taler
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Privacy concerns

From: Fabian Kirsch
Subject: Re: [Taler] Privacy concerns
Date: Mon, 6 May 2024 05:41:58 +0000 
Hi Michael,

thanks a lot for going in the related aspects of privacy.

There are two examples you provided:
1.) time correlation. Yes, it would make sense to more prominently warn about the consequences if you don't hold reasonable amounts in your wallet and therefore need adhoc withdrawels for individual transactions.
2.) value correlations. Similar here, the withdrawels should be managed by the privacy-seeking individual in a manner that does not give away (too much of) the spending patterns. One possibility would be to make withdrawels on regular weekly basis and introduce some random elements in the withdrawel amount. But there has to be some at least weak feedback of the spending on the withdrawel as that is the primary function of money in society. Amount of funds to be hold in TALER can then be balanced against gained degree of privacy in a different way by every individual. 

Together with your points on network privacy:
Taler is meant to be a reliable building block of a society that *wants* to implement privacy preserving means of pay. It is not meant as a grass roots tool to enforce privacy in the face of an oppressive environment. The "T" already acknowledges that the existence of nations is not necessarily inherently bad.
Taler was born when public opinion only knew the extremes of total transparency (towards some institutions and all crackers owning their machines) and total separation from the institutions that society has build over time (nations, banks, courts, ..)
Taler will hopefully demonstrate the feasibility of a middle ground, which will be adopted by the "good nations". 

So far my cents, i am not an official spokesperson of taler.

Fabian


On 05.05.24 21:50, Michael Kohn via Taler wrote:

Dear colleagues,

the Taler project emphasizes "Privacy".

However, it appears to me that a system like Taler is exactly the opposite.

Currently and for the forseeable future, Banks and payment providers routinely 
block users that connect through Tor, a VPN or any other anonymizing network 
provider.
In the EU it is not possible to obtain an anonymous personal Internet access, 
either wired or cellular.
Also, it is - for example - not possible anymore to register even an
anonymous E-Mail address from any popular E-Mail provider by using an 
anonymization service or public internet access.
It is not hard to see that access to banks and payment providers is at least as 
tightly regulated as access to a free E-Mail account.

Banks and payment providers usually store IP addresses that are related to 
monetary transactions.
Governments have easy means, often completely invisible to a citizen and even 
the network provider, to relate an IP address to a specific person / network 
provider customer and vice versa.

Thus, while Taler acknowledges that the so-called "merchant" (I do not like this word because it is 
wrong the way Taler uses it: if one person gives money to another, the receiver does not neccessarily have to 
be a "merchant"; it is simply not anyone's business why money is transferred between two citizens 
and it can be transferred for many reason besides merchandise) is not anonymous, the "customer" for 
all practical purposes will also not be anonymous at all.

For a government, it is quite easy to correlate Person A withdrawing 934,29 
Euros from Bank A on May 5th, 22:18 by using Taler, and Person B receiving 
934,29 Euros on his Account on Bank B on May 5th, 22:19 by using Taler.

Arguing that Taler allows for "anonymous" "customers" is, in the best case, 
extremely naive and narrows the definition of anonymity down on some crypto specifics of Taler 
while ignoring the whole bunch of easy identification possibilities of a customer by analyzing bank 
transfers and/or network accesses.

Governments do have that kind of access to bank and network provider databases 
since decades.

I'd be happy if there's some hidden gem in the technical details of Taler that 
I have missed and Taler is indeed truly anonymous for a customer in a REAL 
WORLD scenario.

What is the threat model of Taler's security and how does it protect  the 
"customer" (spender) against being identified by a real-world Government, i.e. 
one that has full acccess to all banking and network provider databases?

Best, Michael
reply via email to
[Prev in Thread] Current Thread [Next in Thread]