Re: [Taler] Synchronization and backup

[Christian Grothoff]

On 02/16/2018 04:58 AM, Florian Dold wrote:
> Then the backup/sync functionality must be limited in the Tor browser by
> default.  Just because we want be included in Tor does not mean we
> should give up on designing a good backup/sync system for other users.

Agreed. Note that I already have a special provision for Tor in the sync
API.  Limiting Tor to Pond-style "full size" syncs to an .onion might be
fine for Tor, but we need something else for everybody else.  And there,
we can totally focus on usability, especially as the anonymity won't be
that great for non-Tor users to begin with.

> Instead we should
> 1. make the user friendly system as good as possible, taking all
> opportunities to make it more anonymous without impacting usability, and
> 2. make the more "paranoid", power-user functionality available, and
> probably make it the default for the Tor browser

Agreed.

>>
>> Also, any networked backup system we design requires moving initial key
>> material, so only power users benefit anyways.  We should operate as
>> well as possible when user backups kick in of course, ala Apple's Time
>> Machine.  We can trivially detect restored wallets though with my
>> suggestion to only back up withdrawals to the reserve.
> 
> A passphrase is not a concept that limits usage to power users.  If our
> backup/sync system is limited to power users, it's not a good one.

I was more thinking trustwords, PEP-style, possibly in combination with
option (n), as if this happens over an NFC channel *initially*, we can
likely afford using less entropy to authenticate the local connection to
sync the backup accounts.

signature.asc
Description: OpenPGP digital signature