Russian-American ballerina Ksenia Karelina has pleaded guilty to treason charges after she was arrested for donating money to a charity supporting Ukraine.

Russian prosecutors are seeking a 15-year sentence after the security services accused Ms Karelina of collecting money that was used to purchase tactical supplies for the Ukrainian army.

She was detained by authorities in Yekaterinburg, about 1,600km (1,000 miles) east of Moscow after a family visit in February.

The sentence comes one week after Russia and the West carried out the largest prisoner exchange since the Cold War, where 24 people jailed in seven different countries were exchanged.

Ms Karelina’s lawyer said the prosecutors’ request for a 15-year sentence in a penal colony was too severe as the defendant had cooperated with the investigation.

Mikhail Mushailov also said it was “impossible” for Ms Karelina to have been included in the recent prisoner exchange, because an exchange can only happen once the court verdict comes into force.

    • poVoq@slrpnk.netM
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      4 months ago

      You seem to have a fundamental misunderstanding how Taler works. Yes KYC exists for it, but the exchange can only know that you exchanged money for Taler token, not what you spend them on. And on a cross-border payment like this the government doesn’t have “full banking authority” either.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        4 months ago

        https://taler.net/files/taler-book.pdf

        2.2.1 Exchange Compromise modes

        If the exchange is inside of Russia, which for a Russian user with a Russian bank account, seems likely, these compromise methods can be used by the central authority to deanonymize wallets created from the Russian Exchange.

        The Taler defense against this is the Auditor system, but when the compromise is being done by the central authority its moot.

        Not even to mention the 2.2.3 Perfect Crime Scenario revocation method.

        The most likely scenario is people are going to mint coins EXACLTY when they want to spend them, so just looking at the exchange timing and the spend timing is enough to reveal most users… to the central authority.

        Taler is designed from the ground up to crack down on illegal business activities, which is fine until the central authority deciding the illegal business activity is something we disagree with (like funding human rights related relief in a war zone)

        I do agree that Taler is better for privacy then credit cards, but it wouldn’t help our ballerina, if your spending can put you in jail or get you killed, Taler is not appropriate for the threat model

        • poVoq@slrpnk.netM
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          4 months ago

          Ok, can you please quote the exact part in those two sections that would allow to deanonymize the payer of a specific transaction?

          I read both sections you mentioned, and 2.2.1 only seems to have one rare case where the merchant is a fake honeypot and the exchange is totally compromised, which clearly wouldn’t be the case in our scenario, where the merchant is in another country and the attacker doesn’t know either the merchant nor the customer in advance. And 2.2.3 talks about a hypothetical modification of GNU Taler, which would be incompatible with the version the merchant in another country is using (and anyways tries to deanonymize the merchant and not the customer), and again afaik wouldn’t work retroactively Edit: would need to be done while transaction is in process, and aims to catch a merchant that forced someone to pay anonymously in a ransom case or so (meaning the payer is already known or at least suspected). And this would also be massively disruptive to all other customers of the same exchange.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            4 months ago

            Compromise of the Master Key If the master key was compromised, an attacker could de-anonymize customers by announcing different sets of denomination keys to each of them. If the exchange was audited, this would be detected quickly, as these denominations will not be signed by auditors.

            • poVoq@slrpnk.netM
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              edit-2
              4 months ago

              This is not possible retroactively, and any exchange doing that would be quickly detected and not accepted by the merchant which is not under control of the government because they are based in another country. Edit: Basically for this to work, the exchange, the auditor and the merchant would need to be under full control of the hostile government and the system actively compromised before the transaction takes place.

              • jet@hackertalks.com
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                1
                ·
                4 months ago

                We disagree on the primitives of the architecture clearly. To my (self stylized) reasonable opinion the primitives are such that I cannot recommend Taler to anyone where their spending puts their Life or Liberty at risk, such as the good Ballerina in this sad story.

                • poVoq@slrpnk.netM
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  2
                  ·
                  4 months ago

                  I would be happy if you could point me to a way the good Ballerina could have been caught if they had used Taler for the payment, but that seems highly unlikely because GNU Taler privacy is designed around such an exact case, and if you were right the entire system would be fundamentally broken from ground up.

                  • jet@hackertalks.com
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    arrow-down
                    1
                    ·
                    4 months ago

                    it is my assessment that it is fundamentally broken from the ground up in protecting people from central authorities, yes.