1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
{% extends "common/base.j2" %}
{% block body_content %}
<script>
function expand(n) {
var x = document.getElementById(n);
console.log(x);
x.setAttribute("style", "");
}
</script>
<style>
h2 {
margin-top: 1em;
}
</style>
<div class="container">
<div class="row">
<div class="col">
<h1>GNU Taler: Design Principles</h1>
</div>
</div>
<p>When designing GNU Taler, we had the following design principles in mind:</p>
<div class="row">
<div class="col-lg-6">
<h2>1. Free Software implementation</h2>
<p>
Free refers to “free as in free speech”, as opposed to “free as in free beer”.
More specifically, the four essential freedoms of free software must
be respected, namely users must have the freedom to (1) run the software,
(2) study and modify it, (3) redistribute copies, and (4) distribute copies of
the modified version.
</p>
<p>
For merchants this prevents vendor lock-in, as another payment provider can
take over, should the current one provide inadequate quality of service. As
the software of the payment provider itself is free, smaller or disadvantaged
countries or organizations can run the payment system without being
controlled by a foreign company. Customers benefit from this freedom,
as the wallet software can be made to run on a variety of platforms, and
user-hostile features such as tracking or telemetry could easily be removed
from wallet software.
</p>
<p>
This rules out the mandatory usage of specialized hardware such as smart
cards or other hardware security modules, as the software they run cannot
be modified by the user. These components can, however, be voluntarily
used by merchants, customers or payment processors to increase their
operational security.
</p>
</div>
<div class="col-lg-6">
<p>IMAGE.</p>
</div>
</div>
<div class="row">
<div class="col-lg-6">
IMAGE.
</div>
<div class="col-lg-6">
<h2>2. Protect the privacy of buyers</h2>
<p>
Privacy should be guaranteed via technical measures, as opposed to mere
policies. Especially with micropayments for online content, a disproportion-
ate amount of rather private data about buyers would be revealed, if the
payment system does not have privacy protections.
</p>
<p>
In legislations with data protection regulations (such as the recently introduced GDPR in Europe),
merchants benefit from this as well, as
no data breach of customers can happen if this information is, by design,
not collected in the first place. Obviously some private data, such as the
shipping address for a physical delivery, must still be collected according to
business needs.
</p>
</div>
</div>
<div class="row">
<div class="col-lg-6">
<h2>3. Enable the state to tax income and crack down on illegal business activities</h2>
<p>
As a payment system must still be legal to operate and use, it must comply
with these requirements. Furthermore, we consider levying of taxes as
beneficial to society.
</p>
</div>
<div class="col-lg-6">
IMAGE.
</div>
</div>
<div class="row">
<div class="col-lg-6">
IMAGE.
</div>
<div class="col-lg-6">
<h2>4. Prevent payment fraud</h2>
<p>
This imposes requirements on the security of the system, as well as on the
general design, as payment fraud can also happen through misleading user
interface design or the lack of cryptographic evidence for certain processes.
</p>
</div>
</div>
<div class="row">
<div class="col-lg-6">
<h2>5. Only disclose the minimal amount of information necessary</h2>
<p>
The reason behind this goal is similar to (2). The privacy of buyers is given
priority, but other parties such as merchants still benefit from it, for example,
by keeping details about the merchant’s financials hidden from competitors.
</p>
</div>
<div class="col-lg-6">
IMAGE.
</div>
</div>
<div class="row">
<div class="col-lg-6">
IMAGE.
</div>
<div class="col-lg-6">
<h2>6. Be usable</h2>
<p>
Specifically it must be usable for non-expert customers. Usability also
applies to the integration with merchants, and informs choices about the
architecture, such as encapsulating procedures that require cryptographic
operations into an isolated component with a simple API.
</p>
</div>
</div>
<div class="row">
<div class="col-lg-6">
<h2>7. Be efficient</h2>
<p>
Approaches such as proof-of-work are ruled out by this requirement. Effi-
ciency is necessary for GNU Taler to be used for micropayments.
</p>
</div>
<div class="col-lg-6">
IMAGE.
</div>
</div>
<div class="row">
<div class="col-lg-6">
IMAGE.
</div>
<div class="col-lg-6">
<h2>8. Avoid single points of failure</a></h2>
<p>
While the design we present later is rather centralized, avoiding single
points of failure is still a goal. This manifests in architectural choices such
as the isolation of certain components, and auditing procedures.
</p>
</div>
</div>
<div class="row">
<div class="col-lg-6">
<h2>9. Foster competition</h2>
<p>
It must be relatively easy for competitors to join the systems. While the
barriers for this in traditional financial systems are rather high, the technical
burden for new competitors to join must be minimized. Another design
choice that supports this is to split the whole system into smaller compo-
nents that can be operated, developed and improved upon independently,
instead of having one completely monolithic system.
</p>
</div>
<div class="col-lg-6">
IMAGE.
</div>
</div>
</div>
{% endblock body_content %}
|
