Re: [Taler] Exchange Terms of Service

[Christian Grothoff]

On 1/7/23 20:17, Florian Jung via Taler wrote:
> > Empty wallet size, almost 2mb
> > Wallet with some coins, 5.5 mb
> > This is a small wallet without purchases.
>
> On my Android, an almost pristine wallet with no coins but that has seen an 
> exchange takes 200kb of data, while a wallet that was in use for four days 
> takes 650kB.

Ok, that seems way more reasonable, of course depending on the 'use'.

> Howevery this does not yet account for the 82MB (!!) that the app itself (i.e. 
> executable+assets) consumes.

Yes, we're in the process of reducing that dramatically.

> I really don't think that storing some 100kB of ToS does any bad here.

For how long? For how many exchanges? In which languages? In which file 
formats? And ultimately: why? I'm not sure "because I want to study ToS 
while offline" is truly a plausible thing. Especially since of course 
the wallet can choose to _cache_ this information. But I'd not require 
it to _store_ it (in the sense of guaranteed persistence and inclusion 
in backups). And similarly, a regulated payment service that just 
changes their public ToS and hopes nobody will call them out?
I don't see it.

> OTOH, I also could imagine a scenario where the wallet only stores a signed 
> hash of what ToS have been accepted, and the auditor makes it mandatory to not 
> depublicize old ToS versions.
>
> After all, we have to trust the exchange/auditor that they don't break contract 
> regarding our escrowed money, so it seems easy to me that we can trust them to 
> not delete old ToS (or to be punished for doing so) as long we store a hash.

Actually, the current *protocol* goes a step further: the hash is _not_ 
considered to matter, only the ETag (see HTTP cache control headers)!

The reason is two-fold: (1) we have different formats of the same ToS 
(TXT, HTML, PDF, ...) and it shouldn't matter how the ToS was rendered 
as long as the content was the same. So by using the ETag instead of the 
hash we can tell that these are the same ToS even if the hash does not 
match due to a format change. Furthermore, (2) there could be editorial 
changes (like fixing spelling, commas, etc.) that do not warrant 
requiring users to explicitly re-accept the ToS.

So by keeping the ETag an exchange is actually _allowed_ to make "minor" 
(from a legal perspective) changes to the ToS without having the wallets 
ask users to accept the updated ToS. What is considered a "major" change 
that requires end-users to re-accept is a legal question, not one we can 
technically anbswer. So it requires a manual answer (by the admin 
changing the ETag). And yes, you'd expect internal oversight, auditors 
and regulators to take a keen interest in such changes.

Now, some of this may not apply 100% for local/regional deployments 
without regulatory oversight, but there I'd again expect that the 
operators are well-known in the community and that social enforcement at 
a local/regional level will equally work.