[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Synchronization and backup

From: Jeff Burdges
Subject: Re: [Taler] Synchronization and backup
Date: Fri, 23 Feb 2018 08:04:09 +0100

We should refer to this as "balance synchronization" to distinguish it
from synchronization of coin backups and paid contracts, which Christian

In my mind, the first mistake of "balance synchronization" is that the
balance displayed by the wallet includes coins likely to be used by
another wallet.  We should not display an incorrect balance like that. 

On Thu, 2018-02-22 at 11:06 +0100, Florian Dold wrote:
> > In future, we shall add features to give coins to, or take coins from, 
> > other wallets by changing this field, and pushing those changes to a 
> > backup/sync server
> No, this is a usability nightmare.

There are transfer semantics with better or worse usability, but afaik
balance syncing has by far the worst usability properties due to
unpredictable balance fluctuations.  

Also, we cannot avoid some linked wallets list with balance syncing
either because it helps protect against "theft by sync" and provides the
"revoke" buttons.  In this list, we can automate wallet naming similar
to bluetooth, so by device model for phones, tablets, etc. like  does,
or by issuing bank for smartcard, etc.  

> Rather newly withdrawn coins'
> ownership should be distributed according to how we expect them to be
> used, and transferring ownership between devices should be completely
> transparent, automatic and immediate (at least by default).

In principle this sounds helpful but also sounds like a huge design
space.  I'd rather focus on explicit transfers being as user friendly as

We could provide our own notification area on the balance display
screen, which recommends transfers on withdrawal or on low balances in
linked devices.  In this, we can provide default transfer values based
on previous withdrawals, recent wallet balances and spending, or

Now, if the user attempt to make a purchase that exceeds their wallet's
balance, then yes the payment screen could propose they "spend/take"
coins from another wallet, with warnings for both privacy and confusion.

        This purchase exceeds your wallet balance!  
        You have linked wallets with possibly sufficient balance though.
        Would you like to pay using them?  [Yes]  *[No]*
        Warning:  This violates the privacy properties of Taler for both
        this and other transactions, and creates confusion by taking
        money from anyone using the linked wallet!

If the user clicks [Yes] then they have been warned about this specific
transaction, and thus they are likely to remember spending the money.
Also any device(s) fro which money gets taken should display a device

> Your "threat" of another user stealing your coins while you're in the
> check-out line of a store is very simple to avoid:  Disable sync.

I think humans quickly forget our own purchases too.  We cannot ask
users to foresee the confusion caused by balance synchronization
failures, so "disable sync" cannot address balance sync's inherently
poor usability.

In fact, unpredictable balance changes would occasionally impact most
users who put devices in sync because people commonly :
- enter buildings that block GSM signals,
- disable data temporarily to save money or avoid interruptions, and
- go outside coverage areas, onto airplanes, and abroad. 

Among these users, there are going to be plenty who leave the experience
angry with both Taler and the store they believe took their funds.
Among these, there are going to be a handful who walk out of the store
with the product illegally, or even assault the store clerk.  Among
those, there are going to be a couple lawsuits against Taler in places
like the U.S. 

Assaults and lawsuits are pretty much the worst usability possible.

> Is there any concern you have that's *not* solved by just turning off
> sync, Jeff?

There is no way for users to know if they need balance sync turned off,
so turning off balance sync cannot address any concerns.

Worse, there are few use cases for balance sync, but users will imagine
balance sync addresses many problems for which it is unsuitable, like
sharing expenses with family members or even friends.  


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]