summaryrefslogtreecommitdiff
path: root/template
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-06-01 17:15:18 +0200
committerChristian Grothoff <christian@grothoff.org>2020-06-01 17:15:18 +0200
commit6fd5c929848e59a669b3a30eac8c09a18f5b4e8a (patch)
tree35a0c787ebee0b3aba9d8f12317ea58545350e8e /template
parent63ac9a953c6986cba5726565dea11a621b90deea (diff)
downloadwww-6fd5c929848e59a669b3a30eac8c09a18f5b4e8a.tar.gz
www-6fd5c929848e59a669b3a30eac8c09a18f5b4e8a.tar.bz2
www-6fd5c929848e59a669b3a30eac8c09a18f5b4e8a.zip
principles edits based on collected feedback
Diffstat (limited to 'template')
-rw-r--r--template/principles.html.j2134
1 files changed, 84 insertions, 50 deletions
diff --git a/template/principles.html.j2 b/template/principles.html.j2
index 02dea04..1a741f4 100644
--- a/template/principles.html.j2
+++ b/template/principles.html.j2
@@ -28,25 +28,29 @@
</p>
<div class="row">
<div class="col-lg-12">
- <h2>{{ _("1. Free Software implementation") }}</h2>
+ <h2>{{ _("1. Free/Libre Software") }}</h2>
<a href="https://www.gnu.org/graphics/freedom.html">
<img style="width:20vw;float:right" src="{{ url_static('images/stallman.medium.png') }}" alt="{{ _("... in the area of computing, freedom means not using proprietary software") }}">
</a>
<p>
{% trans %}
- GNU Taler must be <a href="https://www.gnu.org/philosophy/free-sw.html">Free Software</a>.
- For merchants, our Free Software
- reference implementation prevents vendor lock-in. As
- the software of the payment provider itself is free, countries can
- deploy the payment system without compromising sovereignty.
+ GNU Taler must be <a href="https://www.gnu.org/philosophy/free-sw.html">Free/Libre Software</a>.
+ For merchants, Free/Libre Software prevents vendor lock-in meaning
+ merchants can easily choose another service provider to process
+ their payments.
+ For countries, Free/Libre
+ software means GNU Taler can not compromise sovereignty by imposing
+ restrictions or requirements. And for exchange operators, transparency is crucial to satisfy
+ <a href="https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle">Kerckhoff's principle</a>
+ and to establish public confidence.
{% endtrans %}
</p>
<p>
{% trans %}
- Customers benefit from Free Software
- as the wallet software can be made to run on a variety of platforms, and
- the absence of user-hostile features such as tracking or telemetry can easily be
- assured.
+ Customers benefit from Free/Libre Software
+ because anyone is free to modify the wallet software support additional platforms.
+ The source code must be available and make it easy to verify that
+ user-hostile features such as tracking or telemetry are absent.
{% endtrans %}
</p>
</div>
@@ -58,35 +62,37 @@
<img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/anonymous.jpg') }}" alt="{{_("You deserve some privacy")}}">
<p>
{% trans %}
- Privacy should be guaranteed via technical measures, as opposed to mere
- policies. Especially with micropayments for online publications, a disproportionate
- amount of rather private data about buyers would be revealed, if the
- payment system does not have privacy protections.
+ Privacy is most meaningful when it is guaranteed via technical measures, as opposed to mere
+ policies. Without a technical layer providing privacy-by-default, financial transactions
+ reveal unnecessary levels of personal or private data. This would be especially true
+ when making micropayments for online publications. Thus, GNU Taler must protect
+ the privacy of buyers to avoid facilitating totalitarian control over the population.
{% endtrans %}
- </p>
- <p>
+
{% trans %}
- In legislations with data protection regulations (such as the recently introduced GDPR in Europe),
- merchants benefit from this as well, as
- no data breach of customers can happen if this information is, by design,
- not collected in the first place. Obviously some private data, such as the
- shipping address for a physical delivery, must still be collected according to
- business needs.
+ Limited private data, such as the shipping address for a physical
+ delivery, may need to be collected according to business needs
+ and protected according to local laws. In this case, GNU Taler must enable deletion
+ of such data as soon as it is no longer required.
{% endtrans %}
</p>
</div>
</div>
<div class="row">
<div class="col-lg-12">
- <h2>{{ _("3. Enable the state to tax income and crack down on illegal business activities") }}</h2>
+ <h2>{{ _("3. Auditability - enable the state to tax income and crack down on illegal business activities") }}</h2>
<!-- From https://www.pxhere.com/ -->
<img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/money-laundering.medium.jpg') }}" alt="{{_("Money laundering")}}">
<p>
{% trans %}
- As a payment system must be legal to operate and use, it must comply
- with regulatory requirements such as anti money laundering.
- Furthermore, we consider levying of taxes as
- beneficial to society, and fair taxation requires income transparency.
+ As a payment system must comply with local laws in order to operate
+ legally, GNU Taler must be designed to comply with these
+ requirements. GNU Taler must provide an audit trail for investigators
+ operating under the law.
+
+ Furthermore, we consider levying of taxes as
+ beneficial to society, and fair taxation requires income transparency.
+ Thus, GNU Taler must enable authorities to track income.
{% endtrans %}
</p>
</div>
@@ -98,22 +104,30 @@
<img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/fraud.medium.jpg') }}" alt="{{_("Phishing attack")}}">
<p>
{% trans %}
- This imposes requirements on the security of the system, as well as on the
- general design, as payment fraud can also happen through misleading user
- interface design or the lack of cryptographic evidence for certain processes.
+ GNU Taler must mitigate the most common sources of payment fraud.
+ We must follow best practices in software design, 3rd party
+ design guidelines that prevent confusion and misleading user interfaces,
+ and must have others inspect our publicly available code.
+
+ Furthermore, GNU Taler must provide extensive cryptographic evidence for
+ all key processes to enable all parties to precisely attribute bad behavior.
{% endtrans %}
</p>
</div>
</div>
<div class="row">
<div class="col-lg-12">
- <h2>{{ _("5. Only disclose the minimal amount of information necessary") }}</h2>
+ <h2>{{ _("5. Collect the minimum information necessary") }}</h2>
<img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/gdpr.medium.jpg') }}" alt="{{_("Privacy by design, privacy by default, General Data Protection Regulation (GDPR) compliant")}}">
<p>
{% trans %}
- The reason behind this goal is similar to (2). The privacy of buyers is given
- priority, but other parties such as merchants still benefit from it, for example,
- by keeping details about the merchant’s financials hidden from competitors.
+ The privacy of buyers is given particular priority as part of
+ principle (2). However, other parties - such as merchants - also
+ must have data protection.
+
+ Generally, GNU Taler must collect the minimum information necessary:
+ data that is not collected or is no longer stored can not be
+ compromised.
{% endtrans %}
</p>
</div>
@@ -124,10 +138,16 @@
<img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/buy.medium.jpg') }}" alt="{{_("Buy with one click")}}">
<p>
{% trans %}
- Specifically it must be usable for non-expert customers. Usability also
- applies to the integration with merchants, and informs choices about the
- architecture, such as encapsulating procedures that require cryptographic
- operations into an isolated component with a simple API.
+ GNU Taler must be usable for non-expert customers including
+ end-users of a GNU Taler wallet, merchants who wish to accept payments
+ using GNU Taler, and 3rd party application developers for e-commerce and
+ other platforms.
+
+ GNU Taler must follow best-practices usability guidelines and
+ incorporate feedback from experts and users. Free/Libre software also
+ requires Free/Libre documentation to allow for informed choices.
+ GNU Taler must provide well-documented Advanced Programming Interfaces (APIs)
+ to allow frictionless integrations between GNU Taler and other projects.
{% endtrans %}
</p>
</div>
@@ -138,9 +158,12 @@
<img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/efficient.png') }}" alt="{{_("Energy efficiency")}}">
<p>
{% trans %}
- Approaches such as proof-of-work are ruled out by this
- requirement. Efficiency is necessary for GNU Taler to be used for
- micropayments.
+ GNU Taler must be designed to be efficient.
+ Quite simply, efficiency means fewer things to break, and it means more
+ transactions per second and lowers our environmental impact. Efficiency
+ is also critical for GNU Taler to be used for micropayments.
+ Therefore certain expensive primitives, such as proof-of-work,
+ must not be used by GNU Taler.
{% endtrans %}
</p>
</div>
@@ -151,10 +174,17 @@
<img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/life-safer.medium.jpg') }}" alt="{{_("Life Safers")}}">
<p>
{% trans %}
- Taler should tolerate failure of individual components and systems,
- including malicious operators compromising core secrets.
- This manifests in architectural choices such
- as the isolation of certain components, and auditing procedures.
+ Malicious operators, fat fingers, computer glitches, gremlins. Things
+ go wrong.
+
+ GNU Taler must be designed to tolerate failure of individual components and
+ systems. Where the system can continue running safely, it will continue
+ running safely. Where it must halt an operation, other operations
+ must not be needlessly pulled offline. Where systems fail,
+ they must fail gracefully.
+
+ GNU Taler must have a plan to recover from malicious operators
+ compromising core secrets.
{% endtrans %}
</p>
</div>
@@ -165,11 +195,15 @@
<img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/market.medium.jpg') }}" alt="{{_("A competitive market")}}">
<p>
{% trans %}
- It must be relatively easy for competitors to deploy interoperable alternatives. While the
- barriers for this in traditional financial systems are rather high, the technical
- burden for new competitors to join must be minimized. A design
- choice that supports this is to split the whole system into smaller components
- that can be operated, developed and improved upon independently,
+ It must be relatively easy for competitors to deploy interoperable alternatives. The
+ barriers for this in traditional financial systems are rather high and outside
+ of our control. However, GNU Taler must minimize the technical
+ burden for new competitors to enter the market.
+ {% endtrans %}
+
+ {% trans %}
+ An example for a design choice that supports this is to split the whole system into
+ smaller components that can be operated, developed and improved upon independently,
instead of having one completely monolithic system.
{% endtrans %}
</p>