Re: [Taler] Synchronization and backup

[Raphael Arias]

I cannot stress enough how strongly I agree with Florian, here.

If Taler wants to have any chance in succeeding, it cannot be made
cumbersome to use. If it has worse UX than the de-facto standard in this
area, PayPal, people will not switch. Privacy is really important but it
isn't to most users.

People will expect some sort of sync to work, because people will expect
to be able to use Taler on multiple devices at the same time. Yes,
finding a good technical solution to this may not be easy. But if it
can't be done, then people will rather use something else.

What I disagree with is that device loss / change is infrequent. I know
plenty of people who change devices all the time. All the more
motivation to have working backup and sync functionality.

As for a practical contribution to the discussion (I am sorry if this
has been said elsewhere in the thread, I kind of lost track):

I have made the observation that some non-"power users" were able to
install and use Signal Desktop. Would the key exchange via QR code as
Signal does it not be a workable solution?

R

On 16.02.2018 04:15, Florian Dold wrote:
> This does not cover the case where I (or rather normal users that want
> to use Taler) have my laptop, my desktop machine, my phone, maybe a
> tablet, and I do not want to have different wallets on them, they should
> be kept in sync as fast as possible.
> 
> I'm all for adding things to give users better anonymity, but at the
> core we must design it to be usable.
> 
> - Florian
> 
> On 02/16/2018 04:09 AM, Jeff Burdges wrote:
>> On Fri, 2018-02-16 at 01:49 +0100, Christian Grothoff wrote:
>>> Any other opinions? Other options I'm missing?
>>
>> We could assume that wallet loss is rare, record withdrawals for the
>> reserve in the reserve itself, and provide a rewithdraw function that
>> users trigger manually with scary warnings.  We cannot spend any
>> rewithdrawn coins of course, but we can slowly over time attempt to
>> refresh them, and be smart about ordering, etc.  It's helpful if we make
>> the linking protocol safe too, but even if we do we should still warn
>> users about possible loss of funds to discourage using this.
>>
>> We must move key material between wallets in advance of course, or maybe
>> give users a printed key to enter on failure.  I think wallets should
>> actually operate off distinct reserves though because it lessens the
>> information revealed, saves users from telling their wallet how much to
>> withdraw, and does not increase the information to move.
>>
>> Jeff
>>
>

signature.asc
Description: OpenPGP digital signature