- From: Jeffrey Burdges <jeffrey.burdges@inria.fr>
- Date: Tue, 17 Nov 2015 13:57:11 +0100
- To: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
- Message-ID: <1447765031.16914.246.camel@inria.fr>
Hello, I'm sending a message to introduce myself, as I've only just recently joined the payment's groups. About myself : I'm working for GNU Taler at INRIA in Rennes, France. Taler is a transaction system based on blind signing that provides anonymity for buyers, but supports taxation by not providing sellers with any anonymity. It supports giving change and refunds anonymously too. You'll find more information available at : http://taler.net http://grothoff.org/christian/taler-draft.pdf https://taler.net/developers http://api.taler.net/ We're involved with the group to help ensure that Taler is as compatible as possible with the emerging payment standard. We're interested in helping to review the broader standard for privacy concerns too of course. As a starter, there are two specific concerns I'm happy to discuss : First, there are several young payment methods, including Taler, that do not require any identity information from users when making purchases. These payment methods usually exhibit the physical wallet -like security property that users' risks are limited by virtue of the fact that they carry only a limited amount in their wallet at any given time. Frequently, these scheme also exhibit the wallet-like properties that merchants and/or payment system providers incur little or no risks at all. We hope that such "true wallet" systems are treated as first class citizens along with the legacy payment schemes that require user identification for payment and thus incur higher risks. Second, we've built a browser plugin that handles interactions with Taler mints and merchants. At present, we're notifying the DOM of purchase confirmation pages, as this greatly improves the user experience. We consider this problematic however because it potentially leaks 1 bit of information to the merchant, namely the fact that our plugin is installed. That's okay if only one payment plugin does this, but it rapidly becomes a privacy threat if many commonly used options do so. Ideally, we'd prefer a mechanism through which all payment plugins could modify the DOM so that they appeared integrated with the payment page, while ensuring that javascript on the page could not communicate the available payment options back to the merchant. Thank you and I look forward to working with you, Jeff p.s. We'll have the whole team at 32c3 in Hamburg and I'll be at RWC at Stanford if anyone wants to meet in person.
Received on Tuesday, 17 November 2015 14:14:14 UTC