taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Taler] UI considerations for backup & sync


From: Torsten Grote
Subject: [Taler] UI considerations for backup & sync
Date: Tue, 21 Apr 2020 15:00:24 -0300

Hi all,

Taler wallets should support Backup and Synchronization of their money
and data. I am outlining a UI narrative below and would appreciate
feedback. Disclaimer: I wasn't involved in the development of these
services and only know what is written in the docs:

    https://docs.taler.net/core/api-sync.html

The idea of backup is that you don't lose the money (and payment data)
saved in your wallet when you lose the wallet.
The idea of synchronization is that you can use multiple wallets (e.g.
mobile phone and desktop computer) with each wallet sharing the same
money and transaction data.

The documentation sometimes talks about backup and sometimes about sync,
but only has technical specs for backup, so I am not sure how both
relate to each other (normally they are not the same thing), but it
seems that one service provides both features at the same time.

These sync and backup providers are somewhat trustless and can
optionally charge for their service in one (or more?) currency. Ideally,
a wallet already comes with a list of these providers.

When a wallet is opened for the first time, the user should be asked if
they already have another wallet they want to sync with. If yes, they
are shown the "sync with another device" screen. If not, the wallet just
starts.

When making their first withdrawal, the user should be poked to set up a
sync/backup service. If the user agrees, they are brought to the "choose
provider" screen. The same screen is available in the sync+backup
management section even before the first withdrawal.

When a provider is selected, the user is asked to read and accept their
ToS. Then if needed, the user needs to pay for the service. Once
everything is set up, the user is shown a private key in QR code or text
format (maybe consider easier methods such as BIP39?) they need to store
safely to be able to restore from backup or add another device.

After the user has confirmed that the secret is safely recorded, backups
will be made automatically in the background to the selected provider.
There is a backup/sync now button though (not sure if these are two
different buttons, e.g. when no second device is set up).

To sync their wallet with another device, the user is shown a secret (we
should probably *not* expose the private key here) and a Url in QR code
and text format (for devices having no camera). This information needs
to be entered in the other device (where?). It might make sense to ask
the user to give a name to each device, so they later remember which
device is which. Also, a screen to show connected devices and their sync
status might be useful.

Further feature that were desired in the documentation is a way to
export the backup config (key + url) and to disable sync and backup
entirely. I am not sure it is a good idea to expose the key material in
a second time as it becomes available to physical attackers this way and
can't be stored in a secure element (available on most modern mobile
devices).

To summarize what I read out of the docs:

Screens:
  * onboarding first start: sync another device
  * onboarding first withdrawal: set up sync/backup
  * list of services per accepted currency (or free)
  * ToS of provider
  * Show Sync/Backup Secret (key+url)
  * Show Sync/Backup Secret to add another sync device
  * Status page (last backup, last sync with which connected devices)

Actions:
  * chose provider
  * accept ToS
  * pay for provider
  * add (and remove?) sync device
  * add/remove providers
  * disable sync and backup
  * export backup config (key + url)

Christian and Florian, please let me know if I misunderstood or missed
something that should be added to those considerations.

Kind Regards,
Torsten



reply via email to

[Prev in Thread] Current Thread [Next in Thread]