator of Bitcoin Kinetics.Im not interested in Sam Bankman-Fried presumably getting a loan from Alameda, which was in fact FTX customer funds wired through Alameda to be credited on FTX. Im not worried about the ethical compass of the star investors who provided billions to a kid they didnt truly comprehend or understand, yet backed with wealth and reliability. Im not really worried about the monetary and market impacts upon the many business, traders and exchanges who for some reason depended upon FTX in any form.Im most interested in Sam Bankman-Fried getting the individual recognition details of countless customers, and using that information to do chain analysis on the Blockfolio app he purchased which was utilized by numerous Bitcoiners and cryptocurrency holders as a tracking tool of Bitcoin, Ethereum and other watch-only cryptocurrency wallets.Source: Google Images If you arent mindful, Blockfolio was an app that was used by many Bitcoin holders and other cryptocurrency holders to keep an eye on the currency exchange rate or the prices of their coins held in freezer or on wallets that they just wished to be seeing and not have actively on a hot wallet on their mobile phone. Keeping the wallet addresses actually were not even required on the app. You might simply put in an amount of a particular cryptocurrency that you wanted to say and see that you had– however there was likewise a function to connect to exchanges to keep track of all of your coins throughout all of the exchanges you had them on in one app. This was the charm of Blockfolio as it didnt necessarily request too much personal identification details besides an e-mail to help track your account so you can log in from several gadgets. Many of us like myself ended up being conscious of Sam Bankman-Fried due to the fact that of the purchase of Blockfolio by a recently formed entity called FTX. Over numerous weeks the Blockfolio app was rebranded as the FTX app which now had its own exchange. It also had a brand-new set of Know Your Customer rules, Anti-Money Laundering policies, a brand-new Terms of Service, in addition to its own custodial wallet held by FTX, we assumed. Here you can see the Terms of Service at Blockfolio from June 30, 2017: Source: Blockfolio Privacy Policy 2017Blockfolio avidly argued that they were not and would never sell user information. Blockfolio even attempted to de-identify users with a hashing mechanism for IDs to not even let themselves determine and connect user portfolios to email addresses; this obviously never taken place after the purchase and improvement into FTX.Here you can see the plain distinction in the new FTX Privacy Policy: Source: FTX Privacy Policy 2022Here is what little is discussed about individual recognizable information within the FTX Terms of Service, which is a different file than the Privacy Policy.Source: FTX Terms Of Service 2022For referral, if you have never read a Terms Of Service or Privacy Policy of a business previously, I highly suggest you grab a strong beer and enjoy this word soup!This all has actually brought up concerns around this merger and the acquisition that occurred in the cryptocurrency market just a few years earlier. I am concerned because after the fallout of this exchange, FTX declaring bankruptcy and all of its assets potentially being set up for auction, I want to understand the state of the individual identification info that FTX had been forced to collect due to the fact that of KYC and AML laws. My concern is the huge quantity of details gathered consisting of passports, telephone number, IP addresses, home addresses, cryptocurrency wallet addresses, email addresses, passwords and federal government IDs. All of these might be offered at auction as customer information or client profiles to whoever discovers them valuable. Source: FTX Privacy Policy (disclosure in case of merger, sale, or other possession transfers)Now the assets held by FTX whether they were actually real cryptocurrency such as bitcoin or made up tokens constructed on another layer one network such as ethereum are not too essential in this discussion in my opinion. What is important is the data, the personal privacy data, the data mining operation that might have or will be done on all of this information FTX had actually collected on consumers either it was done by them or it will be done by whomever purchases this data at auction. A lot more so, the jurisdiction of that data is open to anywhere on earth.Source: FTX Privacy Policy (worldwide data transfers)As someone who has personally dealt with coin analysis ideas and innovation for the United States Military, along with sought advice from on this for the Department of Defense as a so called “subject matter professional,” I can personally testify that it is extremely simple to correlate an individual to their Bitcoin wallet address using nothing more than the quantities of bitcoin hung on particular addresses, in addition to the gadget information that is keeping track of those particular quantities on particular addresses– this is simple SIGINT, MASINT or HUMINT, all of which are various types of intelligence gathering.Source: Wikipedia Search For HUMINTIf you are tracking any bitcoin on any wallet over any Bitcoin explorer that is browsed an internet browser or app on any device, phone, tablet or laptop, there is now a record that will be connected to the IP address, the MAC number, the SIM phone number, the VOIP number, credit card number, house address and any other individual determining details that is attached in any method to this gadget. I understand this since Edward Snowden leaked files revealing that the NSA had a program called XKEYSCORE and applications were utilized like OAKSTAR and its subprogram MONKEYROCKET to particularly keep track of Bitcoin users at the NSA.Source: https://theintercept.com/2018/03/20/the-nsa-worked-to-track-down-bitcoin-users-snowden-documents-reveal/Now what Im getting at is this information that FTX was forced under AML and KYC law to be collected. This is possibly one of the largest events of this type of information in the cryptocurrency market ever performed in history. This data, combined with coin analysis details related to bitcoin, ethereum and other cryptocurrency quantities being tracked by the previously entitled Blockfolio app has actually produced a scenario where KYC data personal determining information can be now superimposed over Blockfolio e-mail addresses, UTXOs and see addresses that plenty of people utilized on Blockfolio without any individual info being disclosed to the app.So this indicates that people that used Blockfolio to keep an eye on the amount of cryptocurrency they had, wished to buy or were tracking for whatever factor will now be able to be associated to very detailed individual identification info. The concern I have is not whether FTX and its hundreds of subsidiaries were keeping track of this info from Blockfolio or using it in any way, but that their huge brand-new swimming pool of customer information and information will be binded in the future to the Blockfolio information. I dont assume FTX was smart enough to do this for any purpose such as advertising, or data showing a hedge fund like Robinhood was captured doing, however I do presume that they might have considered offering this data to police, to marketers or to actors in the intelligence community as SBF stated there was an open door to regulators and police at FTX.What we need to think about now is when the assets of FTX go up for auction, which they will, that not just the digital currencies and tokens as well as the licenses will be sold to some new celebration, however it will be the consumers themselves, individual determining information and the enormous information mining that might have been or will be done with that data.I was never ever an FTX user, I never created an account with FTX or FTX.us and I never wired any money to Alameda. Unfortunately, because of my longevity in the Bitcoin area, I used Blockfolio like numerous Bitcoin users prior to me to monitor the amounts of Bitcoin I had in several areas and their overall worth. Now that data that I thought was personal will be linked to KYC data of anyone I understand, interacted with over a wire and any gadget they used, particularly if through several connections it leads back to FTX in any way.What we need to do now is ask the serious questions and not focus on the monetary commitments or mishandlings of SBF and FTX. We must ask who has this data? What has been done with this information and who will be owning this information in the future? The reality is FTT liquifying into nothing isnt a “Force Majeure Event,” so most of the users are screwed.Source: FTX Terms Of Service 2022If this at all issues you or involves you, I would recommend all of us find the proper channels to safeguard ourselves from the worst case situation from this fallout of information. This is the biggest problem with KYC and AML laws, since after all of this financial chaos, there is now a criminal-run exchange that remains in possession of millions of peoples individual information about their gadgets, their houses, their financials and more, all readily available to the highest bidder.Notes: The Blockfolio TOS & & Privacy Policy go to dead links on the FTX.com site, but I discovered a 2017 version.You should sign in through Zendesk to see the missing Blockfolio TOS/PP along with the new FTX TOS/PP which means I had to provide an e-mail and PPI to even see the documents.This is a visitor post by Morgan Rockwell. Viewpoints expressed are totally their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Blockfolio even attempted to de-identify users with a hashing system for IDs to not even let themselves connect and determine user portfolios to email addresses; this apparently never taken place after the purchase and transformation into FTX.Here you can see the plain distinction in the new FTX Privacy Policy: Source: FTX Privacy Policy 2022Here is what bit is pointed out about personal recognizable details within the FTX Terms of Service, which is a various file than the Privacy Policy.Source: FTX Terms Of Service 2022For referral, if you have never read a Terms Of Service or Privacy Policy of a business in the past, I strongly suggest you grab a strong beer and enjoy this word soup!This all has brought up concerns around this merger and the acquisition that occurred in the cryptocurrency market just a few years ago. What is important is the information, the personal privacy data, the information mining operation that might have or will be done on all of this information FTX had actually gathered on customers either it was done by them or it will be done by whomever purchases this data at auction. Even more so, the jurisdiction of that information is open to anywhere on earth.Source: FTX Privacy Policy (worldwide information transfers)As somebody who has personally worked on coin analysis principles and innovation for the United States Military, as well as sought advice from on this for the Department of Defense as a so called “subject matter expert,” I can personally confirm that it is very easy to associate an individual to their Bitcoin wallet address using absolutely nothing more than the quantities of bitcoin held on particular addresses, as well as the gadget information that is keeping track of those specific amounts on specific addresses– this is simple SIGINT, MASINT or HUMINT, all of which are different forms of intelligence gathering.Source: Wikipedia Search For HUMINTIf you are keeping track of any bitcoin on any wallet over any Bitcoin explorer that is looked through a browser or app on any gadget, phone, laptop computer or tablet, there is now a record that will be connected to the IP address, the MAC number, the SIM phone number, the VOIP number, credit card number, house address and any other individual recognizing info that is attached in any way to this device. I do not assume FTX was intelligent sufficient to do this for any function such as marketing, or data sharing with a hedge fund like Robinhood was caught doing, however I do presume that they may have thought about selling this data to law enforcement companies, to marketers or to stars in the intelligence community as SBF said there was an open door to regulators and law enforcement firms at FTX.What we require to believe about now is when the assets of FTX go up for auction, which they will, that not just the digital currencies and tokens as well as the licenses will be offered to some new party, but it will be the customers themselves, individual identifying details and the massive information mining that could have been or will be done with that data.I was never ever an FTX user, I never developed an account with FTX or FTX.us and I never ever wired any cash to Alameda. Now that data that I thought was personal will be linked to KYC information of anyone I know, connected with over any gadget and a wire they utilized, particularly if through several connections it leads back to FTX in any way.What we require to do now is ask the severe concerns and not focus on the monetary obligations or mishandlings of SBF and FTX.