[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] Privacy concerns
|
From: |
Michael Kohn |
|
Subject: |
[Taler] Privacy concerns |
|
Date: |
Sun, 05 May 2024 19:50:44 +0000 |
Dear colleagues,
the Taler project emphasizes "Privacy".
However, it appears to me that a system like Taler is exactly the opposite.
Currently and for the forseeable future, Banks and payment providers routinely
block users that connect through Tor, a VPN or any other anonymizing network
provider.
In the EU it is not possible to obtain an anonymous personal Internet access,
either wired or cellular.
Also, it is - for example - not possible anymore to register even an
anonymous E-Mail address from any popular E-Mail provider by using an
anonymization service or public internet access.
It is not hard to see that access to banks and payment providers is at least as
tightly regulated as access to a free E-Mail account.
Banks and payment providers usually store IP addresses that are related to
monetary transactions.
Governments have easy means, often completely invisible to a citizen and even
the network provider, to relate an IP address to a specific person / network
provider customer and vice versa.
Thus, while Taler acknowledges that the so-called "merchant" (I do not like
this word because it is wrong the way Taler uses it: if one person gives money
to another, the receiver does not neccessarily have to be a "merchant"; it is
simply not anyone's business why money is transferred between two citizens and
it can be transferred for many reason besides merchandise) is not anonymous,
the "customer" for all practical purposes will also not be anonymous at all.
For a government, it is quite easy to correlate Person A withdrawing 934,29
Euros from Bank A on May 5th, 22:18 by using Taler, and Person B receiving
934,29 Euros on his Account on Bank B on May 5th, 22:19 by using Taler.
Arguing that Taler allows for "anonymous" "customers" is, in the best case,
extremely naive and narrows the definition of anonymity down on some crypto
specifics of Taler while ignoring the whole bunch of easy identification
possibilities of a customer by analyzing bank transfers and/or network accesses.
Governments do have that kind of access to bank and network provider databases
since decades.
I'd be happy if there's some hidden gem in the technical details of Taler that
I have missed and Taler is indeed truly anonymous for a customer in a REAL
WORLD scenario.
What is the threat model of Taler's security and how does it protect the
"customer" (spender) against being identified by a real-world Government, i.e.
one that has full acccess to all banking and network provider databases?
Best, Michael
- [Taler] Privacy concerns,
Michael Kohn <=