422
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 08 Aug 2024
422 points (99.3% liked)
Europe
1502 readers
545 users here now
News and information from Europe 🇪🇺
(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)
Rules (2024-08-30)
- This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
- No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
- Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
- No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
- Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
- If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
- Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
- Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
- No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
(This list may get expanded when necessary.)
We will use some leeway to decide whether to remove a comment.
If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.
If you want to protest a removal or ban, feel free to write privately to the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.
founded 4 months ago
MODERATORS
https://taler.net/files/taler-book.pdf
2.2.1 Exchange Compromise modes
If the exchange is inside of Russia, which for a Russian user with a Russian bank account, seems likely, these compromise methods can be used by the central authority to deanonymize wallets created from the Russian Exchange.
The Taler defense against this is the Auditor system, but when the compromise is being done by the central authority its moot.
Not even to mention the 2.2.3 Perfect Crime Scenario revocation method.
The most likely scenario is people are going to mint coins EXACLTY when they want to spend them, so just looking at the exchange timing and the spend timing is enough to reveal most users... to the central authority.
Taler is designed from the ground up to crack down on illegal business activities, which is fine until the central authority deciding the illegal business activity is something we disagree with (like funding human rights related relief in a war zone)
I do agree that Taler is better for privacy then credit cards, but it wouldn't help our ballerina, if your spending can put you in jail or get you killed, Taler is not appropriate for the threat model
Ok, can you please quote the exact part in those two sections that would allow to deanonymize the payer of a specific transaction?
I read both sections you mentioned, and 2.2.1 only seems to have one rare case where the merchant is a fake honeypot and the exchange is totally compromised, which clearly wouldn't be the case in our scenario, where the merchant is in another country and the attacker doesn't know either the merchant nor the customer in advance. And 2.2.3 talks about a hypothetical modification of GNU Taler, ~~which would be incompatible with the version the merchant in another country is using~~ (and anyways tries to deanonymize the merchant and not the customer), ~~and again afaik wouldn't work retroactively~~ Edit: would need to be done while transaction is in process, and aims to catch a merchant that forced someone to pay anonymously in a ransom case or so (meaning the payer is already known or at least suspected). And this would also be massively disruptive to all other customers of the same exchange.
This is not possible retroactively, and any exchange doing that would be quickly detected and not accepted by the merchant which is not under control of the government because they are based in another country. Edit: Basically for this to work, the exchange, the auditor and the merchant would need to be under full control of the hostile government and the system actively compromised before the transaction takes place.
We disagree on the primitives of the architecture clearly. To my (self stylized) reasonable opinion the primitives are such that I cannot recommend Taler to anyone where their spending puts their Life or Liberty at risk, such as the good Ballerina in this sad story.
I would be happy if you could point me to a way the good Ballerina could have been caught if they had used Taler for the payment, but that seems highly unlikely because GNU Taler privacy is designed around such an exact case, and if you were right the entire system would be fundamentally broken from ground up.
it is my assessment that it is fundamentally broken from the ground up in protecting people from central authorities, yes.
I'm giving the reason behind my opinion that started this discussion. Your welcome to disagree.
Asking me not to have an opinion is a bit much.
All the reasons in the thread above
I listed all the reasons that went into my assessment in the above 17 message thread