Comment on page
To protect against terrorist financing, black-hat hacks, and other forms of crime, we put in place rate limits and filter out high-risk deposits. Depositors do not divulge any additional information beyond what already exists on-chain. Additionally, there is no custody risk—at no point are Nocturne or any of the system's offchain actors able to freeze or redirect user funds.
Deposit Filtering: Using public on-chain metadata and analytics tools like TRM, we filter out deposit attempts from high-risk addresses.
Time Delays: Incoming deposits must wait several hours before being completed. This is meant to give backend tools time to catch up to the most up-to-date on-chain data regarding certain risk factors.
Per-Address Rate Limits: Each address will have a default rate limit for how much it can deposit each day.
Global Rate Limits: The protocol will have a daily global rate limit for deposits across all address. Combined, the global and per-address rate limits create high friction for widely accepted illicit actors like protocol hackers.
The longer-term vision for Nocturne is a more permissionless account layer that makes privacy maximally accessible to normal users while increasing the friction for actors widely accepted to be illicit. We believe proof of innocence (as proposed in the Practical Privacy & Compliance paper co-authored by Vitalik Buterin) is one of the strongest paths forward that retains nearly full permissionlessness.
Due to current technical limitations and the overhead of maintaining an up-to-date deposit/note whitelist, we have currently opted to leave the full implementation for recursive proof of innocence for a later version. Our current work with deposit filtering will serve as training wheels for proof of innocence, as it will help inform how to best maintain an effective whitelist of notes. We are also coordinating with the privacy pools authors and contributors on enabling recursive proof of innocence.