taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Taler] sync vs privacy


From: Jeff Burdges
Subject: [Taler] sync vs privacy
Date: Fri, 23 Feb 2018 09:35:21 +0100

We have not discussed privacy in the massive synchronization thread, so
I'll start a separate thread for that discussion.  

We have two serious synchronization proposals that differ firstly in how
we present the balance to the user :

 - balance sync - All coins are spendable by all linked wallets but the
balance displayed by each wallet is the sum of the balance held by all
linked wallets.  

 - backup and payment sync - All wallets learn about all coins in linked
wallets but only display the balance they themselves can spend with
relative confidence that no double spending occurs.

In balance sync, we can explore mitigation schemes in which we have coin
ownership under the hood, we prioritize which coins we take from other
wallets, and we automatically redistribute coins among wallets.  We
cannot however ask users to hold a minimum balance as a mitigation
scheme because real world users do not necessarily manage even the
minimum balance of their bank accounts, and certainly spend all the
money in their physical wallets.

In backup and payment sync, we could still permit spending other wallets
coins albeit with a security warning that this violates the privacy and
security properties of Taler.  I think mitigation schemes for balance
sync apply to this override feature in that automated transfers can
become recommended transfers and we can prioritize which coins we take
from other wallets.


I've argued in the previous thread that synchronization failures should
be common, even effecting most users who enable synchronization.

Also, we should avoid leaking anything to the backup server, like
purchase timing, because doing so reduces the anonymity set for all
users, but this makes sync failure even more common.

At a formal level, there are *no* mitigation schemes that enables
balance sync while preserving our anonymity arguments, simply because
(a) users commonly spend all their money and (b) sync failures are
common place. 

At an informal level, all double spends link an unpredictable number of
transactions, but frequently more than two.  We might expect different
devices pay with different privacy properties, like say a home computer
automatically paying monthly bills with real names attached, and both
merchants and the exchange see the double spent coins, so all double
spends tend towards complete deanonymization as adoption expands. 

At this point, I'm dubious we could argue that Taler with active balance
sync provides appreciably more privacy than even say bitcoin with free
popular automatic coin mixing.* 


We cannot expect users to know if they need privacy or not, so we should
not claim privacy if we encourage using footguns.  Anonymity sets would
reduced for all users too of course. 

We're still creating a footgun with the balance override in backup and
payment sync of course, but I'm optimistic the wallet berating users for
individual bad spends helps.  At least the wallet overtly discourages
the bad behavior, while with balance sync the wallet's official position
is "you can have privacy or this convenience".  

tl;dr  We might need to build privacy footguns, but do we encourage or
discourage their use? 


As an aside, RMS might like distinct wallets helping people keep their
finances siloed, while permitting occasional violations.

Jeff

* Actually mixing is astronomically expensive in bitcoin, so this cannot
exist.  And coin mixing was never popular even before bitcoin become
extremely expensive.  I'm avoiding ZCash here because they face similar
sync problems.


Attachment: signature.asc
Description: This is a digitally signed message part


reply via email to

[Prev in Thread] Current Thread [Next in Thread]