Re: Privacy in Web Payments [Was: Re: Nigeria launches national electronic ID cards]

On 09/10/2014 01:57 PM, Timothy Holborn wrote:
> +1
> 
> Yet, I'm not sure how payments could work, without identity which is 
> part of credentials isn't it?

You could always scrap the credential and have the payment processor not
include any "identity" information in a particular digital receipt. It's
a proof of purchase, and that's it. The receipt just states that a
product was purchased and the merchant was paid.

The danger with these types of receipts is that since they're digital,
they could be easily duplicated and used to scam the merchant.

> So, from what I gathered, the issues then relates to receipts?
> 
> What else?

At the moment, the issue relates to receipts, and it may also relate to
credentials that include some sort of personal information that could be
re-transmitted to another party.

For example, a loyalty card that includes your personal mobile phone
number in it for some reason.

There are also issues related to the use of ad networks to track who you
are. For example, you could do a completely anonymous purchase, the
digital receipt might not include any identity information in it, but
Google and Facebook still know what you bought and when you bought it
because their code lives in the page as tracking cookies. Those are the
sorts of things that can be used to break your anonymity and which is
why the best we can offer is pseudo-anonymity. If the NSA wants to know
what your spending limits are, they just need to send a FISA request to
Google/Facebook and they'll be able to easily figure out what you're
spending and where. They don't need to go to your financial provider for
this information.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Friday, 19 September 2014 01:18:11 UTC