[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Exchange Terms of Service
From: |
Christian Grothoff |
Subject: |
Re: [Taler] Exchange Terms of Service |
Date: |
Sun, 8 Jan 2023 10:07:42 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 |
On 1/7/23 20:17, Florian Jung via Taler wrote:
Empty wallet size, almost 2mb
Wallet with some coins, 5.5 mb
This is a small wallet without purchases.
On my Android, an almost pristine wallet with no coins but that has seen an
exchange takes 200kb of data, while a wallet that was in use for four days
takes 650kB.
Ok, that seems way more reasonable, of course depending on the 'use'.
Howevery this does not yet account for the 82MB (!!) that the app itself (i.e.
executable+assets) consumes.
Yes, we're in the process of reducing that dramatically.
I really don't think that storing some 100kB of ToS does any bad here.
For how long? For how many exchanges? In which languages? In which file
formats? And ultimately: why? I'm not sure "because I want to study ToS
while offline" is truly a plausible thing. Especially since of course
the wallet can choose to _cache_ this information. But I'd not require
it to _store_ it (in the sense of guaranteed persistence and inclusion
in backups). And similarly, a regulated payment service that just
changes their public ToS and hopes nobody will call them out?
I don't see it.
OTOH, I also could imagine a scenario where the wallet only stores a signed
hash of what ToS have been accepted, and the auditor makes it mandatory to not
depublicize old ToS versions.
After all, we have to trust the exchange/auditor that they don't break contract
regarding our escrowed money, so it seems easy to me that we can trust them to
not delete old ToS (or to be punished for doing so) as long we store a hash.
Actually, the current *protocol* goes a step further: the hash is _not_
considered to matter, only the ETag (see HTTP cache control headers)!
The reason is two-fold: (1) we have different formats of the same ToS
(TXT, HTML, PDF, ...) and it shouldn't matter how the ToS was rendered
as long as the content was the same. So by using the ETag instead of the
hash we can tell that these are the same ToS even if the hash does not
match due to a format change. Furthermore, (2) there could be editorial
changes (like fixing spelling, commas, etc.) that do not warrant
requiring users to explicitly re-accept the ToS.
So by keeping the ETag an exchange is actually _allowed_ to make "minor"
(from a legal perspective) changes to the ToS without having the wallets
ask users to accept the updated ToS. What is considered a "major" change
that requires end-users to re-accept is a legal question, not one we can
technically anbswer. So it requires a manual answer (by the admin
changing the ETag). And yes, you'd expect internal oversight, auditors
and regulators to take a keen interest in such changes.
Now, some of this may not apply 100% for local/regional deployments
without regulatory oversight, but there I'd again expect that the
operators are well-known in the community and that social enforcement at
a local/regional level will equally work.
- [Taler] Exchange Terms of Service, Florian Jung, 2023/01/06
- Re: [Taler] Exchange Terms of Service, Florian Jung, 2023/01/06
- Re: [Taler] Exchange Terms of Service, Sebastian Javier Marchano, 2023/01/06
- Re: [Taler] Exchange Terms of Service, Christian Grothoff, 2023/01/06
- Re: [Taler] Exchange Terms of Service, Sebastian Javier Marchano, 2023/01/07
- Re: [Taler] Exchange Terms of Service, Christian Grothoff, 2023/01/07
- Re: [Taler] Exchange Terms of Service, Florian Jung, 2023/01/07
- Re: [Taler] Exchange Terms of Service,
Christian Grothoff <=
- Re: [Taler] Exchange Terms of Service, marc, 2023/01/08
- Re: [Taler] Exchange Terms of Service, Christian Grothoff, 2023/01/08