Introduction / Taler

Hello,

I'm sending a message to introduce myself, as I've only just recently
joined the payment's groups.  About myself : 

I'm working for GNU Taler at INRIA in Rennes, France.  

Taler is a transaction system based on blind signing that provides
anonymity for buyers, but supports taxation by not providing sellers
with any anonymity.  It supports giving change and refunds anonymously
too.  You'll find more information available at : 
http://taler.net
http://grothoff.org/christian/taler-draft.pdf
https://taler.net/developers
http://api.taler.net/

We're involved with the group to help ensure that Taler is as
compatible as possible with the emerging payment standard.  We're
interested in helping to review the broader standard for privacy
concerns too of course.

As a starter, there are two specific concerns I'm happy to discuss :

First, there are several young payment methods, including Taler, that
do not require any identity information from users when making
purchases.  These payment methods usually exhibit the physical wallet
-like security property that users' risks are limited by virtue of the
fact that they carry only a limited amount in their wallet at any given
time.  Frequently, these scheme also exhibit the wallet-like properties
that merchants and/or payment system providers incur little or no risks
at all.  We hope that such "true wallet" systems are treated as first
class citizens along with the legacy payment schemes that require user
identification for payment and thus incur higher risks.

Second, we've built a browser plugin that handles interactions with
Taler mints and merchants.  At present, we're notifying the DOM of
purchase confirmation pages, as this greatly improves the user
experience.  We consider this problematic however because it
potentially leaks 1 bit of information to the merchant, namely the fact
that our plugin is installed.  That's okay if only one payment plugin
does this, but it rapidly becomes a privacy threat if many commonly
used options do so.  Ideally, we'd prefer a mechanism through which all
payment plugins could modify the DOM so that they appeared integrated
with the payment page, while ensuring that javascript on the page could
not communicate the available payment options back to the merchant. 

Thank you and I look forward to working with you,
Jeff

p.s.  We'll have the whole team at 32c3 in Hamburg and I'll be at RWC
at Stanford if anyone wants to meet in person. 

Received on Tuesday, 17 November 2015 14:14:14 UTC