summaryrefslogtreecommitdiff
path: root/template/principles.html.j2
blob: 683b7449747b925d2409f07bdc8c4c706bbab492 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
{% extends "common/base.j2" %}
{% block body_content %}

  <script>
    function expand(n) {
    var x = document.getElementById(n);
    console.log(x);
    x.setAttribute("style", "");
    }
  </script>

  <style>
    h2 {
    margin-top: 1em;
    }
  </style>

  <div class="container">
    <div class="row">
      <div class="col">
        <h1>{{ _("GNU Taler: Design Principles") }}</h1>
      </div>
    </div>
    <p>
      {% trans %}
        When designing GNU Taler, we had the following design principles in mind:
      {% endtrans %}
    </p>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("1. Free/Libre Software") }}</h2>
        <a href="https://www.gnu.org/graphics/freedom.html">
          <img style="width:20vw;float:right" src="{{ url_static('images/1-libre.png') }}" alt="{{ _("... in the area of computing, freedom means not using proprietary software") }}">
        </a>
        <p>
          {% trans %}
            GNU Taler must be <a href="https://www.gnu.org/philosophy/free-sw.html">Free/Libre Software</a>.
            For merchants, Free/Libre Software prevents vendor lock-in meaning
            merchants can easily choose another service provider to process
            their payments.
            For countries, Free/Libre
            software means GNU Taler can not compromise sovereignty by imposing
            restrictions or requirements. And for exchange operators, transparency is crucial to satisfy
            <a href="https://en.wikipedia.org/wiki/Kerckhoffs's_principle">Kerckhoff's principle</a>
            and to establish public confidence.
          {% endtrans %}
        </p>
        <p>
          {% trans %}
            Customers benefit from Free/Libre Software
            because anyone is free to modify the wallet software support additional platforms.
            The source code must be available and make it easy to verify that
            user-hostile features such as tracking or telemetry are absent.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("2. Protect the privacy of buyers") }}</h2>
        <!-- From https://www.pixabay.com/ -->
        <img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/2-buyer-privacy.png') }}" alt="{{_("You deserve some privacy")}}">
        <p>
          {% trans %}
            Privacy is most meaningful when it is guaranteed via technical measures, as opposed to mere
            policies. Without a technical layer providing privacy-by-default, financial transactions
            reveal unnecessary levels of personal or private data. This would be especially true
            when making micropayments for online publications. Thus, GNU Taler must protect
            the privacy of buyers to avoid facilitating totalitarian control over the population.
          {% endtrans %}

          {% trans %}
            Limited private data, such as the shipping address for a physical
            delivery, may need to be collected according to business needs
            and protected according to local laws. In this case, GNU Taler must enable deletion
            of such data as soon as it is no longer required.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("3. Auditability - enable the state to tax income and crack down on illegal business activities") }}</h2>
        <!-- From https://www.pxhere.com/ -->
        <img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/3-taxable.png') }}" alt="{{_("Money laundering")}}">
        <p>
          {% trans %}
           As a payment system must comply with local laws in order to operate
           legally, GNU Taler must be designed to comply with these
           requirements. GNU Taler must provide an audit trail for investigators
           operating under the law.

           Furthermore, we consider levying of taxes as
           beneficial to society, and fair taxation requires income transparency.
           Thus, GNU Taler must enable authorities to track income.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("4. Prevent payment fraud") }}</h2>
        <!-- From https://www.maxpixel.net/ -->
        <img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/4-fraud.png') }}" alt="{{_("Phishing attack")}}">
        <p>
          {% trans %}
           GNU Taler must mitigate the most common sources of payment fraud.
           We must follow best practices in software design, 3rd party
           design guidelines that prevent confusion and misleading user interfaces,
           and must have others inspect our publicly available code.

           Furthermore, GNU Taler must provide extensive cryptographic evidence for
           all key processes to enable all parties to precisely attribute bad behavior.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("5. Collect the minimum information necessary") }}</h2>
        <img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/5-data-minimization.png') }}" alt="{{_("Privacy by design, privacy by default, General Data Protection Regulation (GDPR) compliant")}}">
        <p>
          {% trans %}
            The privacy of buyers is given particular priority as part of
            principle (2). However, other parties - such as merchants - also
            must have data protection.

            Generally, GNU Taler must collect the minimum information necessary:
            data that is not collected or is no longer stored can not be
            compromised.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("6. Be usable") }}</h2>
        <img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/6-usable.png') }}" alt="{{_("Buy with one click. Easy for children.")}}">
        <p>
          {% trans %}
           GNU Taler must be usable for non-expert customers including
           end-users of a GNU Taler wallet, merchants who wish to accept payments
           using GNU Taler, and 3rd party application developers for e-commerce and
           other platforms.

           GNU Taler must follow best-practices usability guidelines and
           incorporate feedback from experts and users. Free/Libre software also
           requires Free/Libre documentation to allow for informed choices.
           GNU Taler must provide well-documented Application Programming Interfaces (APIs)
           to allow frictionless integrations between GNU Taler and other projects.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("7. Be efficient")}}</h2>
        <img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/7-efficient.png') }}" alt="{{_("Energy efficiency")}}">
        <p>
          {% trans %}
            GNU Taler must be designed to be efficient.
            Quite simply, efficiency means fewer things to break, and it means more
            transactions per second and lowers our environmental impact. Efficiency
            is also critical for GNU Taler to be used for micropayments.
            Therefore certain expensive primitives, such as proof-of-work,
            must not be used by GNU Taler.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("8. Fault-tolerant design")}}</h2>
        <img style="width:20vw;float:left;padding:15px" src="{{ url_static('images/8-fault-tolerant.png') }}" alt="{{_("Life Safers")}}">
        <p>
          {% trans %}
          Malicious operators, fat fingers, computer glitches, gremlins. Things
          go wrong.

          GNU Taler must be designed to tolerate failure of individual components and
          systems. Where the system can continue running safely, it will continue
          running safely. Where it must halt an operation, other operations
          must not be needlessly pulled offline. Where systems fail,
          they must fail gracefully.

          GNU Taler must have a plan to recover from malicious operators
          compromising core secrets.
          {% endtrans %}
        </p>
      </div>
    </div>
    <div class="row">
      <div class="col-lg-12">
        <h2>{{ _("9. Foster competition")}}</h2>
        <img style="width:20vw;float:right;padding:15px" src="{{ url_static('images/9-competition.png') }}" alt="{{_("A competitive market")}}">
        <p>
          {% trans %}
            It must be relatively easy for competitors to deploy interoperable alternatives. The
            barriers for this in traditional financial systems are rather high and outside
            of our control. However, GNU Taler must minimize the technical
            burden for new competitors to enter the market.
         
            GNU Taler must enable a diverse set of operators, breaking up the current
            system where only a few global companies dominate the market.
        
            An example for a design choice that supports this is to split the whole system into
            smaller components that can be operated, developed and improved upon independently,
            instead of having one completely monolithic system.
          {% endtrans %}
        </p>
      </div>
    </div>
  </div>
</div>

{% endblock body_content %}