[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Synchronization and backup

From: Florian Dold
Subject: Re: [Taler] Synchronization and backup
Date: Fri, 16 Feb 2018 04:58:04 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

On 02/16/2018 04:42 AM, Jeff Burdges wrote:
> On Fri, 2018-02-16 at 03:56 +0100, Florian Dold wrote:
>> While of course more anonymity for the user is always desirable, 
> Anonymity loss will hamper our being included in Tor browser, which
> limits our availability early on and customer loyalty.  

Then the backup/sync functionality must be limited in the Tor browser by
default.  Just because we want be included in Tor does not mean we
should give up on designing a good backup/sync system for other users.

>> nothing is gained if it the system is not usable enough in the first
>> place. 
> There is no way for wallets to know their own balance if they share
> active coins, so syncing wallets necessarily harms usability.  Anonymity
> costs would prove catastrophic too.

This is only true if no sync happens before a spend.

Are you saying we should not include a multi-device synchronization
functionality at all?

I think we would waste opportunities by only designing a user-unfriendly
backup scheme for power users over Tor and completely giving up on the
sync system for normal users.

Instead we should
1. make the user friendly system as good as possible, taking all
opportunities to make it more anonymous without impacting usability, and
2. make the more "paranoid", power-user functionality available, and
probably make it the default for the Tor browser

> Also, any networked backup system we design requires moving initial key
> material, so only power users benefit anyways.  We should operate as
> well as possible when user backups kick in of course, ala Apple's Time
> Machine.  We can trivially detect restored wallets though with my
> suggestion to only back up withdrawals to the reserve.

A passphrase is not a concept that limits usage to power users.  If our
backup/sync system is limited to power users, it's not a good one.

- Florian

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]